Martin Waschbüsch wrote:
Umm probably a really bad idea... consider this or something more
creative/descriptive:
.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && ${WITH_OPENSSL_PORT} !=
"yes"
BROKEN= You must set WITH_OPENSSL_PORT=yes in /etc/make.conf on Pre 10.x
.endif
... the idea instead of silently turning it on which could cause a myriad of
hell for production systems where some ports are compiled against
security/openssl and some against the base openssl... stop the compile and tell
the user what they have to do to resolve it... which will then make anything
else use the same openssl and lessen the dependency/library issues that could
happen.
Actually, I just noticed (when compiling the port), that the Makefile now says:
WITH_OPENSSL_PORT=yes
GNUTLS_CONFIGURE_WITH= gnutls
GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls
POLARSSL_CONFIGURE_WITH=mbedtls
POLARSSL_LIB_DEPENDS= libmbedtls.so:security/polarssl13
.include <bsd.port.options.mk>
.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000
WITH_OPENSSL_PORT=yes
.endif
Which means that the ports version is used regardless of OSVERSION...
Yup... which is so much worse in so many other ways.. (IMHO) ... I mean
why would you want to turn on openssl in any way if you have gnutls or
polarssl on... I suspect the whole set of options and way its
configured should be looked at a little more closely and have an option
openssl as well ... or at least the broken= so that it will inform the
user if the wrong version of openssl is attempted... and considering
FreeBSD policy over base libraries and major releases maybe an option to
set for including the ports version of openssl as well (so that a
compile on 10.x while may work, if there is a security issue the
prompting for openssl from ports will allow a person to patch up without
necessarily knowing the significance... you know give the users a chance
rather than leaving it to the FreeBSD Devs to say you are better off
doing what we tell you.)
Shall I open a PR for it and incorporate the BROKEN= approach?
I'm not the right person to ask over that question, I'm just throwing a
suggestion on how you might consider handling it and other similar
issues in ways that are a lot more useful and less error/dependency
prone. Bad things/assumptions in makefiles end up with version lock-in
and/or broken linking/compiles when something needs to be upgraded...
and the all singing all dancing pkg system is no better than the old
system of pkg_add when it comes to these problems (in fact in some ways
its worse... because it tries to do the right thing when the right thing
is actually impossible until someone changes compile options.)
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
