Date: Fri, 26 Jun 2015 02:51:40 +0800 From: Sunpoet Po-Chuan Hsieh <sunpoet@freebsd.org> To: Kubilay Kocak <koobs@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, Bryan Drewery <bdrewery@freebsd.org>, Mathieu <mat@freebsd.org>, timp87@gmail.com, Adam Weinberger <adamw@freebsd.org>, "Timur I. Bakeyev" <timur@freebsd.org> Subject: Re: svn commit: r390526 - head/ftp/curl Message-ID: <CAMHz58SRB79bmtSKaxnujTNAtTg_UWXpbUL_P6rw9kCRxpYDcg@mail.gmail.com> In-Reply-To: <558B5E47.6000409@FreeBSD.org> References: <201506250022.t5P0MURx089077@svn.freebsd.org> <558B5E47.6000409@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 25, 2015 at 9:49 AM, Kubilay Kocak <koobs@freebsd.org> wrote: > On 25/06/2015 10:22 AM, Bryan Drewery wrote: > > Author: bdrewery > > Date: Thu Jun 25 00:22:29 2015 > > New Revision: 390526 > > URL: https://svnweb.freebsd.org/changeset/ports/390526 > > > > Log: > > Be more explicit about which setting to use. > > > > PR: 200555 > > > > Modified: > > head/ftp/curl/Makefile > > > > Modified: head/ftp/curl/Makefile > > > ============================================================================== > > --- head/ftp/curl/Makefile Thu Jun 25 00:17:08 2015 (r390525) > > +++ head/ftp/curl/Makefile Thu Jun 25 00:22:29 2015 (r390526) > > @@ -167,7 +167,7 @@ IGNORE= only supports LIBSSH2 with Open > > (!defined(WITH_OPENSSL_BASE) && > exists(${LOCALBASE}/lib/libcrypto.so)) || \ > > (defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl")) > > .if ${PORT_OPTIONS:MGSSAPI_BASE} > > -IGNORE= GSSAPI_BASE is set, which is not compatible with > OpenSSL/LibreSSL from ports. Unset it or do not use ports SSL. > > +IGNORE= GSSAPI_BASE is set, which is not compatible with > OpenSSL/LibreSSL from ports. Set GSSAPI_NONE or do not use ports SSL. > > .endif > > .if ${PORT_OPTIONS:MTLS_SRP} && defined(OPENSSL_PORT) && > ${OPENSSL_PORT} == "security/libressl" > > IGNORE= unsupported TLS-SRP in LibreSSL > > > > This is not aimed at you Bryan (or at anyone specifically), this commit > just reminded me. > > I'm a HUGE non-fan of GSSAPI_NONE (or any FOO_NONE)as an option in the > following ports as an explicit option to disable something. > > dns/bind910 > dns/bind99 > ftp/curl > mail/dovecot2 > net/samba36 > www/squid > > We have OPTIONS_RADIO for supporting none or one enabled value from a > set of alternatives. That is, if none of KRB5, MIT or BASE are set, > kerberos should be disabled, as it is logically equivalent to setting > FOO_NONE, without needing an explicit option to say so. > > If we cant currently check/test whether no option from a set is enabled, > and that would be useful, we should add it to bsd.port.options.mk. I > imagine this is trivial (for someone who is shell savvy). > > It would be nice to be able to do something like: > > .if empty(OPTIONS_RADIO_FOO) > do something > .endif > > Alternatively, each of MIT, KRB5 and BASE options could: > > GSSAPI_FOO_CONFIGURE_OFF=--without-gssapi > > If we dont like duplicate configure args, then we should be able to test > for no enabled options as above. > > At a minimum these FOO_NONE options are unnecessary/redundant, worse its > a POLA violation and a clunky user experience, requiring a user to turn > on an option to disable something. > > I got bitten with this 'you must choose one of FOO' during a curl > upgrade'. It took me a while to figure out wth was going on. > > Maintainers of above ports are CC'd here > > > ./koobs > > Hi koobs, I have a different thinking. When I was trying to fix GSSAPI support several months ago, I read gssapi.mk and thought GSSAPI_NONE is a good idea. Then I followed the usage for the conversion from OPTIONS_RADIO to OPTIONS_SINGLE [1]. With GSSAPI_NONE, I could replace .if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MHEIMDAL_PORT} && !${PORT_OPTIONS:MKRB5_PORT} CONFIGURE_ARGS+=--without-gssapi .endif with GSSAPI_NONE_CONFIGURE_ON=--without-gssapi And I have another example in ftp/curl/Makfile: .if ${PORT_OPTIONS:MLDAPS} && !${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MNSS} && !${PORT_OPTIONS:MOPENSSL} && !${PORT_OPTIONS:MPOLARSSL} && !${PORT_OPTIONS:MWOLFSSL} IGNORE= only supports LDAPS with SSL .endif It looks stupid to list all SSL (radio) options here. [1] https://svnweb.freebsd.org/ports/head/ftp/curl/Makefile?r1=382451&r2=382459 Regards, sunpoet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58SRB79bmtSKaxnujTNAtTg_UWXpbUL_P6rw9kCRxpYDcg>