Using LibreSSL with only one or a subset of all installed ports

[Kevin Oberman]

On Wed, Feb 6, 2019 at 7:55 AM Nick Rogers <ncrogers at gmail.com> wrote:

> I am wondering if it is wise or possible to use libressl for only a single
> installed port, while continuing to use OpenSSL from Base for all remaining
> installed ports. I would like to do this in order to get around the fact
> that lang/phantomjs does not compile against openssl 1.1.x due to API
> changes, and fixing it is less than trivial. However, I am not quite ready
> to switch other ports to LibreSSL.
>
> My thought was to use the following approach in make.conf when building via
> poudriere.
>
> .if ${.CURDIR:M*/lang/phantomjs}
> DEFAULT_VERSIONS+= ssl=libressl
> .endif
>
> I am hoping for some advice as to whether or not this will work, or if its
> a terrible idea, or if there is perhaps a better way to toggle libressl
> per-port. All the port documentation I can find suggests an outright switch
> to libressl for all ports, so I am concerned there is something I am
> missing that will not be happy?
>

Along this path lies madness! Not that it can't work, but it is very
dangerous and likely to get more complicated over time.

The problem is with having multiple sharable libraries (.so) of the same
name. The loader will refuse to load an executable if it attempts to load
two or more shareable libraries that have a common name as it is not
possible to determine which library to use for any reverence. If phantomjs
calls ssl routines directly and also is linked to a shareable that is
linked to either the openssl port installed shareable or the base system
shareable, the code will not load. As linkages grow more and more complex,
this tends to turn into a real rats nest.

I'm not saying that it can't be done, but you have to know all of the
linkages and be very sure that there are no conflicts.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683