On 30 Nov, Julian H. Stacey wrote:
> Hi po...@freebsd.org
> Advice Please: 
> I need some SSL settings I can compile 1000 ports with.
> I dont care which SSL.  (Any of eg base from src/ or any from devel/ )
> I dont care if SSL fails to run on most ports.
> I need 1000 ports to compile & install, & stop wasting my time with SSL.
> SSL will not even be used in most cases,
> Here's a small subset of ever growing DUDS= fail to build because of SSL:
>       arandr fetchmail fvwm2 xf86-input-keyboard xf86-input-mouse
>       xf86-video-chips xf86-video-fbdev xf86-video-neomagic
>       xf86-video-vesa xorg xorg-apps xorg-server
> 
> I make ports from sources, never packages, using ports/*/Makefile.local
> with SUBDIR+= ports_i_want
> 
> I purged some old old duplicate bins & libs, & now need to do eg
>       cd /usr/ports ; make BERKLIX_CLIENT=YES BERKLIX_SERVER=YES install 
> Lots of ports fail to build, no matter which SSL options I try,
> currently (with make.conf below) I'm seeing a dependent port eg:
>       cd /usr/ports/security/p5-GSSAPI ; make
> ===>  p5-GSSAPI-0.28_1 You are using OpenSSL from ports and have selected
> GSSAPI from base, please select another GSSAPI value.
> 
> I can't revert to src/ base as loads of ports want devel/openssl
>       pkg delete openssl-1.0.2j_1,1 # Number of packages to be removed: 149
> 
> FreeBSD's SSL defaults seem a mess : complex, breaking on loads
> of ports, inadequately documented, insufficiently clear error messages.
> 
> My current /etc/make.conf:
> ----------------
> # GSSAPI: Generic Security Services Application Program Interface
> # 
> http://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface
> # /usr/ports/Mk/Uses/gssapi.mk:
> #       You are using OpenSSL from ports and have selected
> #       GSSAPI from base, please select another GSSAPI value.
> # cd /usr/ports/security/openssl; echo ../*ssl*
> # SSL_DEFAULT=base # Disapproved of by
> #       /usr/ports/Mk/bsd.default-versions.mk
> # which instead reccomends:
> #       DEFAULT_VERSIONS+=ssl=base
> #       DEFAULT_VERSIONS+=ssl=openssl
> #       Possible values: base, openssl, openssl-devel, libressl, 
> libressl-devel
> # & also has:
> #       WITH_OPENSSL_*
> DEFAULT_VERSIONS+=ssl=openssl
> # WITH_OPENSSL="YES"
> # WITH_OPENSSL="openssl"
> # WITH_OPENSSL_PORT="YES"
> # WITH_OPENSSL_PORT="openssl"
> # SEE ALSO
> #       /etc/src.conf  (used only by src/),
> #                       whereas this make.conf used by both src/ & ports/.
> #       
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html
> #               WITH_OPENSSL_PORT WITH_OPENSSL_BASE
> #       man 7 ports
> #       /usr/ports/Mk/Uses/gssapi.mk
> ----------------
> 
> Advice welcome, Thanks !

This is what I use in /etc/make.conf to build ports with openssl from
ports:

WITH_OPENSSL_PORT=yes
DEFAULT_VERSIONS+=ssl=openssl
OPTIONS_SET=GSSAPI_NONE KRB_NONE
OPTIONS_UNSET=GSSAPI_BASE KRB_BASE KERBEROS

The GSSAPI and KERBEROS adjustments are needed because openssl from
ports can't be combined with base gssapi / kerberos.  GSSAPI_HEIMDAL or
GSSAPI_MIT should also work, likewise KRB_HEIMDAL or KRB_MIT.

_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to