www/firefox really depends on security/openssl?
Yuri
yuri at rawbw.com
Tue May 12 10:52:14 UTC 2015
On 05/12/2015 02:25, Dr. Peter Voigt wrote:
> Therefore I conclude:
>
> - Installing binary packages with pkg does not honor the
> WITH_OPENSSL_BASE=yes switch. Is there another place to tell pkg to
> use base openssl when doing binary installations?
Binary packages are built with default choices for port options. These
choices are fixed, and don't depend on your choice of
WITH_OPENSSL_BASE=yes in ports.
Also this option WITH_OPENSSL_BASE=yes should be deprecated ASAP in all
ports, except maybe very few.
>
> - If port openssl is not present on a system, any dependency to openssl
> is not detected by porttree.
OpenSSL is an oddball, because USE_OPENSSL is interpreted in a weird way
that it tries to detect its port presence and link with it, so standard
packages are often built with base SSL which is a problem.
This has been discussed, but I am not sure of when this will be fixed.
In short, as I also mentioned before, you won't be able to get rid of
OpenSSL port because some packages require it unconditionally. So the
best strategy is to use OpenSSL port for everything. You will likely be
successful if you build them yourself from ports, and fix places where
base SSL comes into play.
Yuri
More information about the freebsd-ports
mailing list