Page MenuHomeFreeBSD

Update BROKEN_SSL in ports
AbandonedPublic

Authored by brnrd on Sep 12 2018, 5:34 PM.

Details

Summary
Change BROKEN_SSL from openssl-devel to openssl111

 - security/openssl-devel has been deleted from ports
 - 1.1.1 is binary compatible with 1.1.0

Reviewed_by:
Differential_Revision: https://reviews.freebsd.orgD17136
Test Plan

OpenSSL 1.1.1 failures verified with https://keg.brnrd.eu/build.html?mastername=111amd64-default-openssl111&build=2018-08-14_10h01m04s

Could also merge these changes with D17834 but that deals with the ports framework and FreeBSD 12 & head. The fixes to ports already containing BROKEN_SSL is incomplete. Let me know if this is the desired approach.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 20624
Build 20044: arc lint + arc unit

Event Timeline

brnrd created this revision.Sep 12 2018, 5:34 PM
brnrd edited the summary of this revision. (Show Details)Sep 12 2018, 5:38 PM
brnrd edited the test plan for this revision. (Show Details)
brnrd added reviewers: feld, rene.
rene added a comment.Oct 23 2018, 7:44 PM

LGTM overall, especially all the added reasons.

lang/php56/Makefile.ext
532

Does SSL_DEFAULT=openssl111 also imply that the port is broken with OpenSSL 1.1.0 or should that be added to the if statement?

lang/ruby23/Makefile
39

Unrelated change?

brnrd marked 4 inline comments as done.Oct 24 2018, 1:46 PM
brnrd added inline comments.
lang/php56/Makefile.ext
532

The match is for openeel11 (2 ones) so it will match both openssl111 as well as openssl110.

lang/ruby23/Makefile
39

Correct. Reverted locally

brnrd added a reviewer: miwi.Oct 28 2018, 5:21 PM
brnrd marked 2 inline comments as done.

Can I go ahead and change this throughout the ports tree?

bapt added a subscriber: bapt.Oct 28 2018, 8:19 PM

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

rene added a comment.Oct 28 2018, 9:26 PM
In D17136#379090, @bapt wrote:

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

So we can also just remove openssl-devel completely? Or upgrade and rename it to openssl111 to preserve history.

brnrd edited the summary of this revision. (Show Details)Oct 30 2018, 11:29 AM
In D17136#379137, @rene wrote:
In D17136#379090, @bapt wrote:

I think this is a bad idea, openssl 1.1.0 and 1.1.1 are binary compatible

So we can also just remove openssl-devel completely? Or upgrade and rename it to openssl111 to preserve history.

I'd be happy to remove security/openssl-devel.

security/openssl111 is a repo-copy of security/openssl-devel in rP479614: security/openssl111: Re-add OpenSSL 1.1.1 port which is after the update of security/openssl-devel to 1.1.0i. Subsequent commits to security/openssl-devel also affect or have been implemented in security/openssl111. In this way, security/openssl111 already preserves the history.
The security/openssl-devel is currently marked "deprecated" and directs users to use security/openssl111.

Given the above, I propose to:

  1. Add an item to MOVED
  2. svn rm security/openssl-devel
  3. Update Mk/Uses/ssl.mk to reflect removal of openssl-devel
  4. Update all ports depending on or broken with openssl-devel (ca. 100 ports)
brnrd updated this revision to Diff 49996.Nov 4 2018, 1:35 PM

Refresh diff after removal of security/openssl-devel

brnrd retitled this revision from Rename security/openssl-devel to openssl110 to Update BROKEN_SSL in ports.Nov 4 2018, 1:38 PM
brnrd edited the summary of this revision. (Show Details)
brnrd edited the test plan for this revision. (Show Details)
brnrd abandoned this revision.Nov 10 2018, 11:15 AM

Fixed with rP484599