From nobody Tue Oct 5 06:38:49 2021 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B883C17CA4B4 for ; Tue, 5 Oct 2021 06:38:58 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HNnwx38nkz3pLP for ; Tue, 5 Oct 2021 06:38:57 +0000 (UTC) (envelope-from felix@palmen-it.de) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=go9QjUk73bncfDM0xXXYg0zIFMFhcgP7Qim2VBaCSjI=; b=u2uKpwVTx0R0F4xh3YGMnBk3RX vMZGKk3WnOKumAr1A67/OSuYSH/PuOgbBv3osB2x1AoIdTKu5nCunMbVbfNpZHJFK8hT+MIRaafFG 3bttzFF9vJT46ObL7gAWe5c9dhQ8ADW7bgw3ualoC6GIRUhKF8v6HVtOAPdaeuNZWleED9/uM0Zsq IgZXWcBsCvoRiklzV7Gsqpju0W5BFEl7x1s0US+FsUqeY5dOs0iH63VlxUQ7vVChCAcFesO8/y4gS cBT0nCJXt3Ze1pjaF5LLu87rSElMkCXhXXgqpcEYliMMX6GlFGilPyvy2ijnWm7CNTVayoJ2TygVw E7xyl4qA==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mXe6E-002PbF-5N for freebsd-ports@freebsd.org; Tue, 05 Oct 2021 08:38:50 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mXe6D-000MYT-TF for freebsd-ports@freebsd.org; Tue, 05 Oct 2021 06:38:49 +0000 Date: Tue, 5 Oct 2021 08:38:49 +0200 From: Felix Palmen To: freebsd-ports@freebsd.org Subject: Re: State of LibreSSL in FreeBSD ports Message-ID: <20211005063849.zjejmnaifve4gngz@nexus.home.palmen-it.de> Mail-Followup-To: freebsd-ports@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: palmen-it.de References: <20211003141654.bwlnlin6g3s2n5gt@nexus.home.palmen-it.de> <20211004182033.7iaeak3z2dgwdbhw@aching.in.mat.cc> List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="utk4ethlq5fa26jz" Content-Disposition: inline In-Reply-To: <20211004182033.7iaeak3z2dgwdbhw@aching.in.mat.cc> User-Agent: NeoMutt/20210205 X-Rspamd-Queue-Id: 4HNnwx38nkz3pLP X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=palmen-it.de header.s=20200414 header.b=u2uKpwVT; dmarc=pass (policy=none) header.from=palmen-it.de; spf=pass (mx1.freebsd.org: domain of felix@palmen-it.de designates 2001:470:1f0b:bbb:1::1 as permitted sender) smtp.mailfrom=felix@palmen-it.de X-Spamd-Result: default: False [-7.20 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[palmen-it.de:s=20200414]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:1f0b:bbb:1::1]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; DWL_DNSWL_LOW(-1.00)[palmen-it.de:dkim]; DKIM_TRACE(0.00)[palmen-it.de:+]; DMARC_POLICY_ALLOW(-0.50)[palmen-it.de,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2001:470:1f0b:bbb:1::1:from] X-ThisMailContainsUnwantedMimeParts: N --utk4ethlq5fa26jz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Mathieu Arnold [20211004 20:20]: > On Sun, Oct 03, 2021 at 04:16:54PM +0200, Felix Palmen wrote: > > Is LibreSSL in FreeBSD ports > >=20 > > * supported, so ports should build with it if at all possible? > > * supported on a "best effort" base, so setting a port BROKEN is > > acceptable if maintaining (working) patches would be too much hassle? > > * NOT supported at all, so random build failures with LibreSSL are fine? >=20 > I'd say the third option, the only *SSL variant that is guaranteed too > work is using the base system OpenSSL, using anything else is bound to > hurt and segfault at one point or the other. If that would be consensus, I think it would be better to remove the option altogether. What's the point of having a totally unsupported and experimental option in ports anyways? Fortunately, my experience is different. Most port maintainers acknowledge a problem with LibreSSL (that isn't already noted in an IGNORE/BROKEN) is a bug. And I've never seen a segfault caused by using LibreSSL in several years of using it with FreeBSD ports. > This is because your software will have linking with one library from > the base system that brings OpenSSL, and some other library that links > with ports OpenSSL or LibreSSL, and the software calls one function that > is in both. I could think of kerberos here (which I don't use from base either). Do you have any other examples? --=20 Dipl.-Inform. Felix Palmen ,.//.......... {web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de {pgp public key} http://palmen-it.de/pub.txt // """"""""""" {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A --utk4ethlq5fa26jz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmFb8vEACgkQPvKLCrwC 2ipO+Qf+O8AXXx5me+r+R3gkPzbbSyQSEEwLbHCQp7gNZtlg8uNUrUNSfm+oR4ZI FAjMxwJSWLZNZ7Zh+DvgwipeUvM6/UnerYtunqrCa6Ff2lPRPVLJzuxeJOyUMhHU WA3FcHw/MNn9Eaw2BsmbxQPD+YGJY/zgHei6KOijkS3jScHOlnNRQH8FMK44cMpF mMrRiDP+r5c53g+UuYunpynKO9NI3X/wIr5zEil8c9aPTmCu2r8iGqsZYUt8t2Qo pclNZU8NpA9ISS7jt/TMGsYyovfpAvaTkXj4lqJQhxn1fUoHWNgw8/W5EwtQKQWA 2p/RmCLEuiOmJ7kgjaQ55474pCX9ZA== =ZzCE -----END PGP SIGNATURE----- --utk4ethlq5fa26jz--