Re: Using LibreSSL with only one or a subset of all installed ports
07.02.2019 1:58, Kevin Oberman wrote: > I'm not saying that it can't be done, but you have to know all of the > linkages and be very sure that there are no conflicts. Sometimes libmap.conf(5) helps. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 5:32 PM Nick Rogers wrote:
>
>
> On Wed, Feb 6, 2019 at 1:59 PM Kevin Oberman wrote:
>
>> On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote:
>>
>>> I am wondering if it is wise or possible to use libressl for only a
>>> single
>>> installed port, while continuing to use OpenSSL from Base for all
>>> remaining
>>> installed ports. I would like to do this in order to get around the fact
>>> that lang/phantomjs does not compile against openssl 1.1.x due to API
>>> changes, and fixing it is less than trivial. However, I am not quite
>>> ready
>>> to switch other ports to LibreSSL.
>>>
>>> My thought was to use the following approach in make.conf when building
>>> via
>>> poudriere.
>>>
>>> .if ${.CURDIR:M*/lang/phantomjs}
>>> DEFAULT_VERSIONS+= ssl=libressl
>>> .endif
>>>
>>> I am hoping for some advice as to whether or not this will work, or if
>>> its
>>> a terrible idea, or if there is perhaps a better way to toggle libressl
>>> per-port. All the port documentation I can find suggests an outright
>>> switch
>>> to libressl for all ports, so I am concerned there is something I am
>>> missing that will not be happy?
>>>
>>
>> Along this path lies madness! Not that it can't work, but it is very
>> dangerous and likely to get more complicated over time.
>>
>> The problem is with having multiple sharable libraries (.so) of the same
>> name. The loader will refuse to load an executable if it attempts to load
>> two or more shareable libraries that have a common name as it is not
>> possible to determine which library to use for any reverence. If phantomjs
>> calls ssl routines directly and also is linked to a shareable that is
>> linked to either the openssl port installed shareable or the base system
>> shareable, the code will not load. As linkages grow more and more complex,
>> this tends to turn into a real rats nest.
>>
>> I'm not saying that it can't be done, but you have to know all of the
>> linkages and be very sure that there are no conflicts.
>>
>
> Thanks for the input. I currently exclusively use OpenSSL in base, so I
> was hoping there was something sane and similar to control using base vs.
> security/openssl, like the WITH_OPENSSL_PORT and WITH_OPENSSL_BASE knobs,
> only for libressl. It looks like security/openssl is still on 1.0, so I
> might be able to get phantomjs working with security/openssl and continue
> using base for other ports.
>
Now what I can't figure out is how to tell a specific port to use
security/openssl and have others use base. The handbook implies that this
is possible per-port with the WITH_OPENSSL_* knobs, but those have been
deprecated in favor of the global DEFAULT_VERSIONS+= ssl=openssl approach.
Anyone know how to correctly set ssl=openssl for a single port via
make.conf?
>
> --
>> Kevin Oberman, Part time kid herder and retired Network Engineer
>> E-mail: rkober...@gmail.com
>> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>>
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 1:59 PM Kevin Oberman wrote:
> On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote:
>
>> I am wondering if it is wise or possible to use libressl for only a single
>> installed port, while continuing to use OpenSSL from Base for all
>> remaining
>> installed ports. I would like to do this in order to get around the fact
>> that lang/phantomjs does not compile against openssl 1.1.x due to API
>> changes, and fixing it is less than trivial. However, I am not quite ready
>> to switch other ports to LibreSSL.
>>
>> My thought was to use the following approach in make.conf when building
>> via
>> poudriere.
>>
>> .if ${.CURDIR:M*/lang/phantomjs}
>> DEFAULT_VERSIONS+= ssl=libressl
>> .endif
>>
>> I am hoping for some advice as to whether or not this will work, or if its
>> a terrible idea, or if there is perhaps a better way to toggle libressl
>> per-port. All the port documentation I can find suggests an outright
>> switch
>> to libressl for all ports, so I am concerned there is something I am
>> missing that will not be happy?
>>
>
> Along this path lies madness! Not that it can't work, but it is very
> dangerous and likely to get more complicated over time.
>
> The problem is with having multiple sharable libraries (.so) of the same
> name. The loader will refuse to load an executable if it attempts to load
> two or more shareable libraries that have a common name as it is not
> possible to determine which library to use for any reverence. If phantomjs
> calls ssl routines directly and also is linked to a shareable that is
> linked to either the openssl port installed shareable or the base system
> shareable, the code will not load. As linkages grow more and more complex,
> this tends to turn into a real rats nest.
>
> I'm not saying that it can't be done, but you have to know all of the
> linkages and be very sure that there are no conflicts.
>
Thanks for the input. I currently exclusively use OpenSSL in base, so I was
hoping there was something sane and similar to control using base vs.
security/openssl, like the WITH_OPENSSL_PORT and WITH_OPENSSL_BASE knobs,
only for libressl. It looks like security/openssl is still on 1.0, so I
might be able to get phantomjs working with security/openssl and continue
using base for other ports.
--
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkober...@gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Using LibreSSL with only one or a subset of all installed ports
On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers wrote:
> I am wondering if it is wise or possible to use libressl for only a single
> installed port, while continuing to use OpenSSL from Base for all remaining
> installed ports. I would like to do this in order to get around the fact
> that lang/phantomjs does not compile against openssl 1.1.x due to API
> changes, and fixing it is less than trivial. However, I am not quite ready
> to switch other ports to LibreSSL.
>
> My thought was to use the following approach in make.conf when building via
> poudriere.
>
> .if ${.CURDIR:M*/lang/phantomjs}
> DEFAULT_VERSIONS+= ssl=libressl
> .endif
>
> I am hoping for some advice as to whether or not this will work, or if its
> a terrible idea, or if there is perhaps a better way to toggle libressl
> per-port. All the port documentation I can find suggests an outright switch
> to libressl for all ports, so I am concerned there is something I am
> missing that will not be happy?
>
Along this path lies madness! Not that it can't work, but it is very
dangerous and likely to get more complicated over time.
The problem is with having multiple sharable libraries (.so) of the same
name. The loader will refuse to load an executable if it attempts to load
two or more shareable libraries that have a common name as it is not
possible to determine which library to use for any reverence. If phantomjs
calls ssl routines directly and also is linked to a shareable that is
linked to either the openssl port installed shareable or the base system
shareable, the code will not load. As linkages grow more and more complex,
this tends to turn into a real rats nest.
I'm not saying that it can't be done, but you have to know all of the
linkages and be very sure that there are no conflicts.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Using LibreSSL with only one or a subset of all installed ports
I am wondering if it is wise or possible to use libressl for only a single
installed port, while continuing to use OpenSSL from Base for all remaining
installed ports. I would like to do this in order to get around the fact
that lang/phantomjs does not compile against openssl 1.1.x due to API
changes, and fixing it is less than trivial. However, I am not quite ready
to switch other ports to LibreSSL.
My thought was to use the following approach in make.conf when building via
poudriere.
.if ${.CURDIR:M*/lang/phantomjs}
DEFAULT_VERSIONS+= ssl=libressl
.endif
I am hoping for some advice as to whether or not this will work, or if its
a terrible idea, or if there is perhaps a better way to toggle libressl
per-port. All the port documentation I can find suggests an outright switch
to libressl for all ports, so I am concerned there is something I am
missing that will not be happy?
Thank you!
-Nick
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
