Request for Features: Ports Re-engineering

Garrett Cooper youshi10 at
Mon Dec 17 11:15:47 PST 2007

On Dec 17, 2007, at 9:19 AM, David Wood wrote:

> Dear all,
> In message <47667E17.6030004 at>, Stephen Montgomery- 
> Smith <stephen at> writes
>> One thing to look at is package building.  I don't know how they  
>> build the official packages, but my guess is that they build each  
>> one from a clean system.  But, for example, you have tons of  
>> little ports each depending on xorg-server, and to rebuild xorg- 
>> server for each little port must be a real burden.
>> On the other hand some ports really need to be built from a clean  
>> system.  Some of them autodetect ports that are already installed,  
>> and then change options appropriately.  (Maybe some of the  
>> multimedia ports like vlc do this.)  My guess is that this is to  
>> some extent unavoidable because the "configure" script in the port  
>> build process probably does this as well.  Anyway, perhaps this  
>> autodetecting of ports to provide options needs to be built into  
>> the system in a systematic manner.
> One example of ports that change their dependencies depending on  
> what is already installed is OpenSSL. ensures that  
> if the security/openssl port is available, it will be used by ports  
> instead of OpenSSL from the base system.
> Because of the rules of a stable branch, the base OpenSSL on many  
> machines is quite old; it's kept up to date with security patches,  
> but that's it. Before I build anything else on a machine, I install  
> ports-mgmt/portconf and set ports.conf to build OpenSSL 0.9.8, then  
> I build security/openssl before building anything else.
> On one system I'm logged into at the moment:
> [david at titanium ~]$ uname -prs
> FreeBSD 6.2-RELEASE-p9 i386
> [david at titanium ~]$ openssl version
> OpenSSL 0.9.7e-p1 25 Oct 2004
> [david at titanium ~]$ /usr/local/bin/openssl version
> OpenSSL 0.9.8g 19 Oct 2007
> [david at titanium ~]$ pkg_info -R 'openssl-*'
> Information for openssl-0.9.8g:
> Required by:
> apcupsd-3.14.2
> freeradius-2.0.0.p2
> libchk-1.9
> mysql-client-5.0.51
> neon-0.26.4
> net-snmp-5.3.1_7
> openldap-client-2.3.39
> portupgrade-2.3.1,2
> postgresql-client-7.4.18
> ruby-,1
> ruby18-bdb44-0.6.2
> samba-3.0.28,1
> subversion-1.4.4_1
> svn2cl-0.9
> svn_load_dirs-1.4.3
> svndelta-1.0.6
> wireshark-0.99.6
> Some of those are not direct dependencies.
> 7.x has rather more up to date OpenSSL in the base system, but it's  
> still not the latest version (csup followed by rebuilding kernel  
> and world about a week ago):
> [david at osmium ~]$ uname -prs
> FreeBSD 7.0-BETA4 i386
> [david at osmium ~]$ openssl version
> OpenSSL 0.9.8e 23 Feb 2007
> [david at osmium ~]$ /usr/local/bin/openssl version
> OpenSSL 0.9.8g 19 Oct 2007
> This is just one example of the complexities that can arise with  
> server ports. My main use for FreeBSD is as a server OS.
> I maintain net/freeradius and there's a PR being worked on by a  
> committer for net/freeradius-devel (for FreeRADIUS 2.0.0-pre). (You  
> can see that port installed on 'titanium').
> FreeRADIUS depends on OpenSSL (base or ports), and can depend on  
> the clients of OpenLDAP, MySQL, PostgreSQL, Firebird, Oracle (I've  
> got someone who's looking at creating an Oracle patch even though  
> it's not currently supported) as well as Heimdal or MIT Kerberos 5.  
> Throw in the dependencies of those clients, and things start to get  
> complicated quite rapidly.
> The FreeBSD mail system that I'm working on that is likely to take  
> over from my Windows based mail system is another example of  
> complex dependencies. It's built around Postfix, Dovecot and  
> amavisd-new.
> I have Postfix depending on Dovecot for authenticated SMTP SASL  
> logins from users and Cyrus-SASL for authenticated SMTP sending to  
> a smarthost, also OpenSSL for TLS/SSL, PCRE for regex support in  
> the configuration and the MySQL client for reading my database tables.
> Dovecot has similarly complicated dependencies in many people's  
> systems.
> amavisd-new typically has many levels of dependencies - it usually  
> depends on p5-Mail-SpamAssassin, which in turn usually depends on  
> gnupg, which in turn usually depends on openldap23-client!
> By the time you're using LDAP, one or more SQL databases, SASL and  
> Berkeley DB across your server, the dependencies can be many levels  
> deep.
> Best wishes,
> David
> -- 
> David Wood
> david at

This was one of my deliverables for SoC (the lower prio one).  
Basically, everything in the base system which has a port equivalent  
needs to have a psuedo package created to help discern which binary  
the user would want installed and functioning on their system.

For everything which is depended upon for building, I think that the  
port should have an added knob in the config to "use non-base  
libraries" when building ports / packages, such that the proper  
options get passed to configure, then to gcc. Doing this (now that I  
think about it) may open an unwanted pandora's box of issues, such  
base and port packages which are depended upon should not be  
installed at any one time (openssl for instance). As for leaf  
packages such as openssh, this shouldn't be a problem..


More information about the freebsd-ports mailing list