Date: Wed, 6 Apr 2016 10:06:41 -0400 From: Jim Ohlstein <jim@ohlste.in> To: Kurt Jaeger <lists@opsec.eu>, =?UTF-8?Q?Martin_Waschb=c3=bcsch?= <martin@waschbuesch.de> Cc: ports@freebsd.org, Michelle Sullivan <michelle@sorbs.net> Subject: Re: Committer needed for PR 208029 Message-ID: <570517F1.5020305@ohlste.in> In-Reply-To: <20160406044431.GO35640@home.opsec.eu> References: <498CA3F8-15EF-45BD-880C-241F83CBE3DD@waschbuesch.de> <20160405185159.GK35640@home.opsec.eu> <20160405200835.GM35640@home.opsec.eu> <57042958.5010701@sorbs.net> <C96569DA-ADC5-4BE0-819A-7375C3F50D8E@waschbuesch.de> <20160406044431.GO35640@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
On 4/6/16 12:44 AM, Kurt Jaeger wrote:
> Hi!
>
>> Actually, I just noticed (when compiling the port), that the Makefile now says:
>>
>> WITH_OPENSSL_PORT=yes
>
> Yes, sorry, my fault. Fixed, and as suggested by mat: It is
> now as IGNORE with a message explaining how to do it for 9.x.
>
This is much ado about nothing. The "WITH_OPENSSL_PORT" option is there
for just this purpose and is used in many ports. There's no reason some
binaries can't be linked to one version of OpenSSL and others to
another, so long as they aren't expected to work as one (I'd imagine a
dynamically loaded module that is linked to a different library might
cause a problem). That is the reason that ports contains a more current
version than base. This is from the ports/www directory:
# grep WITH_OPENSSL_PORT */Makefile
aws/Makefile:WITH_OPENSSL_PORT= yes
drood/Makefile:WITH_OPENSSL_PORT= yes
h2o/Makefile:WITH_OPENSSL_PORT= no
h2o/Makefile:WITH_OPENSSL_PORT= yes
mod_tsa/Makefile:WITH_OPENSSL_PORT= yes
nginx-devel/Makefile:WITH_OPENSSL_PORT= yes
nginx-devel/Makefile:WITH_OPENSSL_PORT= yes
nginx/Makefile:WITH_OPENSSL_PORT= yes
nginx/Makefile:WITH_OPENSSL_PORT= yes
obhttpd/Makefile:WITH_OPENSSL_PORT=yes
owncloud/Makefile:WITH_OPENSSL_PORT= yes
spdylay/Makefile:.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT)
tengine/Makefile:WITH_OPENSSL_PORT= yes
tomcat-native/Makefile:WITH_OPENSSL_PORT= yes
I'm sure there are dozens of others.
Forcing users who want to use this port to use OpenSSL from ports for
ALL ports is overkill.
Think about official packages. Are ALL packages built against OpenSSL
from ports, or only those that need them? It's the latter, of course.
Are they incompatible in production? No.
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570517F1.5020305>