Date: Sat, 22 Jan 2000 23:50:31 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Jeremy Lea <reg@FreeBSD.ORG> Cc: ports@FreeBSD.ORG Subject: Re: USA_OPENSSL Message-ID: <Pine.BSF.4.21.0001222332070.45620-100000@hub.freebsd.org> In-Reply-To: <20000122230114.K10368@shale.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 22 Jan 2000, Jeremy Lea wrote:
> If you want this to set variables which a port's Makefile can use then
> it must be included in bsd.port.pre.mk. This is the section enclosed in
> !defined(AFTERPORTMK) in bsd.port.mk. I'd suggest right at the end -
> after the setting of PREFIX.
Hmm, I thought I tried this, but perhaps other factors conspired against
me.
> > +.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.so)
> > +.if ${USE_OPENSSL} == RSA
> > +_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | ${GREP} RSA_free`"
> > +.if empty(_HASRSA)
>
> You test for .so and then use .a - this might lead to problems. Also,
> in bsd.port.pre.mk GREP is not available. Something like:
For consistency I probably should use both the same, but it won't matter -
if one exists the other does too.
> '>>>' is used to introduce stages in the make process. Messages are
> best just echoed.
Noted.
> > +CFLAGS+= -DNO_IDEA
>
> Is this good enough for some ports to detect if they can support IDEA
> based crypto (eg via GNU configure)? Maybe you need:
>
> OPENSSL_IDEA= no
This is the canonical way of signalling that IDEA code should not be
compiled in, but ports may not respect it (e.g. I had to patch the pipsecd
port to use #ifndef NO_IDEA around the relevant bits). We don't include
IDEA code for patent reasons (USA and international in some parts of the
world). I think I'll add the variable as well in case a port wants to do
something else.
> (bsd.port.mk uses lower case yes and no, unlike make.conf)
Okay
> > +LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl
> > +OPENSSLBASE= ${LOCALBASE}
> > +OPENSSLDIR= ${LOCALBASE}/openssl
> > +.endif
>
> What about people (there are some crazy ones :) who play with PREFIX?
A lot of ports currently depend on ${LOCALBASE}/bin/openssl..there doesn't
seem to be an easy way to locate the directory where openssl stores its
config.
> > +OPENSSLLIB= ${OPENSSLBASE}/lib
> > +OPENSSLINC= ${OPENSSLBASE}/include
> > +MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
> > + OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
>
> Do you also need to pass these to configure? Or are most configure
> scripts capable of working this out for themselves?
I'm passing these so that ports can use them appropriately. A lot of ports
(of the ones I've tested) hard-code ${LOCALBASE}/include for header files,
etc. Basically, all openssl-using ports will probably need to be patched
one way or another. :/
> > +
> > +.if defined(OPENSSL_RSAREF)
> > +OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref
> > +MAKE_ENV+= OPTLIB="${OPTLIB}"
> > +.endif
> >
> > .include <bsd.port.pre.mk>
>
> This would have to look like this, with the bsd.port.mk patch moved up
> into bsd.port.pre.mk:
>
> .include <bsd.port.pre.mk>
> +
> +.if defined(OPENSSL_RSAREF)
> +OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref
> +MAKE_ENV+= OPTLIB="${OPTLIB}"
> +.endif
>
> > ++INCDIR=-I$(OPENSSLINC)/openssl -I$(PREFIX)/include
>
> Why isn't OPENSSLINC=${OPENSSLBASE}/include/openssl?
Because the canonical way to include openssl headers is #include
<openssl/header.h>..not that all ports do this :)
> > ++LIBDIR=-L$(OPENSSLLIB)/lib
>
> LIBDIR= -L${OPNSSLLIB}
>
> All for now... Otherwise it looks good.
Thanks for the feedback..I'll see how I go.
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001222332070.45620-100000>