From owner-freebsd-ports@FreeBSD.ORG Thu May 1 20:24:39 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5CBFFB35; Thu, 1 May 2014 20:24:39 +0000 (UTC) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 20B27187F; Thu, 1 May 2014 20:24:38 +0000 (UTC) Received: from sulu.fritz.box (p3EE2F4CB.dip0.t-ipconnect.de [62.226.244.203]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3gKSkB54QLz39g; Thu, 1 May 2014 22:24:34 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: ports requiring OpenSSL not honouring OpenSSL from ports From: Michael Grimm In-Reply-To: <5362725B.6010109@geminix.org> Date: Thu, 1 May 2014 22:24:33 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201404271508.s3RF8sMA014085@catnip.dyslexicfish.net> <201404272250.s3RMo2NZ095771@catnip.dyslexicfish.net> <445CDD31-5A11-4F5E-92DE-CB11A10E9BDE@odo.in-berlin.de> <5361896C.7010703@bluerosetech.com> <53621BE0.4040704@geminix.org> <15864901-C372-43A8-A6E6-BF0AF73F2EC6@vpnc.org> <536267A0.9010403@geminix.org> <5362725B.6010109@geminix.org> To: "freebsd-security@freebsd.org" , "freebsd-ports@freebsd.org" X-Mailer: Apple Mail (2.1510) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 20:24:39 -0000 On 01.05.2014, at 18:12, Uwe Doering wrote: > One additional data point: "WITH_OPENSSL_PORT" is mentioned in the > FreeBSD Porter's Handbook: >=20 > = http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/makefile= -options.html#idp67984816 If I would have searched for "knobs" in that document = (http://svnweb.freebsd.org/ports/head/KNOBS?view=3Dmarkup), recently, I = would have ended with: | Unknown location: /head/KNOBS And, I didn't know what "knobs" were until a year ago after migrating = from portmaster to poudriere, although running FBSD beginning with 6.2. = But don't get me wrong, I do not complain at all, its been my fault, = period. > But then, it cannot be expected that mere _users_ of the ports tree = read > the Porter's Handbook. True. > And it is also not mentioned there that it is, to > my knowledge, considered good practice to have that setting in > "/etc/make.conf" in order to avoid any confusion about which port is > linked with what version of OpenSSL. Here's my question: Which knobs are considered good practice? Is it = experience, is it gut feeling, religion, ...? I would love to see a = documentation covering the pro and cons about every "knob" ... I do not = complain, I know, that is hard work and hard to accomplish. But any links to documents -besides the ones already mentioned- are = highly appreciated. E.g: excuse my ignorance, but should I stay with ... | www-jail> ldd `which nginx` | /usr/local/sbin/nginx: | libcrypt.so.5 =3D> /lib/libcrypt.so.5 (0x8008aa000) ..., or would there be an alternative in ports? libgcrypt? or? (All my = relevant services are run being compiled from ports, and within jails.) Thanks, sorry for eventually dumb questions, and regards, Michael=