From owner-freebsd-ports@freebsd.org Fri May 7 01:23:17 2021 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB1496339FF for ; Fri, 7 May 2021 01:23:17 +0000 (UTC) (envelope-from yasu@utahime.org) Received: from maybe.home.utahime.org (gate.home.utahime.org [183.180.29.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fbt4N6Ldlz3HYL for ; Fri, 7 May 2021 01:23:16 +0000 (UTC) (envelope-from yasu@utahime.org) Received: from eastasia.home.utahime.org (eastasia.home.utahime.org [192.168.174.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by maybe.home.utahime.org (Postfix) with ESMTPS id 02D6A2842A for ; Fri, 7 May 2021 10:23:06 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=utahime.org; s=maybe2019112701; t=1620350587; bh=I12YGhsP0Vb6v4V8KNqt7etfC00j/xbtbBFfqb16tNg=; h=Date:To:Subject:From:In-Reply-To:References; b=UCcXwWFtQ/Kc5etyz3+14tQInnlEQHYcRL9JvDBv4ElzX3Q0bMoquFLMePf6g4SP9 d1YkS5nUibjgTXPcNMy0MOXIu1aesTHTTfrlKOPpp8DD+76RqPzYtnUtKZgrVDBCpH oLP2ukCg7R0h1uhJpQ8bjnJo5aKh/bvjPPbmiXaf8GUDjRyCDHIsezErIgTBFvxeXN HP9fk2mH2bQWeUMEH2SBY3aCUxkxzZTMNXuRSM2mwlH2+hsg1RTJXywTDJiTvRqkZu mDro9IHlGR4JN0MSeovpcAaBXDPStXHYrPAIwql4wkhLf9xKJB+AJ551baLQGqRqWo JHCkzJgfKr/cw== Received: from localhost (rolling.home.utahime.org [192.168.174.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by eastasia.home.utahime.org (Postfix) with ESMTPSA id CDA482069B; Fri, 7 May 2021 10:23:05 +0900 (JST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.2 at eastasia.home.utahime.org Date: Fri, 07 May 2021 10:05:56 +0900 (JST) Message-Id: <20210507.100556.694097639001344220.yasu@utahime.org> To: freebsd-ports@freebsd.org Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x From: Yasuhiro Kimura In-Reply-To: <12e142be-43c8-70fc-d0d8-d17969d8c734@freebsd.org> References: <20210505173202.36f1c307@bsd64.grem.de> <20210506.010002.255215505975340477.yasu@utahime.org> <12e142be-43c8-70fc-d0d8-d17969d8c734@freebsd.org> X-Mailer: Mew version 6.8 on Emacs 27.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Fbt4N6Ldlz3HYL X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=utahime.org header.s=maybe2019112701 header.b=UCcXwWFt; dmarc=none; spf=pass (mx1.freebsd.org: domain of yasu@utahime.org designates 183.180.29.210 as permitted sender) smtp.mailfrom=yasu@utahime.org X-Spamd-Result: default: False [-0.70 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+a:spf-authorized.utahime.org]; TO_DN_NONE(0.00)[]; HFILTER_HELO_IP_A(1.00)[maybe.home.utahime.org]; HFILTER_HELO_NORES_A_OR_MX(0.30)[maybe.home.utahime.org]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[utahime.org:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[183.180.29.210:from]; ASN(0.00)[asn:2519, ipnet:183.180.0.0/16, country:JP]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[utahime.org:s=maybe2019112701]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[utahime.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[183.180.29.210:from:127.0.2.255]; MID_CONTAINS_FROM(1.00)[]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-ports] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 May 2021 01:23:17 -0000 From: Stefan Esser Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x Date: Wed, 5 May 2021 18:55:47 +0200 >> You misunderstand my intention. What I would like to do is to make a >> port use security/openssl instead of base OpenSSL even if user sets >> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't >> customize setting about ssl at all). > > You can mark the port as broken if the user has selected "base" and > this is incompatible with the port's requirements. E.g.: > > .include > > .if ${SSL_DEFAULT} == base > BROKEN_FreeBSD_11= OpenSSL 1.1 required > .endif > > .include > > You can of course add a better message, and the user can decide to > try the compilation again after changing the default. But this will > of course prevent the building of official packages for FreeBSD-11. > >> As I wrote previous mail, if 'USES=python:3.8+' is specified in >> Makefile of a port, lang/python38 is used for the port event if user >> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for >> similar way about ssl setting. > > You could add a dependency on the openssl port and make sure, that > the port's include file and library is used in preference of the > base version on FreeBSD-11. > > But you have to consider the risk of mixing references to the base and > the ports version in one binary (e.g. other libraries are linked in that > had been built against the base version). Thank you for explanation. The risk certainly cannot be ignored. So the best practice is 1. Mark BROKEN if system is FreeBSD 11.x and SSL_DEFAULT is base. 2. For uses who want to used a port on FreeBSD 11.x with base OpenSSL, copy it to other name before updating it. And before I came to this conclusion, I noticed that the port in question was already updated exactly this way;-). --- Yasuhiro Kimura