Page MenuHomeFreeBSD

secure/openvpn: Make lzo compression optional
ClosedPublic

Authored by diizzy on Jan 15 2020, 2:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 11:44 PM
Unknown Object (File)
Wed, Nov 6, 3:32 PM
Unknown Object (File)
Oct 24 2024, 8:46 AM
Unknown Object (File)
Oct 19 2024, 9:02 PM
Unknown Object (File)
Oct 5 2024, 10:29 PM
Unknown Object (File)
Sep 26 2024, 4:23 PM
Unknown Object (File)
Sep 7 2024, 3:58 PM
Unknown Object (File)
Sep 7 2024, 3:28 PM
Subscribers

Details

Summary

Make lzo dependency optional and if both compression libraries are disabled add --enable-comp-stub to enabled "allow limited interoperability with compression-enabled peers".

Test Plan

Poudriere log (lz4 and lzo disabled)

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This lacks a motivation/rationale and win-and-loss consideration on why we would want a possibility to configure the package in a way that is harmful to compatibility when OpenVPN has been supporting LZO for all the years from basically day 0, is a lightweight reliable and readily available (binary packaged) compression library.

I am extremely inclined to reject this, you'll need to bring really strong reasons to the table. "Just because we can" will not suffice. And even then the implementation is a mess and needs to move the compression-option logic all into one central place before it becomes even fit for consideration.

Meaning this proposal requires substantial rework. Sorry.

While I understand your concern about compatibility that can be applied to pretty much any port with some kind of configuration option regarding dependencies. The idea is to simply give the user an option to exclude unneeded libraries as compression isn't always beneficial in terms of performance primarily on embedded devices such as ones based on MIPS and ARM (example https://serverfault.com/questions/544869/improving-openvpn-performance/755690#755690) and these are often removed on devices running OpenWrt for instance. In addtion to that it may also be a security concern see: https://forum.netgate.com/topic/141498/openvpn-compression for instance.

I'll commit a clean-up version of this.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 26 2020, 2:40 PM
This revision was automatically updated to reflect the committed changes.

Thanks, I got busy on my end.