From owner-freebsd-ports@freebsd.org Wed Feb 6 18:59:09 2019 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D61114DBEE6 for ; Wed, 6 Feb 2019 18:59:09 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9D6DE8167D for ; Wed, 6 Feb 2019 18:59:08 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 3E3E414DBEE5; Wed, 6 Feb 2019 18:59:08 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E501814DBEE4 for ; Wed, 6 Feb 2019 18:59:07 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 648CA81675 for ; Wed, 6 Feb 2019 18:59:07 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-ot1-x32b.google.com with SMTP id a11so13753953otr.10 for ; Wed, 06 Feb 2019 10:59:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q3YSZ1mUD0MV6CwrZoZKt9EFKnEMfjAZ7dpy5gkbt/E=; b=CdZcxSpC8yZ3OoKrMo3vTgve+fxGloAFNihjcZWCR2nLTns+fxVsrjv/BmenSypUbV gD0+kJQJkSqIxVZjgCBBbQkhXQv/JPzsI53HDsxQpKNK8QEh1Qg+EQj9XW7E98EgDA0c pcjJe5p8ml1KkauIPuZQvA8/Syn9BEq2K1+PqZUhWY+9+jBzkYGV1zKhdYmN/ObaEdhZ 2VsRPby1s1n4wuqA7CB76/wpPcpNZxvvEl7VtdhmK5xVa/RgImkVo9NrsNaNUMm1Hl3L dGNhmALOE5QaW4GHHoRF0C1RbXISs/BUyi1d4I46h/AVX4+1GI4rdXpgSK5IyPYXZkBx ugWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q3YSZ1mUD0MV6CwrZoZKt9EFKnEMfjAZ7dpy5gkbt/E=; b=EIsPvqHLQFH6je6g9rQ6nseAd24C4H93EFh4GLoLPVjjmnqlCeZZpWXMkzL8UdA0e6 cdYHiu35SLjzOe1Tqmod4zljxMqltjpxwNmRvPViSXTn5w1wqxRo8p1q5f2LCOjt7gHS ejF+Zq+Mx+svTZDYX7kh3uREfJ3Pbl7IZ5+Rwhsamq7g2ZTZVIJUkln+4d0B03wY8X+R 62OzEUG73eu+zs9YaKlo76r7IlXt0pPtYAxyxSrg0qKU+psZy/Y/IqqMvQ/yAmUuD35u KBsOA7u1qggBO3x565wHQ9It9U2iJBLXGb7SHaywHK1FfcWgCxJQ3FpETwdwYty7PpAz SNAg== X-Gm-Message-State: AHQUAuYFuQAR1/IJMHqc1iFGDHWHyH2QOtKg8tQy23Co3Du49c14uAHU iB0ZijdBI7+IhfzUS6MtkMGfJyzfdf3MZg3m+q0= X-Google-Smtp-Source: AHgI3IZ3NJBniyytIaylnWMGPMkMWkJSZ7pUwzRWErwkuIL3jjBNH/QE6zmSzZte/hlpVdVv4PCDDYVl7WWZz9giZIo= X-Received: by 2002:aca:b104:: with SMTP id a4mr381100oif.133.1549479545864; Wed, 06 Feb 2019 10:59:05 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Kevin Oberman Date: Wed, 6 Feb 2019 10:58:48 -0800 Message-ID: Subject: Re: Using LibreSSL with only one or a subset of all installed ports To: Nick Rogers Cc: "ports@FreeBSD.org" X-Rspamd-Queue-Id: 648CA81675 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.977,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2019 18:59:09 -0000 On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote: > I am wondering if it is wise or possible to use libressl for only a single > installed port, while continuing to use OpenSSL from Base for all remaining > installed ports. I would like to do this in order to get around the fact > that lang/phantomjs does not compile against openssl 1.1.x due to API > changes, and fixing it is less than trivial. However, I am not quite ready > to switch other ports to LibreSSL. > > My thought was to use the following approach in make.conf when building via > poudriere. > > .if ${.CURDIR:M*/lang/phantomjs} > DEFAULT_VERSIONS+= ssl=libressl > .endif > > I am hoping for some advice as to whether or not this will work, or if its > a terrible idea, or if there is perhaps a better way to toggle libressl > per-port. All the port documentation I can find suggests an outright switch > to libressl for all ports, so I am concerned there is something I am > missing that will not be happy? > Along this path lies madness! Not that it can't work, but it is very dangerous and likely to get more complicated over time. The problem is with having multiple sharable libraries (.so) of the same name. The loader will refuse to load an executable if it attempts to load two or more shareable libraries that have a common name as it is not possible to determine which library to use for any reverence. If phantomjs calls ssl routines directly and also is linked to a shareable that is linked to either the openssl port installed shareable or the base system shareable, the code will not load. As linkages grow more and more complex, this tends to turn into a real rats nest. I'm not saying that it can't be done, but you have to know all of the linkages and be very sure that there are no conflicts. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683