Index: Mk/bsd.default-versions.mk =================================================================== --- Mk/bsd.default-versions.mk +++ Mk/bsd.default-versions.mk @@ -61,6 +61,47 @@ PYTHON3_DEFAULT?= 3.4 # Possible values: 2.0, 2.1, 2.2, 2.3 RUBY_DEFAULT?= 2.2 +# Possible values: base, openssl, openssl-devel, libressl, libressl-devel +.if !defined(SSL_DEFAULT) +# If no preference was set, check for an installed base version +# but give an installed port preference over it. +. if defined(WITH_OPENSSL_PORT) +. if defined(OPENSSL_PORT) +SSL_DEFAULT:=${OPENSSL_PORT:T} +WARNING+= "WITH_OPENSSL_PORT and OPENSSL_PORT are deprecated, replace them with DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT}" +. else +SSL_DEFAULT=openssl +WARNING+= "WITH_OPENSSL_PORT is deprecated, replace it with DEFAULT_VERSIONS+=ssl=openssl" +. endif +. elif defined(WITH_OPENSSL_BASE) +SSL_DEFAULT=base +WARNING+= "WITH_OPENSSL_BASE is deprecated, replace it with DEFAULT_VERSIONS+=ssl=base" +. elif !defined(WITH_OPENSSL_BASE) && \ + !defined(WITH_OPENSSL_PORT) && \ + !defined(SSL_DEFAULT) && \ + !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ + exists(${DESTDIR}/usr/include/openssl/opensslv.h) +SSL_DEFAULT= base +. else +. if exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) +# find installed port and use it for dependency +. if !defined(OPENSSL_INSTALLED) +. if defined(DESTDIR) +PKGARGS= -c ${DESTDIR} +. else +PKGARGS= +. endif +OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : +. endif +. if defined(OPENSSL_INSTALLED) && !empty(OPENSSL_INSTALLED) +SSL_DEFAULT:= ${OPENSSL_INSTALLED:T} +WARNING+= "You have ${OPENSSL_INSTALLED} installed but do not have DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT} set" +. endif +. endif +. endif +# Make sure we have a default in the end +SSL_DEFAULT?= base +.endif # Possible values: 8.4, 8.5, 8.6 TCLTK_DEFAULT?= 8.6 Index: Mk/bsd.openssl.mk =================================================================== --- Mk/bsd.openssl.mk +++ Mk/bsd.openssl.mk @@ -31,16 +31,9 @@ OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org -# If no preference was set, check for an installed base version -# but give an installed port preference over it. -.if !defined(WITH_OPENSSL_BASE) && \ - !defined(WITH_OPENSSL_PORT) && \ - !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ - exists(${DESTDIR}/usr/include/openssl/opensslv.h) -WITH_OPENSSL_BASE=yes -.endif +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base OPENSSLBASE= /usr OPENSSLDIR?= /etc/ssl @@ -59,7 +52,7 @@ @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" @${ECHO_CMD} "base system. You can't build against it, while a newer" @${ECHO_CMD} "version is installed by a port." - @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." + @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." @${FALSE} . endif @@ -81,39 +74,18 @@ MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" . endif -.else # !defined(WITH_OPENSSL_BASE) +.else # ${SSL_DEFAULT} != base OPENSSLBASE= ${LOCALBASE} -. if !defined(OPENSSL_PORT) && \ - exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) -# find installed port and use it for dependency -. if !defined(OPENSSL_INSTALLED) -. if defined(DESTDIR) -PKGARGS= -c ${DESTDIR} -. else -PKGARGS= -. endif -OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : -. endif -. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" -OPENSSL_PORT= ${OPENSSL_INSTALLED} -OPENSSL_SHLIBFILE!= ${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$" -OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E} -. endif -. endif -# LibreSSL and OpenSSL-BETA specific SHLIBVER -. if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl -OPENSSL_SHLIBVER?= 37 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel -OPENSSL_SHLIBVER?= 37 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/openssl-devel -OPENSSL_SHLIBVER?= 9 -. endif +OPENSSL_PORT= security/${SSL_DEFAULT} + +# Get OPENSSL_SHLIBVER from the port +.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> -# default -OPENSSL_PORT?= security/openssl -OPENSSL_SHLIBVER?= 8 +. if !defined(OPENSSL_SHLIBVER) +.error You are using an unsupported SSL provider ${SSL_DEFAULT} +. endif OPENSSLDIR?= ${OPENSSLBASE}/openssl BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} Index: databases/mysql57-server/Makefile =================================================================== --- databases/mysql57-server/Makefile +++ databases/mysql57-server/Makefile @@ -140,7 +140,7 @@ ### FreeBSD Version > 9.X ### .else -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base CMAKE_ARGS+= -DWITH_SSL=system .else CMAKE_ARGS+= -DWITH_SSL=${OPENSSLBASE} Index: devel/libgit2/Makefile =================================================================== --- devel/libgit2/Makefile +++ devel/libgit2/Makefile @@ -40,7 +40,7 @@ post-patch: @${REINPLACE_CMD} -e "s|/pkgconfig|/../libdata/pkgconfig|; \ /LIBGIT2_PC_REQUIRES.*zlib/ d" ${WRKSRC}/CMakeLists.txt -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e "/LIBGIT2_PC_REQUIRES.*openssl/ d" \ ${WRKSRC}/CMakeLists.txt .endif Index: dns/bind9-devel/Makefile =================================================================== --- dns/bind9-devel/Makefile +++ dns/bind9-devel/Makefile @@ -207,7 +207,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: dns/bind910/Makefile =================================================================== --- dns/bind910/Makefile +++ dns/bind910/Makefile @@ -232,7 +232,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: dns/bind99/Makefile =================================================================== --- dns/bind99/Makefile +++ dns/bind99/Makefile @@ -191,7 +191,7 @@ .include -.if ( ${PORT_OPTIONS:MGOST} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. Index: emulators/virtualbox-ose/Makefile =================================================================== --- emulators/virtualbox-ose/Makefile +++ emulators/virtualbox-ose/Makefile @@ -209,7 +209,7 @@ ${PATCHDIR}/extrapatch-src-recompiler-Makefile.kmk .endif -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base CONFIGURE_ARGS+= --with-openssl-dir="${OPENSSLBASE}" .endif Index: ftp/curl/Makefile =================================================================== --- ftp/curl/Makefile +++ ftp/curl/Makefile @@ -32,7 +32,7 @@ TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support LOCALBASE?= /usr/local -.if defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so)) +.if exists(${LOCALBASE}/lib/libcrypto.so) OPTIONS_DEFAULT+= GSSAPI_NONE .else OPTIONS_DEFAULT+= GSSAPI_BASE @@ -148,7 +148,7 @@ IGNORE= only supports LDAPS with SSL .endif -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && (defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so))) +.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && exists(${LOCALBASE}/lib/libcrypto.so) IGNORE= GSSAPI_BASE is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system .endif Index: mail/deforaos-mailer/Makefile =================================================================== --- mail/deforaos-mailer/Makefile +++ mail/deforaos-mailer/Makefile @@ -36,7 +36,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # openssl from base doesn't install a .pc file and pkg-config didn't like it CONFIGURE_ENV+= libssl_CFLAGS="-I${OPENSSLINC}" libssl_LIBS="-L${OPENSSLLIB} -lssl" .endif Index: mail/dk-milter/Makefile =================================================================== --- mail/dk-milter/Makefile +++ mail/dk-milter/Makefile @@ -85,7 +85,7 @@ SITE_SUB+= -e '/-DPOPAUTH/s/^dnl //g' .endif -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base SITE_SUB+= -e 's|%%OPENSSL%%|dnl |g' .else SITE_SUB+= -e 's|%%OPENSSL%%||g' \ Index: mail/sendmail/Makefile =================================================================== --- mail/sendmail/Makefile +++ mail/sendmail/Makefile @@ -310,7 +310,7 @@ .include .if ${PORT_OPTIONS:MTLS} -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base SITE+= ${FILESDIR}/site.config.m4.ssl .endif SITE+= ${FILESDIR}/site.config.m4.tls Index: net-im/telepathy-gabble/Makefile =================================================================== --- net-im/telepathy-gabble/Makefile +++ net-im/telepathy-gabble/Makefile @@ -33,7 +33,7 @@ PLIST_SUB= PVERSION=${PORTVERSION} -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -ssl -crypto" OPENSSL_CFLAGS="-I/usr/include" .endif Index: net-im/telepathy-idle/Makefile =================================================================== --- net-im/telepathy-idle/Makefile +++ net-im/telepathy-idle/Makefile @@ -23,7 +23,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/include" .endif Index: net/tigervnc/Makefile =================================================================== --- net/tigervnc/Makefile +++ net/tigervnc/Makefile @@ -110,7 +110,7 @@ TIGERVNC_XORG_PATCH_VER= 117 # import from x11-server/xorg-server/Makefile -.ifdef WITH_OPENSSL_BASE +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't # install a .pc file and configure will fail trying to find it. # Setting both of those variables to a *non-empty* value by-passes Index: security/libressl-devel/version.mk =================================================================== --- /dev/null +++ security/libressl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 37 Index: security/libressl/version.mk =================================================================== --- /dev/null +++ security/libressl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 37 Index: security/libssh2/Makefile =================================================================== --- security/libssh2/Makefile +++ security/libssh2/Makefile @@ -43,7 +43,7 @@ post-patch: @${REINPLACE_CMD} -e '/Libs:/s/@LDFLAGS@//' -e '/Libs:/s/@LIBS@//' \ ${WRKSRC}/libssh2.pc.in -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e 's/LIBSREQUIRED=libssl,libcrypto/LIBS="$$LIBS -lssl -lcrypto"/' \ ${WRKSRC}/configure .endif Index: security/openssl-devel/version.mk =================================================================== --- /dev/null +++ security/openssl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 9 Index: security/openssl/version.mk =================================================================== --- /dev/null +++ security/openssl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 8 Index: www/libmicrohttpd/Makefile =================================================================== --- www/libmicrohttpd/Makefile +++ www/libmicrohttpd/Makefile @@ -41,7 +41,7 @@ .include -.if !(defined(WITH_OPENSSL_BASE) && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) +.if !(${SSL_DEFAULT} == base && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) PLIST_FILES+= include/microspdy.h \ lib/libmicrospdy.a \ lib/libmicrospdy.so \ Index: x11-servers/xorg-server/Makefile =================================================================== --- x11-servers/xorg-server/Makefile +++ x11-servers/xorg-server/Makefile @@ -64,7 +64,7 @@ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't install a .pc file # and configure will fail trying to find it. Setting both of those variables to # a *non-empty* value by-passes the pkg-config check.