Date: Fri, 10 May 2013 13:50:50 +0000 From: "b.f." <bf1783@googlemail.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-ports@freebsd.org Subject: Re: ports/119546 Message-ID: <CAGFTUwNMV0M-PXY=DfRp59EoW2girdmWM6tni0ukCUZ%2BGz=Aog@mail.gmail.com> In-Reply-To: <518CEBB1.50109@netfence.it> References: <CAGFTUwNH6pb4B0QYw%2BYojwXRa-5FDszXugZ1-OttKZqyjqTT=g@mail.gmail.com> <518CEBB1.50109@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/10/13, Andrea Venturoli <ml@netfence.it> wrote:
> On 05/10/13 14:32, b.f. wrote:
>
>>> Would I screw too many things if I tried adding:
>>>> WITH_OPENSSL_BASE=yes
>>
>> Yes, because then the additions to the check-depends target in
>> ports/Mk/bsd.openssl.mk would cause unsandboxed builds of the port on
>> a live system to fail when security/openssl is installed. Adding
>> WITH_OPENSSL_BASE to port Makefiles should be avoided for this reason.
>
> Thanks for the answer, but I don't quite get this. Do you have any
> pointer for docs I can study?
I don't think so, other than the ports Makefiles. With regard to
bsd.openssl.mk, I was referring to:
59 .if defined(WITH_OPENSSL_BASE)
,,,
73 .if exists(${LOCALBASE}/lib/libcrypto.so)
74 check-depends::
75 @${ECHO_CMD} "Dependency error: this port wants the
OpenSSL library from the FreeBSD"
76 @${ECHO_CMD} "base system. You can't build against it,
while a newer"
77 @${ECHO_CMD} "version is installed by a port."
78 @${ECHO_CMD} "Please deinstall the port or undefine
WITH_OPENSSL_BASE."
79 @${FALSE}
80 .endif
>
> What's the purpose/usefulness of WITH_OPENSSL_BASE, then?
>
I'm afraid that it is not very useful, for the many people that use
security/openssl. We had hoped that it would work as originally
intended, but we found that many ports sloppily change the library
search paths for linking, so if security/openssl is installed, many
ports link to the libraries of the openssl port rather than the base
system openssl, even if WITH_OPENSSL_BASE is set. So the restrictive
checks in bsd.openssl.mk were added to prevent these kinds of
problems, even if they aren't needed in every specific case.
>
>
> Is there another simple solution?
You can try to work around the problem by not using USE_OPENSSL, but
instead adding the openssl dependencies, link line and rpath
additions, etc. in the port Makefile. A number of ports used to do
this, for various reasons. However, this should only be done when
necessary, to prevent the proliferation of ad hoc methods of using
openssl in the ports tree, which makes maintenance more difficult.
A real solution (probably as good a solution as we can arrive at
without investing a lot more time in patching many different ports, or
fundamentally changing the way that we handle linking) would be to
change the openssl port and bsd.openssl,mk to install the
security/openssl libraries in a location other than ${LOCALBASE}/lib
(as in the parallel case of the compiler support libraries used by the
lang/gcc* ports that conflict with some base system libraries), so
that it would be more difficult to accidentally link to them, and so
the -L and -rpath directives in bsd.openssl.mk would have fewer
unintended side effects. Then some of the restrictive checks in
bsd.openssl.mk could be relaxed.
b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGFTUwNMV0M-PXY=DfRp59EoW2girdmWM6tni0ukCUZ%2BGz=Aog>