From owner-svn-ports-all@freebsd.org Thu Jun 25 18:52:21 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53A8A98D710 for ; Thu, 25 Jun 2015 18:52:21 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: from mail-oi0-f53.google.com (mail-oi0-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2031B2FC6 for ; Thu, 25 Jun 2015 18:52:20 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: by oigb199 with SMTP id b199so59378686oig.3 for ; Thu, 25 Jun 2015 11:52:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=iaSdxfdj5LxlB5kjdD16yviPQ1IXMRtXtGDAoUQGt+E=; b=dmJwgWBckzmWcJH75pdPvESJWwHf8NnyiSuNEWU/0Ew5UZTaLBN6ArdFae/decQW6J H+A9eTbJTmQk01f1/FAKtznmf6xRWq1JceX08hEK4m5CZbN4gYmc1PATivMNtY222I3G GPSEcWa4aogQE5XxIBIfwTZ4X3vAAwJA1abAOmLaOuDJRdDc8paMgvF3h2o3h8hqv2mp vg24mvBlWI8ADUAAVSiY7VmGGv+FP2hzbXpRWyYLPyaz16U61lQARHgxC9//joMa8OYO 23jL8Htc+EJdpgkCmXNdya+ALvrCovYY7m3sR2yxBWd4z+bfnhNF/nE4nt1Su9rMDshy rk5g== X-Gm-Message-State: ALoCoQkK9QbvGUD+8b8MVpm8FbeuoOxzksfAm5HGPSvwneY42hJMzQNZx1G0A5UaRk5Qhdf86tNp X-Received: by 10.60.173.233 with SMTP id bn9mr6825801oec.20.1435258340297; Thu, 25 Jun 2015 11:52:20 -0700 (PDT) MIME-Version: 1.0 Sender: sunpoet@sunpoet.net Received: by 10.202.214.20 with HTTP; Thu, 25 Jun 2015 11:51:40 -0700 (PDT) In-Reply-To: <558B5E47.6000409@FreeBSD.org> References: <201506250022.t5P0MURx089077@svn.freebsd.org> <558B5E47.6000409@FreeBSD.org> From: Sunpoet Po-Chuan Hsieh Date: Fri, 26 Jun 2015 02:51:40 +0800 X-Google-Sender-Auth: rZfgy4iFqkNEJcj1JE3edKpqn7Y Message-ID: Subject: Re: svn commit: r390526 - head/ftp/curl To: Kubilay Kocak Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, Bryan Drewery , Mathieu , timp87@gmail.com, Adam Weinberger , "Timur I. Bakeyev" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2015 18:52:21 -0000 On Thu, Jun 25, 2015 at 9:49 AM, Kubilay Kocak wrote: > On 25/06/2015 10:22 AM, Bryan Drewery wrote: > > Author: bdrewery > > Date: Thu Jun 25 00:22:29 2015 > > New Revision: 390526 > > URL: https://svnweb.freebsd.org/changeset/ports/390526 > > > > Log: > > Be more explicit about which setting to use. > > > > PR: 200555 > > > > Modified: > > head/ftp/curl/Makefile > > > > Modified: head/ftp/curl/Makefile > > > ============================================================================== > > --- head/ftp/curl/Makefile Thu Jun 25 00:17:08 2015 (r390525) > > +++ head/ftp/curl/Makefile Thu Jun 25 00:22:29 2015 (r390526) > > @@ -167,7 +167,7 @@ IGNORE= only supports LIBSSH2 with Open > > (!defined(WITH_OPENSSL_BASE) && > exists(${LOCALBASE}/lib/libcrypto.so)) || \ > > (defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl")) > > .if ${PORT_OPTIONS:MGSSAPI_BASE} > > -IGNORE= GSSAPI_BASE is set, which is not compatible with > OpenSSL/LibreSSL from ports. Unset it or do not use ports SSL. > > +IGNORE= GSSAPI_BASE is set, which is not compatible with > OpenSSL/LibreSSL from ports. Set GSSAPI_NONE or do not use ports SSL. > > .endif > > .if ${PORT_OPTIONS:MTLS_SRP} && defined(OPENSSL_PORT) && > ${OPENSSL_PORT} == "security/libressl" > > IGNORE= unsupported TLS-SRP in LibreSSL > > > > This is not aimed at you Bryan (or at anyone specifically), this commit > just reminded me. > > I'm a HUGE non-fan of GSSAPI_NONE (or any FOO_NONE)as an option in the > following ports as an explicit option to disable something. > > dns/bind910 > dns/bind99 > ftp/curl > mail/dovecot2 > net/samba36 > www/squid > > We have OPTIONS_RADIO for supporting none or one enabled value from a > set of alternatives. That is, if none of KRB5, MIT or BASE are set, > kerberos should be disabled, as it is logically equivalent to setting > FOO_NONE, without needing an explicit option to say so. > > If we cant currently check/test whether no option from a set is enabled, > and that would be useful, we should add it to bsd.port.options.mk. I > imagine this is trivial (for someone who is shell savvy). > > It would be nice to be able to do something like: > > .if empty(OPTIONS_RADIO_FOO) > do something > .endif > > Alternatively, each of MIT, KRB5 and BASE options could: > > GSSAPI_FOO_CONFIGURE_OFF=--without-gssapi > > If we dont like duplicate configure args, then we should be able to test > for no enabled options as above. > > At a minimum these FOO_NONE options are unnecessary/redundant, worse its > a POLA violation and a clunky user experience, requiring a user to turn > on an option to disable something. > > I got bitten with this 'you must choose one of FOO' during a curl > upgrade'. It took me a while to figure out wth was going on. > > Maintainers of above ports are CC'd here > > > ./koobs > > Hi koobs, I have a different thinking. When I was trying to fix GSSAPI support several months ago, I read gssapi.mk and thought GSSAPI_NONE is a good idea. Then I followed the usage for the conversion from OPTIONS_RADIO to OPTIONS_SINGLE [1]. With GSSAPI_NONE, I could replace .if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MHEIMDAL_PORT} && !${PORT_OPTIONS:MKRB5_PORT} CONFIGURE_ARGS+=--without-gssapi .endif with GSSAPI_NONE_CONFIGURE_ON=--without-gssapi And I have another example in ftp/curl/Makfile: .if ${PORT_OPTIONS:MLDAPS} && !${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MNSS} && !${PORT_OPTIONS:MOPENSSL} && !${PORT_OPTIONS:MPOLARSSL} && !${PORT_OPTIONS:MWOLFSSL} IGNORE= only supports LDAPS with SSL .endif It looks stupid to list all SSL (radio) options here. [1] https://svnweb.freebsd.org/ports/head/ftp/curl/Makefile?r1=382451&r2=382459 Regards, sunpoet