Date: Thu, 27 Feb 2020 12:45:51 -0800 From: Freddie Cash <fjwcash@gmail.com> To: Willem Jan Withagen <wjw@digiware.nl> Cc: Pete Wright <pete@nomadlogic.org>, Miroslav Lachman <000.fbsd@quip.cz>, "ports@freebsd.org" <ports@freebsd.org> Subject: Re: About protocols in openssl Message-ID: <CAOjFWZ5XFPK7tyj8DTtOOm_pRRA_YWUS50o=tPhc5cuFoUQeTA@mail.gmail.com> In-Reply-To: <0104ac5e-8d50-4a7e-ee6e-20c3a0167700@digiware.nl> References: <f7d98734-20dd-5ee7-b8b9-6ebc69603cb7@digiware.nl> <d7673dcd-467a-25ce-bca7-21cd74bf1777@quip.cz> <75330ed3-5f85-ea63-b8df-c73b5426b5a8@digiware.nl> <be596e5a-c136-cd3f-d634-f19558ac25ff@nomadlogic.org> <0104ac5e-8d50-4a7e-ee6e-20c3a0167700@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 27, 2020, 12:37 PM Willem Jan Withagen, <wjw@digiware.nl> wrote: > > Interesting, but not quite what I want.... > It is not for personal usage, but for ports that I have commited to the > ports collection, and want to upgrade. > And yes, fixing openssl works for this problem, but it is not only my > problem. > > I maintain these Ceph ports, and now upstream uses a python module that > expects SSlv3 to be available in the openssl that encounters on the system. > And the question is how to accommodate that? > Short of embedding my own openssl libs with the ceph-libs, thus creating > a huge maintenance problem. > > I could also argue that switching of SSLv3 in a generic library is sort > of impractical, even if it is a protocol that we want to erradicate. > But I guess that the maintainers of openssl have decided that this is > the smart thing to do. > And I'm in peace with that, but now require an escape from this catch-22. > > --WjW > There's no mechanism in the ports tree framework for port X to depend on feature Y being enabled in port Z. All you can do is add a pkg-message alert to your ceph port saying the use needs to compile the openssl port with SSLv3 enabled. You could create a slave port for openssl that has that option enabled, then depend on that slave port. But that might create dependency issues elsewhere. Sub-packages might (eventually) allow you to work around this. Cheers, Freddie Typos due to smartphone keyboard. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ5XFPK7tyj8DTtOOm_pRRA_YWUS50o=tPhc5cuFoUQeTA>