Page MenuHomeFreeBSD

Update BROKEN_SSL in ports
AbandonedPublic

Authored by brnrd on Sep 12 2018, 5:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Feb 7, 5:05 AM
Unknown Object (File)
Mon, Jan 29, 7:26 PM
Unknown Object (File)
Mon, Jan 29, 7:26 PM
Unknown Object (File)
Mon, Jan 29, 7:26 PM
Unknown Object (File)
Mon, Jan 29, 7:13 PM
Unknown Object (File)
Jan 19 2024, 2:29 AM
Unknown Object (File)
Dec 22 2023, 11:49 PM
Unknown Object (File)
Dec 21 2023, 8:10 PM
Subscribers

Details

Summary
Change BROKEN_SSL from openssl-devel to openssl111

 - security/openssl-devel has been deleted from ports
 - 1.1.1 is binary compatible with 1.1.0

Reviewed_by:
Differential_Revision: https://reviews.freebsd.orgD17136
Test Plan

OpenSSL 1.1.1 failures verified with https://keg.brnrd.eu/build.html?mastername=111amd64-default-openssl111&build=2018-08-14_10h01m04s

Could also merge these changes with D17834 but that deals with the ports framework and FreeBSD 12 & head. The fixes to ports already containing BROKEN_SSL is incomplete. Let me know if this is the desired approach.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 20624
Build 20044: arc lint + arc unit

Event Timeline

brnrd edited the test plan for this revision. (Show Details)
brnrd added reviewers: feld, rene.

LGTM overall, especially all the added reasons.

lang/php56/Makefile.ext
532

Does SSL_DEFAULT=openssl111 also imply that the port is broken with OpenSSL 1.1.0 or should that be added to the if statement?

lang/ruby23/Makefile
39

Unrelated change?

brnrd added inline comments.
lang/php56/Makefile.ext
532

The match is for openeel11 (2 ones) so it will match both openssl111 as well as openssl110.

lang/ruby23/Makefile
39

Correct. Reverted locally

brnrd marked 2 inline comments as done.

Can I go ahead and change this throughout the ports tree?

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

In D17136#379090, @bapt wrote:

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

So we can also just remove openssl-devel completely? Or upgrade and rename it to openssl111 to preserve history.

In D17136#379137, @rene wrote:
In D17136#379090, @bapt wrote:

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

So we can also just remove openssl-devel completely? Or upgrade and rename it to openssl111 to preserve history.

I'd be happy to remove security/openssl-devel.

security/openssl111 is a repo-copy of security/openssl-devel in rP479614: security/openssl111: Re-add OpenSSL 1.1.1 port which is after the update of security/openssl-devel to 1.1.0i. Subsequent commits to security/openssl-devel also affect or have been implemented in security/openssl111. In this way, security/openssl111 already preserves the history.
The security/openssl-devel is currently marked "deprecated" and directs users to use security/openssl111.

Given the above, I propose to:

  1. Add an item to MOVED
  2. svn rm security/openssl-devel
  3. Update Mk/Uses/ssl.mk to reflect removal of openssl-devel
  4. Update all ports depending on or broken with openssl-devel (ca. 100 ports)

Refresh diff after removal of security/openssl-devel

brnrd retitled this revision from Rename security/openssl-devel to openssl110 to Update BROKEN_SSL in ports.Nov 4 2018, 1:38 PM
brnrd edited the summary of this revision. (Show Details)
brnrd edited the test plan for this revision. (Show Details)