Request for Features: Ports Re-engineering

David Wood david at
Mon Dec 17 09:20:14 PST 2007

Dear all,

In message <47667E17.6030004 at>, Stephen 
Montgomery-Smith <stephen at> writes
>One thing to look at is package building.  I don't know how they build 
>the official packages, but my guess is that they build each one from a 
>clean system.  But, for example, you have tons of little ports each 
>depending on xorg-server, and to rebuild xorg-server for each little 
>port must be a real burden.
>On the other hand some ports really need to be built from a clean 
>system.  Some of them autodetect ports that are already installed, and 
>then change options appropriately.  (Maybe some of the multimedia ports 
>like vlc do this.)  My guess is that this is to some extent unavoidable 
>because the "configure" script in the port build process probably does 
>this as well.  Anyway, perhaps this autodetecting of ports to provide 
>options needs to be built into the system in a systematic manner.

One example of ports that change their dependencies depending on what is 
already installed is OpenSSL. ensures that if the 
security/openssl port is available, it will be used by ports instead of 
OpenSSL from the base system.

Because of the rules of a stable branch, the base OpenSSL on many 
machines is quite old; it's kept up to date with security patches, but 
that's it. Before I build anything else on a machine, I install 
ports-mgmt/portconf and set ports.conf to build OpenSSL 0.9.8, then I 
build security/openssl before building anything else.

On one system I'm logged into at the moment:

[david at titanium ~]$ uname -prs
FreeBSD 6.2-RELEASE-p9 i386
[david at titanium ~]$ openssl version
OpenSSL 0.9.7e-p1 25 Oct 2004
[david at titanium ~]$ /usr/local/bin/openssl version
OpenSSL 0.9.8g 19 Oct 2007
[david at titanium ~]$ pkg_info -R 'openssl-*'
Information for openssl-0.9.8g:

Required by:

Some of those are not direct dependencies.

7.x has rather more up to date OpenSSL in the base system, but it's 
still not the latest version (csup followed by rebuilding kernel and 
world about a week ago):

[david at osmium ~]$ uname -prs
FreeBSD 7.0-BETA4 i386
[david at osmium ~]$ openssl version
OpenSSL 0.9.8e 23 Feb 2007
[david at osmium ~]$ /usr/local/bin/openssl version
OpenSSL 0.9.8g 19 Oct 2007

This is just one example of the complexities that can arise with server 
ports. My main use for FreeBSD is as a server OS.

I maintain net/freeradius and there's a PR being worked on by a 
committer for net/freeradius-devel (for FreeRADIUS 2.0.0-pre). (You can 
see that port installed on 'titanium').

FreeRADIUS depends on OpenSSL (base or ports), and can depend on the 
clients of OpenLDAP, MySQL, PostgreSQL, Firebird, Oracle (I've got 
someone who's looking at creating an Oracle patch even though it's not 
currently supported) as well as Heimdal or MIT Kerberos 5. Throw in the 
dependencies of those clients, and things start to get complicated quite 

The FreeBSD mail system that I'm working on that is likely to take over 
from my Windows based mail system is another example of complex 
dependencies. It's built around Postfix, Dovecot and amavisd-new.

I have Postfix depending on Dovecot for authenticated SMTP SASL logins 
from users and Cyrus-SASL for authenticated SMTP sending to a smarthost, 
also OpenSSL for TLS/SSL, PCRE for regex support in the configuration 
and the MySQL client for reading my database tables.

Dovecot has similarly complicated dependencies in many people's systems.

amavisd-new typically has many levels of dependencies - it usually 
depends on p5-Mail-SpamAssassin, which in turn usually depends on gnupg, 
which in turn usually depends on openldap23-client!

By the time you're using LDAP, one or more SQL databases, SASL and 
Berkeley DB across your server, the dependencies can be many levels 

Best wishes,

David Wood
david at

More information about the freebsd-ports mailing list