Linking OpenSSL in ports and also requiring something from base that links OpenSSL seems to be pretty rare indeed. A notable example being ftp/curl that requires GSSAPI from base kerberos by default (this is now "fixed" in ports) and thus relying on both ports and base ssl via libkrb5.so. This is likely to be the most common case, something relying on kerberos from base. I'm not quite sure how hard the reliance on kerberos in base is but I'd like to see it made private for base, we have multiple alternatives in ports.
This thread misses a reference for the starter to https://bugs.freebsd.org/195796 which lists ports linking base libssl/libcrypto whilst WITH_OPENSSL_PORT=yes is set. I'm trying to collect work done to get these ports to link to ports OpenSSL in https://wiki.freebsd.org/OpenSSL/PortsLinkingBase (that is just a placeholder for now, trying to finish the LibreSSL fallout first) Thanks, Bernard On Thu, Apr 2, 2015 at 4:08 PM, Mark Felder <f...@freebsd.org> wrote: > > > On Wed, Apr 1, 2015, at 16:21, Bryan Drewery wrote: >> On 4/1/2015 3:59 PM, Yuri wrote: >> > I found that packages produced by poudriere likely link with base >> > openssl, while port make likely links with the port openssl. >> > This is because of the lines in bsd.openssl.mk which check for the >> > presence of openssl shared library and headers under PREFIX, and set >> > WITH_OPENSSL_BASE when they aren't present. In case of port make files >> > are likely present, and in case of poudriere build files are likely not >> > present. >> > >> > Example is ftp/curl (with GSSAPI=NONE, OPENSSL=yes options). *Poudriere >> > produces curl library, that causes VirtualBox to break* due to the >> > openssl base vs. port conflicts. See recent emulation@ ML threads. Port >> > make produces curl library that works fine with VirtualBox. >> > >> > I think both WITH_OPENSSL_BASE and WITH_OPENSSL_PORT should be retired, >> > and code checking file presence also should be removed, and all ports >> > should be made to build with an openssl port instead. Ports should never >> > use base OpenSSL. >> > >> > Only <100 ports touch WITH_OPENSSL_... variables. Somebody who is able >> > to make such decisions and has the commit bit should bit should look >> > into this. Otherwise, massively faulty package repositories are produces. >> > >> > Yuri >> >> I've wanted this for a long time. I think we should just do it. >> > > What are the risks of something linking to OpenSSL in ports also > requiring something from base which in turn... links in OpenSSL from > base? > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
