Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 1 Jul 2016 19:30:57 -0700 (PDT)
From:      Don Lewis <truckman@FreeBSD.org>
To:        bsd-lists@bsdforge.com
Cc:        freebsd-ports@freebsd.org
Subject:   Re: what to do when base openssl isn't suitable
Message-ID:  <201607020231.u622UvTt094500@gw.catspoiler.org>
In-Reply-To: <4c6170a82043b9d9b3064712ac66c411@ultimatedns.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On  1 Jul, Chris H wrote:
> On Sat, 2 Jul 2016 01:16:36 +0200 Baptiste Daroussin <bapt@FreeBSD.org> wrote
> 
>> On Fri, Jul 01, 2016 at 04:15:12PM -0700, Chris H wrote:
>> > On Fri, 1 Jul 2016 14:41:34 -0700 (PDT) Don Lewis <truckman@FreeBSD.org>
>> > wrote 
>> > > On  1 Jul, Miroslav Lachman wrote:
>> > > > Don Lewis wrote on 07/01/2016 20:59:
>> > > >> I've got a port that does not work with base openssl because it looks
>> > > >> for libssl.pc.  Other than that, I don't think it is picky about what
>> > > >> flavor of ports ssl is installed.  Because the default version of ssl
>> > > >> still defaults to base, I don't see a way to get this port to build on
>> > > >> the cluster, so there is no way to provide binary packages.  That's a
>> > > >> problem for end users because this port has bunch of huge build
>> > > >> dependencies.  Thoughts?
>> > > > 
>> > > > There are already packages depending on ports OpenSSL because they need
>> > > > /usr/local/libdata/pkgconfig/libssl.pc (installed by openssl-1.0.2_14) 
>> > > > so I think you can make port depending on ports openssl.
>> > > > See nginx for example.
>> > > > 
>> > > > .if defined(NGINX_OPENSSL)
>> > > > USE_OPENSSL= yes
>> > > 
>> > > USE_OPENSSL is now deprecated and has been replaced by USES=ssl
>> > > 
>> > > > .if ${OSVERSION} < 1100000
>> > > > WITH_OPENSSL_PORT=yes
>> > > 
>> > > WITH_OPENSSL_PORT is now deprecated.  Even before that I don't think it
>> > > was intended to be used in the port Makefile, only in /etc/make.conf.
>> > > The suggested replacement is to put DEFAULT_VERSIONS+=ssl=openssl in
>> > > /etc/make.conf.
>> > 
>> > Wouldn't something along the lines of
>> > 
>> > SSL_LIB_DEPENDS=    libssl.pc:security/openssl
>> > 
>> libssl.pc? nothing will ever work with this line :)
> Right, and I noticed what I had done the moment I hit
> the send button. So was forced to send another reply
> with the *intended* suggestion. :/
> 
> SSLLIB_DESC=	OpenSSL support
> 
> SSL_LIB_DEPENDS=	libssl.so:security/openssl
> SSLLIB_CONFIGURE_WITH=	ssllib
> 
> or perhaps more simply
> 
> LIB_DEPENDS=	libssl.so:security/openssl
> 
> in an appropriate location for an SSL option,
> assuming it's even optional.

SSL is not optional.  The above would work, but I think it would cause
problems for anyone who chose libressl as their default because the two
versions would conflict.  Doing the above only when the default version
is set to "base" would be safer, but it turns out that I can make the
port work with base OpenSSL (except on FreeBSD 9) by passing the
necessary magic environment variables to configure.  I think that's good
enough and avoids any potential conflicts.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607020231.u622UvTt094500>