Date: Wed, 6 Feb 2019 17:32:33 -0500 From: Nick Rogers <ncrogers@gmail.com> To: Kevin Oberman <rkoberman@gmail.com> Cc: "ports@FreeBSD.org" <ports@freebsd.org> Subject: Re: Using LibreSSL with only one or a subset of all installed ports Message-ID: <CAKOb=YZ7-KKTFg_gG8uO5g6zPUqP4RYeKENFe98iUBvdtuKwWQ@mail.gmail.com> In-Reply-To: <CAN6yY1t%2BPBgrb_-6ffonrWQGi7E7bKQe3r-QmUyVtQy3xSYqzg@mail.gmail.com> References: <CAKOb=YbGuYBQ9kMPn%2Bw6V4GRGUSkZGwpyrctuN-u4r_k41uiTA@mail.gmail.com> <CAN6yY1t%2BPBgrb_-6ffonrWQGi7E7bKQe3r-QmUyVtQy3xSYqzg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 6, 2019 at 1:59 PM Kevin Oberman <rkoberman@gmail.com> wrote:
> On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers <ncrogers@gmail.com> wrote:
>
>> I am wondering if it is wise or possible to use libressl for only a single
>> installed port, while continuing to use OpenSSL from Base for all
>> remaining
>> installed ports. I would like to do this in order to get around the fact
>> that lang/phantomjs does not compile against openssl 1.1.x due to API
>> changes, and fixing it is less than trivial. However, I am not quite ready
>> to switch other ports to LibreSSL.
>>
>> My thought was to use the following approach in make.conf when building
>> via
>> poudriere.
>>
>> .if ${.CURDIR:M*/lang/phantomjs}
>> DEFAULT_VERSIONS+= ssl=libressl
>> .endif
>>
>> I am hoping for some advice as to whether or not this will work, or if its
>> a terrible idea, or if there is perhaps a better way to toggle libressl
>> per-port. All the port documentation I can find suggests an outright
>> switch
>> to libressl for all ports, so I am concerned there is something I am
>> missing that will not be happy?
>>
>
> Along this path lies madness! Not that it can't work, but it is very
> dangerous and likely to get more complicated over time.
>
> The problem is with having multiple sharable libraries (.so) of the same
> name. The loader will refuse to load an executable if it attempts to load
> two or more shareable libraries that have a common name as it is not
> possible to determine which library to use for any reverence. If phantomjs
> calls ssl routines directly and also is linked to a shareable that is
> linked to either the openssl port installed shareable or the base system
> shareable, the code will not load. As linkages grow more and more complex,
> this tends to turn into a real rats nest.
>
> I'm not saying that it can't be done, but you have to know all of the
> linkages and be very sure that there are no conflicts.
>
Thanks for the input. I currently exclusively use OpenSSL in base, so I was
hoping there was something sane and similar to control using base vs.
security/openssl, like the WITH_OPENSSL_PORT and WITH_OPENSSL_BASE knobs,
only for libressl. It looks like security/openssl is still on 1.0, so I
might be able to get phantomjs working with security/openssl and continue
using base for other ports.
--
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman@gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKOb=YZ7-KKTFg_gG8uO5g6zPUqP4RYeKENFe98iUBvdtuKwWQ>