On 3/21/23 11:28, Stuart Henderson wrote:
> On 2023/03/21 15:53, David Vasek wrote:
>> On 2023-03-21 15:32, A Tammy wrote:
>>> On 3/21/23 08:26, David Vasek wrote:
>>>> Hello,
>>>>
>>>> more apps start using QUIC with GnuTLS. Port net/ngtcp2 can support
> Any specific examples of software doing this?
>
>>>> GnuTLS in a subpackage with no change in the main package. However,
>>>> security/gnutls is needed for building the port with this diff and
>>>> as a
>>>> dependency for the new subpackage net/ngtcp2-gnutls. I have also
>>>> changed
>>>> the package description, but didn't touch the style of the
>>>> Makefile yet.
>>>> REVISON's of both subpackages set to he same value. Tested on amd64 so
>>>> far.
>>> A lot of packages will automatically pick this up. This needs to be
>>> turned on with care.
>> It shouldn't pick anything automatically. The main package ngtcp2 will
>> remain
>> the same as before *), while the new subpackage ngtcp2-gnutls still needs
>> to be
>> explicitly requested.
> In a bulk build, ports are built in parallel and packages are installed
> and uninstalled all the time.
>
> If another port will pick this up _if present at configure/build time_,
> it must either be listed as a dependency or expicitly disabled (via
> configure arguments, env vars, patches or whatever).
>
> (Additionally, I think that we will want to be sure that if *both*
> crypto helpers are installed, the one using libressl as backend is
> preferred where possible).
Yes, e.g. I know that net/knot prefers the gnutls one over the openssl one.
I prefer to use knot with openssl, but its just a preference, am open to
moving to gnutls.
iirc curl also has some tie ins with ngtcp2, tb@ and jsing@ (cc'd) would
know more.
>
>> The only nuisance seems to be that there is additional dependency for
>> building
>> this port.
>>
>> *) With the exception of the time stamps, therefore I've set both
>> REVISIONs to 1.
> The PKGPATH changes, so additionally it needs "@pkgpath net/ngtcp2" in
> PLIST-main otherwise updates will fail, also any ports depending on
> it need a revision bump.
>
> +LIB_DEPENDS-gnutls= ${BASE_PKGPATH},-main security/gnutls
> +CONFIGURE_ARGS+= --with-openssl --with-gnutls
>
> break the two entries in these out onto separate lines.
>
