Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Feb 2019 10:58:48 -0800
From:      Kevin Oberman <rkoberman@gmail.com>
To:        Nick Rogers <ncrogers@gmail.com>
Cc:        "ports@FreeBSD.org" <ports@freebsd.org>
Subject:   Re: Using LibreSSL with only one or a subset of all installed ports
Message-ID:  <CAN6yY1t%2BPBgrb_-6ffonrWQGi7E7bKQe3r-QmUyVtQy3xSYqzg@mail.gmail.com>
In-Reply-To: <CAKOb=YbGuYBQ9kMPn%2Bw6V4GRGUSkZGwpyrctuN-u4r_k41uiTA@mail.gmail.com>
References:  <CAKOb=YbGuYBQ9kMPn%2Bw6V4GRGUSkZGwpyrctuN-u4r_k41uiTA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers <ncrogers@gmail.com> wrote:

> I am wondering if it is wise or possible to use libressl for only a single
> installed port, while continuing to use OpenSSL from Base for all remaining
> installed ports. I would like to do this in order to get around the fact
> that lang/phantomjs does not compile against openssl 1.1.x due to API
> changes, and fixing it is less than trivial. However, I am not quite ready
> to switch other ports to LibreSSL.
>
> My thought was to use the following approach in make.conf when building via
> poudriere.
>
> .if ${.CURDIR:M*/lang/phantomjs}
> DEFAULT_VERSIONS+= ssl=libressl
> .endif
>
> I am hoping for some advice as to whether or not this will work, or if its
> a terrible idea, or if there is perhaps a better way to toggle libressl
> per-port. All the port documentation I can find suggests an outright switch
> to libressl for all ports, so I am concerned there is something I am
> missing that will not be happy?
>

Along this path lies madness! Not that it can't work, but it is very
dangerous and likely to get more complicated over time.

The problem is with having multiple sharable libraries (.so) of the same
name. The loader will refuse to load an executable if it attempts to load
two or more shareable libraries that have a common name as it is not
possible to determine which library to use for any reverence. If phantomjs
calls ssl routines directly and also is linked to a shareable that is
linked to either the openssl port installed shareable or the base system
shareable, the code will not load. As linkages grow more and more complex,
this tends to turn into a real rats nest.

I'm not saying that it can't be done, but you have to know all of the
linkages and be very sure that there are no conflicts.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1t%2BPBgrb_-6ffonrWQGi7E7bKQe3r-QmUyVtQy3xSYqzg>