Date: Fri, 10 May 2013 13:50:50 +0000 From: "b.f." <bf1783@googlemail.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-ports@freebsd.org Subject: Re: ports/119546 Message-ID: <CAGFTUwNMV0M-PXY=DfRp59EoW2girdmWM6tni0ukCUZ%2BGz=Aog@mail.gmail.com> In-Reply-To: <518CEBB1.50109@netfence.it> References: <CAGFTUwNH6pb4B0QYw%2BYojwXRa-5FDszXugZ1-OttKZqyjqTT=g@mail.gmail.com> <518CEBB1.50109@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/10/13, Andrea Venturoli <ml@netfence.it> wrote: > On 05/10/13 14:32, b.f. wrote: > >>> Would I screw too many things if I tried adding: >>>> WITH_OPENSSL_BASE=yes >> >> Yes, because then the additions to the check-depends target in >> ports/Mk/bsd.openssl.mk would cause unsandboxed builds of the port on >> a live system to fail when security/openssl is installed. Adding >> WITH_OPENSSL_BASE to port Makefiles should be avoided for this reason. > > Thanks for the answer, but I don't quite get this. Do you have any > pointer for docs I can study? I don't think so, other than the ports Makefiles. With regard to bsd.openssl.mk, I was referring to: 59 .if defined(WITH_OPENSSL_BASE) ,,, 73 .if exists(${LOCALBASE}/lib/libcrypto.so) 74 check-depends:: 75 @${ECHO_CMD} "Dependency error: this port wants the OpenSSL library from the FreeBSD" 76 @${ECHO_CMD} "base system. You can't build against it, while a newer" 77 @${ECHO_CMD} "version is installed by a port." 78 @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." 79 @${FALSE} 80 .endif > > What's the purpose/usefulness of WITH_OPENSSL_BASE, then? > I'm afraid that it is not very useful, for the many people that use security/openssl. We had hoped that it would work as originally intended, but we found that many ports sloppily change the library search paths for linking, so if security/openssl is installed, many ports link to the libraries of the openssl port rather than the base system openssl, even if WITH_OPENSSL_BASE is set. So the restrictive checks in bsd.openssl.mk were added to prevent these kinds of problems, even if they aren't needed in every specific case. > > > Is there another simple solution? You can try to work around the problem by not using USE_OPENSSL, but instead adding the openssl dependencies, link line and rpath additions, etc. in the port Makefile. A number of ports used to do this, for various reasons. However, this should only be done when necessary, to prevent the proliferation of ad hoc methods of using openssl in the ports tree, which makes maintenance more difficult. A real solution (probably as good a solution as we can arrive at without investing a lot more time in patching many different ports, or fundamentally changing the way that we handle linking) would be to change the openssl port and bsd.openssl,mk to install the security/openssl libraries in a location other than ${LOCALBASE}/lib (as in the parallel case of the compiler support libraries used by the lang/gcc* ports that conflict with some base system libraries), so that it would be more difficult to accidentally link to them, and so the -L and -rpath directives in bsd.openssl.mk would have fewer unintended side effects. Then some of the restrictive checks in bsd.openssl.mk could be relaxed. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGFTUwNMV0M-PXY=DfRp59EoW2girdmWM6tni0ukCUZ%2BGz=Aog>