LibreSSL infects ports, causes problems

Baptiste Daroussin bapt at FreeBSD.org
Thu Apr 9 15:56:56 UTC 2015


On Thu, Apr 09, 2015 at 05:53:45PM +0200, Christian Weisgerber wrote:
> Baptiste Daroussin:
> 
> > Some how you have mixed up things between base openssl and libressl, when
> > starting to activate libressl if you are using ports only you have to be extra
> > careful, (same goes with ncurses or ports openssl) just installing those ports
> > is enough to "pollute" nearly anything you build after with a dependency on it
> > (well anything that does link to libssl, libcrypto)
> 
> Well, yes, that's what I said.  It's a bug.
> 
> > If it very complicated and
> > error prone to cherry pick "only take base openssl here, only ports openssl
> > there" the only "safe" way to solve this situation and being consistent is to
> > always skip the version from base and enforce the version for ports. (the
> > otherway around is impossible - very complicated)
> 
> And the addition of LibreSSL as a not-quite-equivalent alternative
> to ports OpenSSL makes this even more complicated.  You can expect
> things coming out of OpenBSD (like new versions of net/openntpd)
> to require LibreSSL, because it includes a new library libtls that
> doesn't exist in OpenSSL.  In the meantime, LibreSSL has removed
> some of the more horrific APIs of OpenSSL, which means some ports
> will not build against LibreSSL as is.  Like python27.  Fixes for
> these problems can be picked from the OpenBSD ports tree, if we
> want to.
> 
> It's kind of hard to fix such problems if there is no clear policy
> how things are supposed to work in the first place.
> 

I'm and other are working on a policy about that: always enforce openssl from
ports with just a flag to say I want openssl or I want libressl but not both,
would apply to others libs that behave the same way but I have limited time on
this any one who wants to work on that is welcome :)

Best regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20150409/482579d9/attachment.sig>


More information about the freebsd-ports mailing list