Re: Using LibreSSL with only one or a subset of all installed ports
07.02.2019 1:58, Kevin Oberman wrote: > I'm not saying that it can't be done, but you have to know all of the > linkages and be very sure that there are no conflicts. Sometimes libmap.conf(5) helps. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 5:32 PM Nick Rogers wrote: > > > On Wed, Feb 6, 2019 at 1:59 PM Kevin Oberman wrote: > >> On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote: >> >>> I am wondering if it is wise or possible to use libressl for only a >>> single >>> installed port, while continuing to use OpenSSL from Base for all >>> remaining >>> installed ports. I would like to do this in order to get around the fact >>> that lang/phantomjs does not compile against openssl 1.1.x due to API >>> changes, and fixing it is less than trivial. However, I am not quite >>> ready >>> to switch other ports to LibreSSL. >>> >>> My thought was to use the following approach in make.conf when building >>> via >>> poudriere. >>> >>> .if ${.CURDIR:M*/lang/phantomjs} >>> DEFAULT_VERSIONS+= ssl=libressl >>> .endif >>> >>> I am hoping for some advice as to whether or not this will work, or if >>> its >>> a terrible idea, or if there is perhaps a better way to toggle libressl >>> per-port. All the port documentation I can find suggests an outright >>> switch >>> to libressl for all ports, so I am concerned there is something I am >>> missing that will not be happy? >>> >> >> Along this path lies madness! Not that it can't work, but it is very >> dangerous and likely to get more complicated over time. >> >> The problem is with having multiple sharable libraries (.so) of the same >> name. The loader will refuse to load an executable if it attempts to load >> two or more shareable libraries that have a common name as it is not >> possible to determine which library to use for any reverence. If phantomjs >> calls ssl routines directly and also is linked to a shareable that is >> linked to either the openssl port installed shareable or the base system >> shareable, the code will not load. As linkages grow more and more complex, >> this tends to turn into a real rats nest. >> >> I'm not saying that it can't be done, but you have to know all of the >> linkages and be very sure that there are no conflicts. >> > > Thanks for the input. I currently exclusively use OpenSSL in base, so I > was hoping there was something sane and similar to control using base vs. > security/openssl, like the WITH_OPENSSL_PORT and WITH_OPENSSL_BASE knobs, > only for libressl. It looks like security/openssl is still on 1.0, so I > might be able to get phantomjs working with security/openssl and continue > using base for other ports. > Now what I can't figure out is how to tell a specific port to use security/openssl and have others use base. The handbook implies that this is possible per-port with the WITH_OPENSSL_* knobs, but those have been deprecated in favor of the global DEFAULT_VERSIONS+= ssl=openssl approach. Anyone know how to correctly set ssl=openssl for a single port via make.conf? > > -- >> Kevin Oberman, Part time kid herder and retired Network Engineer >> E-mail: rkober...@gmail.com >> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 >> > ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 1:59 PM Kevin Oberman wrote: > On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote: > >> I am wondering if it is wise or possible to use libressl for only a single >> installed port, while continuing to use OpenSSL from Base for all >> remaining >> installed ports. I would like to do this in order to get around the fact >> that lang/phantomjs does not compile against openssl 1.1.x due to API >> changes, and fixing it is less than trivial. However, I am not quite ready >> to switch other ports to LibreSSL. >> >> My thought was to use the following approach in make.conf when building >> via >> poudriere. >> >> .if ${.CURDIR:M*/lang/phantomjs} >> DEFAULT_VERSIONS+= ssl=libressl >> .endif >> >> I am hoping for some advice as to whether or not this will work, or if its >> a terrible idea, or if there is perhaps a better way to toggle libressl >> per-port. All the port documentation I can find suggests an outright >> switch >> to libressl for all ports, so I am concerned there is something I am >> missing that will not be happy? >> > > Along this path lies madness! Not that it can't work, but it is very > dangerous and likely to get more complicated over time. > > The problem is with having multiple sharable libraries (.so) of the same > name. The loader will refuse to load an executable if it attempts to load > two or more shareable libraries that have a common name as it is not > possible to determine which library to use for any reverence. If phantomjs > calls ssl routines directly and also is linked to a shareable that is > linked to either the openssl port installed shareable or the base system > shareable, the code will not load. As linkages grow more and more complex, > this tends to turn into a real rats nest. > > I'm not saying that it can't be done, but you have to know all of the > linkages and be very sure that there are no conflicts. > Thanks for the input. I currently exclusively use OpenSSL in base, so I was hoping there was something sane and similar to control using base vs. security/openssl, like the WITH_OPENSSL_PORT and WITH_OPENSSL_BASE knobs, only for libressl. It looks like security/openssl is still on 1.0, so I might be able to get phantomjs working with security/openssl and continue using base for other ports. -- > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkober...@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote: > I am wondering if it is wise or possible to use libressl for only a single > installed port, while continuing to use OpenSSL from Base for all remaining > installed ports. I would like to do this in order to get around the fact > that lang/phantomjs does not compile against openssl 1.1.x due to API > changes, and fixing it is less than trivial. However, I am not quite ready > to switch other ports to LibreSSL. > > My thought was to use the following approach in make.conf when building via > poudriere. > > .if ${.CURDIR:M*/lang/phantomjs} > DEFAULT_VERSIONS+= ssl=libressl > .endif > > I am hoping for some advice as to whether or not this will work, or if its > a terrible idea, or if there is perhaps a better way to toggle libressl > per-port. All the port documentation I can find suggests an outright switch > to libressl for all ports, so I am concerned there is something I am > missing that will not be happy? > Along this path lies madness! Not that it can't work, but it is very dangerous and likely to get more complicated over time. The problem is with having multiple sharable libraries (.so) of the same name. The loader will refuse to load an executable if it attempts to load two or more shareable libraries that have a common name as it is not possible to determine which library to use for any reverence. If phantomjs calls ssl routines directly and also is linked to a shareable that is linked to either the openssl port installed shareable or the base system shareable, the code will not load. As linkages grow more and more complex, this tends to turn into a real rats nest. I'm not saying that it can't be done, but you have to know all of the linkages and be very sure that there are no conflicts. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkober...@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
LLVM 7.1.0: how to proceed?
LLVM 7.1.0 will be release shortly and contains a single fix which breaks the LLVM Libra ABI in order to fix an incompatibility with GCC 8.2. A bug describing the issue is at https://bugs.llvm.org/show_bug.cgi?id=39427. My current plan is: - Copy devel/llvm70 to devel/llvm71 and update. - Perform a coordinated switch of all dependencies, to llvm71 (e.g. do an exp-run with the switch made and llvm70 removed). All ports with library dependencies would get PORT_REVISION bumps. - DEPRECATE llvm70 and set a short expiration. Does this sound like a reasonable plan? -- Brooks signature.asc Description: PGP signature
Using LibreSSL with only one or a subset of all installed ports
I am wondering if it is wise or possible to use libressl for only a single installed port, while continuing to use OpenSSL from Base for all remaining installed ports. I would like to do this in order to get around the fact that lang/phantomjs does not compile against openssl 1.1.x due to API changes, and fixing it is less than trivial. However, I am not quite ready to switch other ports to LibreSSL. My thought was to use the following approach in make.conf when building via poudriere. .if ${.CURDIR:M*/lang/phantomjs} DEFAULT_VERSIONS+= ssl=libressl .endif I am hoping for some advice as to whether or not this will work, or if its a terrible idea, or if there is perhaps a better way to toggle libressl per-port. All the port documentation I can find suggests an outright switch to libressl for all ports, so I am concerned there is something I am missing that will not be happy? Thank you! -Nick ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
FreeBSD ports you maintain which are out of date
Dear port maintainer, The portscout new distfile checker has detected that one or more of your ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. If any ports have already been updated, you can safely ignore the entry. You will not be e-mailed again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/po...@freebsd.org.html Port| Current version | New version +-+ devel/ocaml-uutf| 0.9.4 | 1.0.2 +-+ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Thanks. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"