Date: Fri, 08 Aug 2014 15:51:35 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-python@FreeBSD.org Subject: [Bug 192511] [patch] fix lang/python27 build with libressl Message-ID: <bug-192511-17421-tmSnyl7rdK@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-192511-17421@https.bugs.freebsd.org/bugzilla/> References: <bug-192511-17421@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511 Marcus von Appen <mva@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsd-portmgr@FreeBSD.org | |, vsevolod@FreeBSD.org --- Comment #3 from Marcus von Appen <mva@FreeBSD.org> --- (In reply to meyer.arne83 from comment #2) > (In reply to Marcus von Appen from comment #1) > > Root problem: > > As soon as libressl is installed via ports, lang/pythonXX and other ports > > will try to pick it up, most likely due to the include and linker flags > > order. This is problematic in two regards: > > > > * lang/python27 does not have an explicit BUILD/RUN_DEPENDS on libressl, > > since libressl is not officially supported by upstream (yet) > > * libressl is API and ABI incompatible with OpenSSL, so depending on the > > system status (libressl installed or not), python will take the one or other. > > > > I do not like the patch, since it would disable the function for both, > > OpenSSL and libressl and thus effectively change the behaviour of > > lang/pythonXX. > Does RAND_egd even work on FreeBSD? > I also tried to preserve the python ssl api by having PySSL_RAND_egd just > return an error. So I don't think it's behaviour has changed. Might have > missed something, tho. This is just the minor part of the issue. The bigger problem is the library being pulled in. > > We need to get two things right: > > > > * handle OpenSSL support correctly and explicitly use OpenSSL, so that an > > installed SSL replacement does not cause a wrong and unintended behaviour > > * offer users to link against libressl explicitly (via an OPTION), which can > > cause different behaviour. > How about this: > * Add smt. like WITH_OPENSSL_LIBRE and some logic to bsd.openssl.mk > * Have the libressl port fail to build without that flag set. That sounds reasonable. I added the libressl maintainer and portmgr@ to this issue to get their feedback on it. > * Add a static library or c file with dummy functions(RAND_egd, ...) to > libressl. That might contradict the purpose of libressl and adds a can of worms (local patches), which should be avoided. Best'd be to ask the upstream developers of libressl about such things, I think. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-192511-17421-tmSnyl7rdK>