Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
From: Stefan Esser
Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD
11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
Date: Wed, 5 May 2021 18:55:47 +0200
>> You misunderstand my intention. What I would like to do is to make a
>> port use security/openssl instead of base OpenSSL even if user sets
>> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't
>> customize setting about ssl at all).
>
> You can mark the port as broken if the user has selected "base" and
> this is incompatible with the port's requirements. E.g.:
>
> .include
>
> .if ${SSL_DEFAULT} == base
> BROKEN_FreeBSD_11= OpenSSL 1.1 required
> .endif
>
> .include
>
> You can of course add a better message, and the user can decide to
> try the compilation again after changing the default. But this will
> of course prevent the building of official packages for FreeBSD-11.
>
>> As I wrote previous mail, if 'USES=python:3.8+' is specified in
>> Makefile of a port, lang/python38 is used for the port event if user
>> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for
>> similar way about ssl setting.
>
> You could add a dependency on the openssl port and make sure, that
> the port's include file and library is used in preference of the
> base version on FreeBSD-11.
>
> But you have to consider the risk of mixing references to the base and
> the ports version in one binary (e.g. other libraries are linked in that
> had been built against the base version).
Thank you for explanation. The risk certainly cannot be ignored. So
the best practice is
1. Mark BROKEN if system is FreeBSD 11.x and SSL_DEFAULT is base.
2. For uses who want to used a port on FreeBSD 11.x with base OpenSSL,
copy it to other name before updating it.
And before I came to this conclusion, I noticed that the port in
question was already updated exactly this way;-).
---
Yasuhiro Kimura
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
06.05.2021 10:49, Dima Panov wrote: > Chris, your suggestion leads to dll hell due to mix-links between ssl > libraries :( > At least, your setup easily face up situation where one lib will be built > with “port openss” and consumers still get a “base openssl”. > DEFAULT_VERSION here is set to avoid a such situation — the whole ports > collection should be linked with ONE ssl/crypto library. I disagree. There is no reason for "leaf" ports to depend on ports version of openssl and this is impossible in come cases. For example, net/mpd5 port that links with base libfetch that links with base openssl. So, net/mpd5 must NOT be linked with ports openssl and frankly, it needs not. Global inflexible knob for whole ports tree is bad thing. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
On 2021-05-05 20:49, Dima Panov wrote:
Moin!
Chris, your suggestion leads to dll hell due to mix-links between ssl
libraries :(
At least, your setup easily face up situation where one lib will be built
with
“port openss” and consumers still get a “base openssl”. DEFAULT_VERSION here
is
set to avoid a such situation — the whole ports collection should be linked
with
ONE ssl/crypto library.
I agree. After posting my proposed solution. I was finally able to find
_which_ of
the ports I did it in. Fortunately, it was an isolated case. Which got me to
thinking
that _this_ case here had far reaching ramifications. I would have withdrawn
my
suggestion. But you beat me to it. ;-)
Thanks for the reply (and correction), Dima!
--Chris
--
Dima. (desktop, kde, x11, office, ports-secteam)@FreeBSD team
(flu...@freebsd.org, https://t.me/dima_panov)
On Thursday, May 06, 2021 at 6:26 AM, Chris (mailto:portmas...@bsdforge.com)> wrote:
On 2021-05-05 09:10, Yasuhiro Kimura wrote:
> From: Chris
> Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD
> 11.x
> Date: Wed, 05 May 2021 08:03:00 -0700
>
> > I ran into a similar situation requiring freebsd 11 users not use
> > SSL from base, and I simply used a conditional based against freebsd
> > version, that also included a RUN_DEPENDS on security/openssl
> > Wouldn't that work in your case?
> >
> > --Chris
>
> Probably only adding security/openssl to *_DEPENDS isn't enough. If
> you look at Mk/Uses/ssl.mk, you'll find the path of include files and
> libraries are customized depending on which ssl stack is used. So you
> also need to add similar custimizetion in Makefile of port avoding
> conflicts with the settings in Mk/Uses/ssl.mk. And it must be hard
> job.
Well unless something has changed significantly in that regard over
the last couple mos. I found it was enough to trap ${OSREL:R} targeting
11 && within that conditional add ssl=openssl
It worked a treat. You may find some additional clues in
bsd.default-versions.mk
HTH
--Chris
>
> ---
> Yasuhiro Kimura
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
Moin!
Chris, your suggestion leads to dll hell due to mix-links between ssl libraries
:(
At least, your setup easily face up situation where one lib will be built with
“port openss” and consumers still get a “base openssl”. DEFAULT_VERSION here is
set to avoid a such situation — the whole ports collection should be linked
with ONE ssl/crypto library.
--
Dima. (desktop, kde, x11, office, ports-secteam)@FreeBSD team
(flu...@freebsd.org, https://t.me/dima_panov)
> On Thursday, May 06, 2021 at 6:26 AM, Chris (mailto:portmas...@bsdforge.com)> wrote:
> On 2021-05-05 09:10, Yasuhiro Kimura wrote:
> > From: Chris
> > Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD
> > 11.x
> > Date: Wed, 05 May 2021 08:03:00 -0700
> >
> > > I ran into a similar situation requiring freebsd 11 users not use
> > > SSL from base, and I simply used a conditional based against freebsd
> > > version, that also included a RUN_DEPENDS on security/openssl
> > > Wouldn't that work in your case?
> > >
> > > --Chris
> >
> > Probably only adding security/openssl to *_DEPENDS isn't enough. If
> > you look at Mk/Uses/ssl.mk, you'll find the path of include files and
> > libraries are customized depending on which ssl stack is used. So you
> > also need to add similar custimizetion in Makefile of port avoding
> > conflicts with the settings in Mk/Uses/ssl.mk. And it must be hard
> > job.
> Well unless something has changed significantly in that regard over
> the last couple mos. I found it was enough to trap ${OSREL:R} targeting
> 11 && within that conditional add ssl=openssl
> It worked a treat. You may find some additional clues in
> bsd.default-versions.mk
>
> HTH
>
> --Chris
> >
> > ---
> > Yasuhiro Kimura
> > ___
> > freebsd-ports@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
signature.asc
Description: PGP signature
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
On 2021-05-05 09:10, Yasuhiro Kimura wrote:
From: Chris
Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD
11.x
Date: Wed, 05 May 2021 08:03:00 -0700
I ran into a similar situation requiring freebsd 11 users not use
SSL from base, and I simply used a conditional based against freebsd
version, that also included a RUN_DEPENDS on security/openssl
Wouldn't that work in your case?
--Chris
Probably only adding security/openssl to *_DEPENDS isn't enough. If
you look at Mk/Uses/ssl.mk, you'll find the path of include files and
libraries are customized depending on which ssl stack is used. So you
also need to add similar custimizetion in Makefile of port avoding
conflicts with the settings in Mk/Uses/ssl.mk. And it must be hard
job.
Well unless something has changed significantly in that regard over
the last couple mos. I found it was enough to trap ${OSREL:R} targeting
11 && within that conditional add ssl=openssl
It worked a treat. You may find some additional clues in
bsd.default-versions.mk
HTH
--Chris
---
Yasuhiro Kimura
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
> On 5. May 2021, at 18:56, Stefan Esser wrote:
>
> Am 05.05.21 um 18:00 schrieb Yasuhiro Kimura:
>> You misunderstand my intention. What I would like to do is to make a
>> port use security/openssl instead of base OpenSSL even if user sets
>> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't
>> customize setting about ssl at all).
Stefan‘s suggestion is AFAIK the best we can do.
mail/opensmtpd has an example of that, but it still requires the user to
actively select the OpenSSL library (mixing OpenSSL libraries in a package set
is problematic).
Best,
Michael
>
> You can mark the port as broken if the user has selected "base" and
> this is incompatible with the port's requirements. E.g.:
>
> .include
>
> .if ${SSL_DEFAULT} == base
> BROKEN_FreeBSD_11= OpenSSL 1.1 required
> .endif
>
> .include
>
> You can of course add a better message, and the user can decide to
> try the compilation again after changing the default. But this will
> of course prevent the building of official packages for FreeBSD-11.
>
>> As I wrote previous mail, if 'USES=python:3.8+' is specified in
>> Makefile of a port, lang/python38 is used for the port event if user
>> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for
>> similar way about ssl setting.
>
> You could add a dependency on the openssl port and make sure, that
> the port's include file and library is used in preference of the
> base version on FreeBSD-11.
>
> But you have to consider the risk of mixing references to the base and
> the ports version in one binary (e.g. other libraries are linked in that
> had been built against the base version).
>
> Regards, STefan
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
Am 05.05.21 um 18:00 schrieb Yasuhiro Kimura:
> You misunderstand my intention. What I would like to do is to make a
> port use security/openssl instead of base OpenSSL even if user sets
> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't
> customize setting about ssl at all).
You can mark the port as broken if the user has selected "base" and
this is incompatible with the port's requirements. E.g.:
.include
.if ${SSL_DEFAULT} == base
BROKEN_FreeBSD_11= OpenSSL 1.1 required
.endif
.include
You can of course add a better message, and the user can decide to
try the compilation again after changing the default. But this will
of course prevent the building of official packages for FreeBSD-11.
> As I wrote previous mail, if 'USES=python:3.8+' is specified in
> Makefile of a port, lang/python38 is used for the port event if user
> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for
> similar way about ssl setting.
You could add a dependency on the openssl port and make sure, that
the port's include file and library is used in preference of the
base version on FreeBSD-11.
But you have to consider the risk of mixing references to the base and
the ports version in one binary (e.g. other libraries are linked in that
had been built against the base version).
Regards, STefan
OpenPGP_signature
Description: OpenPGP digital signature
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
From: Chris Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x Date: Wed, 05 May 2021 08:03:00 -0700 > I ran into a similar situation requiring freebsd 11 users not use > SSL from base, and I simply used a conditional based against freebsd > version, that also included a RUN_DEPENDS on security/openssl > Wouldn't that work in your case? > > --Chris Probably only adding security/openssl to *_DEPENDS isn't enough. If you look at Mk/Uses/ssl.mk, you'll find the path of include files and libraries are customized depending on which ssl stack is used. So you also need to add similar custimizetion in Makefile of port avoding conflicts with the settings in Mk/Uses/ssl.mk. And it must be hard job. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
From: Michael Gmelin Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x Date: Wed, 5 May 2021 17:32:02 +0200 > Which port are you talking about by the way? > > This worked for me just fine in the past (placed in make.conf): > > DEFAULT_VERSIONS+=ssl=libressl > > for LibreSSL and > > DEFAULT_VERSIONS+=ssl=openssl > > for openssl from ports. > > See also: > > $ head -n12 /usr/ports/Mk/Uses/ssl.mk > # Handle dependency on *ssl ports. > # > # Feature: SSL_DEFAULT > # Usage:USES=ssl > # Valid ARGS: none (build and run), build, run > # > # The user can choose which ssl library he wants with: > # > # DEFAULT_VERSIONS+=ssl= > # > # Variants being base, openssl, libressl, and libressl-devel. > # > > Cheers, > Michael You misunderstand my intention. What I would like to do is to make a port use security/openssl instead of base OpenSSL even if user sets 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't customize setting about ssl at all). As I wrote previous mail, if 'USES=python:3.8+' is specified in Makefile of a port, lang/python38 is used for the port event if user adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for similar way about ssl setting. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
On Wed, 05 May 2021 23:22:08 +0900 (JST) Yasuhiro Kimura wrote: > From: Michael Gmelin > Subject: Re: Making a port to use OpenSSL of ports collection on > FreeBSD 11.x Date: Tue, 4 May 2021 23:05:06 +0200 > > > See > > https://docs.freebsd.org/en/books/porters-handbook/uses/#uses-ssl > > > > Best > > I checked it but couldn't find proper solution. > > I think what is necessary in my case is something like version-spec > argument of 'USES=python'. > > For example, if 'USES=python:3.8+' is specified in Makefile of a port, > lang/python38 is used for it even if user sets > 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. > > But 'USES=ssl' doesn't provide such argument. Which port are you talking about by the way? This worked for me just fine in the past (placed in make.conf): DEFAULT_VERSIONS+=ssl=libressl for LibreSSL and DEFAULT_VERSIONS+=ssl=openssl for openssl from ports. See also: $ head -n12 /usr/ports/Mk/Uses/ssl.mk # Handle dependency on *ssl ports. # # Feature: SSL_DEFAULT # Usage:USES=ssl # Valid ARGS: none (build and run), build, run # # The user can choose which ssl library he wants with: # # DEFAULT_VERSIONS+=ssl= # # Variants being base, openssl, libressl, and libressl-devel. # Cheers, Michael > > --- > Yasuhiro Kimura > ___ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to > "freebsd-ports-unsubscr...@freebsd.org" -- Michael Gmelin ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
On 2021-05-05 07:22, Yasuhiro Kimura wrote: From: Michael Gmelin Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x Date: Tue, 4 May 2021 23:05:06 +0200 See https://docs.freebsd.org/en/books/porters-handbook/uses/#uses-ssl Best I checked it but couldn't find proper solution. I think what is necessary in my case is something like version-spec argument of 'USES=python'. For example, if 'USES=python:3.8+' is specified in Makefile of a port, lang/python38 is used for it even if user sets 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. But 'USES=ssl' doesn't provide such argument. I ran into a similar situation requiring freebsd 11 users not use SSL from base, and I simply used a conditional based against freebsd version, that also included a RUN_DEPENDS on security/openssl Wouldn't that work in your case? --Chris --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
From: Michael Gmelin Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x Date: Tue, 4 May 2021 23:05:06 +0200 > See https://docs.freebsd.org/en/books/porters-handbook/uses/#uses-ssl > > Best I checked it but couldn't find proper solution. I think what is necessary in my case is something like version-spec argument of 'USES=python'. For example, if 'USES=python:3.8+' is specified in Makefile of a port, lang/python38 is used for it even if user sets 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. But 'USES=ssl' doesn't provide such argument. --- Yasuhiro Kimura ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
> On 4. May 2021, at 21:50, Yasuhiro Kimura wrote: > > Hello, > > Of the currently supported FreeBSD versions, base system of FreeBSD > 11.x uses OpenSSL 1.0.2 and that of FreeBSD 12.x or later use OpenSSL > 1.1.1. > > Then when new version of an application dropped suport of OpenSSL > 1.0.2, is there any way to make the port of it to use OpenSSL of ports > collection if the system is FreeBSD 11.x? > See https://docs.freebsd.org/en/books/porters-handbook/uses/#uses-ssl Best > Best Regards. > > --- > Yasuhiro Kimura > ___ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
