Making a port to use OpenSSL of ports collection on FreeBSD 11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x

Yasuhiro Kimura yasu at utahime.org
Fri May 7 01:23:17 UTC 2021 

From: Stefan Esser <se at freebsd.org>
Subject: Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x,Re: Making a port to use OpenSSL of ports collection on FreeBSD 11.x
Date: Wed, 5 May 2021 18:55:47 +0200

>> You misunderstand my intention. What I would like to do is to make a
>> port use security/openssl instead of base OpenSSL even if user sets
>> 'DEFAULT_VERSIONS+=ssl=base' in /etc/make.conf (or user doesn't
>> customize setting about ssl at all).
> 
> You can mark the port as broken if the user has selected "base" and
> this is incompatible with the port's requirements. E.g.:
> 
> .include <bsd.port.pre.mk>
> 
> .if ${SSL_DEFAULT} == base
> BROKEN_FreeBSD_11=      OpenSSL 1.1 required
> .endif
> 
> .include <bsd.port.post.mk>
> 
> You can of course add a better message, and the user can decide to
> try the compilation again after changing the default. But this will
> of course prevent the building of official packages for FreeBSD-11.
> 
>> As I wrote previous mail, if 'USES=python:3.8+' is specified in
>> Makefile of a port, lang/python38 is used for the port event if user
>> adds 'DEFAULT_VERSIONS+=python=3.7' in /etc/make.conf. I'm looking for
>> similar way about ssl setting.
> 
> You could add a dependency on the openssl port and make sure, that
> the port's include file and library is used in preference of the
> base version on FreeBSD-11.
> 
> But you have to consider the risk of mixing references to the base and
> the ports version in one binary (e.g. other libraries are linked in that
> had been built against the base version).

Thank you for explanation. The risk certainly cannot be ignored. So
the best practice is

1. Mark BROKEN if system is FreeBSD 11.x and SSL_DEFAULT is base.
2. For uses who want to used a port on FreeBSD 11.x with base OpenSSL,
   copy it to other name before updating it.

And before I came to this conclusion, I noticed that the port in
question was already updated exactly this way;-).

---
Yasuhiro Kimura

More information about the freebsd-ports mailing list