git: 527821a60c9f - main - security/libgcrypt: Make static an option

Cy Schubert cy at FreeBSD.org
Sun May 23 03:41:38 UTC 2021 

The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=527821a60c9f2e706a0549ac23c8ddc6d8b778c3

commit 527821a60c9f2e706a0549ac23c8ddc6d8b778c3
Author:     Cy Schubert <cy at FreeBSD.org>
AuthorDate: 2021-05-23 03:36:23 +0000
Commit:     Cy Schubert <cy at FreeBSD.org>
CommitDate: 2021-05-23 03:41:32 +0000

    security/libgcrypt: Make static an option
    
    Static linked binaries, due to the fact that they're statically linked,
    can pose a security risk should a library be updated and depending
    software not be recompiled and linked. This was a hot topic on BUGTRAQ
    about 25 years ago.
    
    The default is to build static libraries so as not to alter the package
    avoiding a POLA violation.
    
    PR:             255735
    Submitted by:   Daniel Engberg <daniel.engberg.lists at pyret.net> (mostly)
    Reported by:    Daniel Engberg <daniel.engberg.lists at pyret.net>
    Reviewed by:    cy
    Tested by:      cy
    MFH:            2021Q2
---
 security/libgcrypt/Makefile  | 8 ++++++--
 security/libgcrypt/pkg-plist | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile
index 50bdb9691697..6e3635f6977e 100644
--- a/security/libgcrypt/Makefile
+++ b/security/libgcrypt/Makefile
@@ -17,7 +17,7 @@ USES=		cpe libtool makeinfo tar:bzip2
 CPE_VENDOR=	gnupg
 USE_CSTD=	gnu89
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--disable-drng-support --enable-static=yes
+CONFIGURE_ARGS=	--disable-drng-support
 CONFIGURE_ENV=	MAKEINFO="${MAKEINFO} --no-split"
 CONFIGURE_TARGET=${ARCH:S/amd64/x86_64/}-portbld-${OPSYS:tl}${OSREL}
 USE_LDCONFIG=	yes
@@ -28,7 +28,11 @@ DOCS=		AUTHORS ChangeLog ChangeLog-2011 INSTALL NEWS THANKS TODO \
 INFO=		gcrypt
 PORTDOCS=	*
 
-OPTIONS_DEFINE=	DOCS
+OPTIONS_DEFINE=		DOCS STATIC
+OPTIONS_DEFAULT=	DOCS STATIC
+OPTIONS_SUB=	yes
+
+STATIC_CONFIGURE_ENABLE=	static
 
 .include <bsd.port.options.mk>
 
diff --git a/security/libgcrypt/pkg-plist b/security/libgcrypt/pkg-plist
index b09d7fdf9bf5..00796bc75bb1 100644
--- a/security/libgcrypt/pkg-plist
+++ b/security/libgcrypt/pkg-plist
@@ -3,7 +3,7 @@ bin/dumpsexp
 bin/hmac256
 bin/libgcrypt-config
 include/gcrypt.h
-lib/libgcrypt.a
+%%STATIC%%lib/libgcrypt.a
 lib/libgcrypt.so
 lib/libgcrypt.so.20
 lib/libgcrypt.so.20.3.3

More information about the dev-commits-ports-all mailing list