Date: Thu, 9 Apr 2015 17:56:50 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Christian Weisgerber <naddy@mips.inka.de> Cc: freebsd-ports@freebsd.org, Bryan Drewery <bdrewery@FreeBSD.org> Subject: Re: LibreSSL infects ports, causes problems Message-ID: <20150409155649.GT95321@ivaldir.etoilebsd.net> In-Reply-To: <20150409155345.GA87497@lorvorc.mips.inka.de> References: <slrnmib1ur.2jau.naddy@lorvorc.mips.inka.de> <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> <20150409155345.GA87497@lorvorc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--wYXww9TlNKyqAMAe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 09, 2015 at 05:53:45PM +0200, Christian Weisgerber wrote: > Baptiste Daroussin: >=20 > > Some how you have mixed up things between base openssl and libressl, wh= en > > starting to activate libressl if you are using ports only you have to b= e extra > > careful, (same goes with ncurses or ports openssl) just installing thos= e ports > > is enough to "pollute" nearly anything you build after with a dependenc= y on it > > (well anything that does link to libssl, libcrypto) >=20 > Well, yes, that's what I said. It's a bug. >=20 > > If it very complicated and > > error prone to cherry pick "only take base openssl here, only ports ope= nssl > > there" the only "safe" way to solve this situation and being consistent= is to > > always skip the version from base and enforce the version for ports. (t= he > > otherway around is impossible - very complicated) >=20 > And the addition of LibreSSL as a not-quite-equivalent alternative > to ports OpenSSL makes this even more complicated. You can expect > things coming out of OpenBSD (like new versions of net/openntpd) > to require LibreSSL, because it includes a new library libtls that > doesn't exist in OpenSSL. In the meantime, LibreSSL has removed > some of the more horrific APIs of OpenSSL, which means some ports > will not build against LibreSSL as is. Like python27. Fixes for > these problems can be picked from the OpenBSD ports tree, if we > want to. >=20 > It's kind of hard to fix such problems if there is no clear policy > how things are supposed to work in the first place. >=20 I'm and other are working on a policy about that: always enforce openssl fr= om ports with just a flag to say I want openssl or I want libressl but not bot= h, would apply to others libs that behave the same way but I have limited time= on this any one who wants to work on that is welcome :) Best regards, Bapt --wYXww9TlNKyqAMAe Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlUmoUEACgkQ8kTtMUmk6Eym4QCgnEdAaGV7friMhu6td4Ax02Hl 5ogAn2R6O+hCqipjPRtSWil1n/g1FyOY =7Cij -----END PGP SIGNATURE----- --wYXww9TlNKyqAMAe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150409155649.GT95321>