Re: git: 9ddf7a912155 - main - devel/uv: Make the selected TLS provider use the system default truststore

From: Adam Weinberger <adamw_at_adamw.org>
Date: Tue, 04 Nov 2025 14:12:05 UTC 
On Mon, Nov 3, 2025 at 3:17 PM Michael Osipov <michaelo@freebsd.org> wrote:

> On 2025-11-03 20:26, Adam Weinberger wrote:
> > On Mon, Nov 3, 2025 at 3:28 AM Yuri Victorovich <yuri@freebsd.org
> > <mailto:yuri@freebsd.org>> wrote:
> >
> >     The branch main has been updated by yuri:
> >
> >     URL: https://cgit.FreeBSD.org/ports/commit/?
> >     id=9ddf7a9121551186f4673f756905dae2f58589c3 <https://
> >     deu01.safelinks.protection.outlook.com/?
> >     url=https%3A%2F%2Fcgit.freebsd.org
> %2Fports%2Fcommit%2F%3Fid%3D9ddf7a9121551186f4673f756905dae2f58589c3&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107157712%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WnMThNV1DttPxHmSrMwAQzUqKpJX%2B3UED%2BBCtka%2FOlg%3D&reserved=0>
> >
> >     commit 9ddf7a9121551186f4673f756905dae2f58589c3
> >     Author:     Michael Osipov <michaelo@FreeBSD.org>
> >     AuthorDate: 2025-11-03 08:25:19 +0000
> >     Commit:     Yuri Victorovich <yuri@FreeBSD.org>
> >     CommitDate: 2025-11-03 08:28:36 +0000
> >
> >          devel/uv: Make the selected TLS provider use the system default
> >     truststore
> >
> >          Differential Revision: https://reviews.freebsd.org/D53490
> >     <https://deu01.safelinks.protection.outlook.com/?
> >     url=https%3A%2F%2Freviews.freebsd.org
> %2FD53490&data=05%7C02%7Cmichael.osipov%40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107175316%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WDXtdP0HdwePUN0%2Fv0TNqi453gs1u1384gS%2FoMR0uKk%3D&reserved=0>
> >     ---
> >       devel/uv/Makefile                                  |  1 +
> >       ...tch-cargo-crates_openssl-probe-0.1.6_src_lib.rs <https://
> >     deu01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftch-cargo-
> >     crates_openssl-
> >     probe-0.1.6_src_lib.rs%2F&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com%7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107185659%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=2CYvv2X7bEWHMU5IAObKfx6Foif4JvWgNDghGVuqwNI%3D&reserved=0>
> | 50 ++++++++++++++++++++++
> >       2 files changed, 51 insertions(+)
> >
> >     diff --git a/devel/uv/Makefile b/devel/uv/Makefile
> >     index 9d00841e4646..1647f3bc6d14 100644
> >     --- a/devel/uv/Makefile
> >     +++ b/devel/uv/Makefile
> >     @@ -1,5 +1,6 @@
> >       PORTNAME=      uv
> >       DISTVERSION=   0.9.6
> >     +PORTREVISION=  1
> >       CATEGORIES=    devel
> >
> >       MAINTAINER=    yuri@FreeBSD.org
> >     diff --git a/devel/uv/files/patch-cargo-crates_openssl-
> >     probe-0.1.6_src_lib.rs <https://
> >     deu01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpatch-
> >     cargo-crates_openssl-
> >     probe-0.1.6_src_lib.rs%2F&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com%7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107195851%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WlUTgg%2FLHS28i1X71Uby9bCGl6V6XV2Fsue7A1780Wc%3D&reserved=0>
> b/devel/uv/files/patch-cargo-crates_openssl-probe-0.1.6_src_lib.rs <
> https://deu01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpatch-cargo-crates_openssl-probe-0.1.6_src_lib.rs%2F&data=05%7C02%7Cmichael.osipov%40innomotics.com%7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107205989%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=kftwZHGDZNGq1%2Fcl721LYtccLe6UnCADxm52UJ%2BPD%2BA%3D&reserved=0
> >
> >     new file mode 100644
> >     index 000000000000..e51f27bc248a
> >     --- /dev/null
> >     +++ b/devel/uv/files/patch-cargo-crates_openssl-
> >     probe-0.1.6_src_lib.rs <https://
> >     deu01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpatch-
> >     cargo-crates_openssl-
> >     probe-0.1.6_src_lib.rs%2F&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107216200%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=S0jGM%2F%2FPoU3E9gijQn%2ByMFF4t9NSsegkve%2FnGn08QWc%3D&reserved=0>
> >     @@ -0,0 +1,50 @@
> >     +--- cargo-crates/openssl-probe-0.1.6/src/lib.rs <https://
> >     deu01.safelinks.protection.outlook.com/?
> >     url=http%3A%2F%2Flib.rs%2F&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107225908%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=BoFOHetkziWYotPytq7a8NlqVRwGToOniA2R3qVbgiU%3D&reserved=0>
> >     ++++ cargo-crates/openssl-probe-0.1.6/src/lib.rs <https://
> >     deu01.safelinks.protection.outlook.com/?
> >     url=http%3A%2F%2Flib.rs%2F&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107235819%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=%2F592EOgE%2FZRzbEpO%2BvUmBM%2F0Ood3l0oi47SxhHdR5Z4%3D&reserved=0>
> >     +@@ -26,6 +26,7 @@ pub fn find_certs_dirs() -> Vec<PathBuf> {
> >
> >     ++#[cfg(target_os = "freebsd")]
> >     ++pub fn candidate_cert_dirs() -> impl Iterator<Item = &'static
> Path> {
> >     ++    // see manpage of certctl(8): https://man.freebsd.org/cgi/
> >     man.cgi?query=certctl&sektion=8 <https://
> >     deu01.safelinks.protection.outlook.com/?
> >     url=https%3A%2F%2Fman.freebsd.org
> %2Fcgi%2Fman.cgi%3Fquery%3Dcertctl%26sektion%3D8&data=05%7C02%7Cmichael.osipov%
> 40innomotics.com
> %7C9141d29c91ef4d35007208de1b0eee07%7C698c6ffb74e34a84be68f22d8d3201a3%7C0%7C0%7C638977948107245126%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=fpWlbws2Iv0uFNmgs5LG7hPVmcRUqhvpcwnwsfBoebM%3D&reserved=0>
> >     ++    // see security/openssl* ports
> >     ++    [
> >     ++        "/etc/ssl",
> >     ++        "/usr/local/etc/ssl",
> >     ++        "/usr/local/openssl",
> >     ++    ]
> >     ++    .iter()
> >     ++    .map(Path::new)
> >     ++    .filter(|p| p.exists())
> >     ++}
> >
> >
> > Hi Yuri,
> >
> > Great work! You probably want %%LOCALBASE%% there instead of
> > hardcoding /usr/local.
>
> That's actually my work. While %%LOCALBASE%% sounds tempting the
> downstream patch will go way as soon as the upstream patch has been
> accepted [1]. Note that even the current code does not contain any patc
> for the openssl-probe create and this affects numerous ports.
>
> Leave as-is.
>
> M
>
> [1] https://github.com/rustls/openssl-probe/pull/39
>

I'm having trouble getting behind your argument here. I agree that upstream
wants /usr/local hardcoded, so that people building outside of ports have a
most-likely-working build. But that doesn't negate our responsibility to
respect end users' settings. If a particular REINPLACE_CMD needs to happen
for a hundred ports, then what about a USES?


-- 
Adam Weinberger
adamw@adamw.org