Index: head/CHANGES =================================================================== --- head/CHANGES +++ head/CHANGES @@ -10,6 +10,11 @@ All ports committers are allowed to commit to this file. +20160627: +AUTHOR: mat@FreeBSD.org + + USE_OPENSSL has been replaced by USES=ssl. + 20160625: AUTHOR: adamw@FreeBSD.org Index: head/Mk/Scripts/qa.sh =================================================================== --- head/Mk/Scripts/qa.sh +++ head/Mk/Scripts/qa.sh @@ -98,6 +98,7 @@ baselibs() { local rc + local found_openssl [ "${PKGBASE}" = "pkg" -o "${PKGBASE}" = "pkg-devel" ] && return while read f; do case ${f} in @@ -109,12 +110,20 @@ err "Bad linking on ${f##* } please add USES=libedit" rc=1 ;; + *NEEDED*\[libcrypto.so.*]|*NEEDED*\[libssl.so.*]) + found_openssl=1 + ;; esac done <<-EOF $(find ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \ ${STAGEDIR}${PREFIX}/lib ${STAGEDIR}${PREFIX}/libexec \ -type f -exec readelf -d {} + 2>/dev/null) EOF + if [ -z "${USESSSL}" -a -n "${found_openssl}" ]; then + warn "you need USES=nssl" + elif [ -n "${USESSSL}" -a -z "${found_openssl}" ]; then + warn "you may not need USES=ssl" + fi return ${rc} } Index: head/Mk/Uses/ssl.mk =================================================================== --- head/Mk/Uses/ssl.mk +++ head/Mk/Uses/ssl.mk @@ -0,0 +1,113 @@ +# $FreeBSD$ +# +# Handle dependency on *ssl ports. +# +# Feature: SSL_DEFAULT +# Usage: USES=ssl +# Valid ARGS: none +# +# The use can choose which ssl library he wants with: +# +# DEFAULT_VERSIONS+= ssl= +# +# Variants being base, openssl, openssl-devel, libressl, and libressl-devel. +# +# The Makefile sets these variables: +# OPENSSLBASE - "/usr" or ${LOCALBASE} +# OPENSSLDIR - path to openssl +# OPENSSLLIB - path to the libs +# OPENSSLINC - path to the matching includes +# OPENSSLRPATH - rpath for dynamic linker +# +# MAKE_ENV - extended with the variables above +# CONFIGURE_ENV - extended with LDFLAGS +# BUILD_DEPENDS - are added if needed +# RUN_DEPENDS - are added if needed +# +# MAINTAINER: portmgr@FreeBSD.org +# +.if !defined(_INCLUDE_USES_SSL_MK) +_INCLUDE_USES_SSL_MK= yes + +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" + +.if ${SSL_DEFAULT} == base +OPENSSLBASE= /usr +OPENSSLDIR?= /etc/ssl + +. if !exists(${DESTDIR}/usr/lib/libcrypto.so) +check-depends:: + @${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of" + @${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your" + @${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook" + @${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)" + @${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD" + @${ECHO_CMD} "OpenSSL distribution." + @${FALSE} +. endif +. if exists(${LOCALBASE}/lib/libcrypto.so) +check-depends:: + @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" + @${ECHO_CMD} "base system. You can't build against it, while a newer" + @${ECHO_CMD} "version is installed by a port." + @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." + @${FALSE} +. endif + +# OpenSSL in the base system may not include IDEA for patent licensing reasons. +. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) +OPENSSL_IDEA= ${MAKE_IDEA} +. else +OPENSSL_IDEA?= NO +. endif + +. if ${OPENSSL_IDEA} == "NO" +# XXX This is a hack to work around the fact that /etc/make.conf clobbers +# our CFLAGS. It might not be enough for all future ports. +. if defined(HAS_CONFIGURE) +CFLAGS+= -DNO_IDEA +. else +OPENSSL_CFLAGS+= -DNO_IDEA +. endif +MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" +. endif + +.else # ${SSL_DEFAULT} != base + +OPENSSLBASE= ${LOCALBASE} + +OPENSSL_PORT= security/${SSL_DEFAULT} + +# Get OPENSSL_SHLIBVER from the port +.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> + +. if !defined(OPENSSL_SHLIBVER) +.error You are using an unsupported SSL provider ${SSL_DEFAULT} +. endif + +OPENSSLDIR?= ${OPENSSLBASE}/openssl +BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} +RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} +OPENSSLRPATH= ${LOCALBASE}/lib + +.endif + +OPENSSLLIB= ${OPENSSLBASE}/lib +OPENSSLINC= ${OPENSSLBASE}/include + +MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} +MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} +MAKE_ENV+= OPENSSLINC=${OPENSSLINC} +MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} + +.if defined(OPENSSLRPATH) +. if defined(USE_OPENSSL_RPATH) +CFLAGS+= -Wl,-rpath,${OPENSSLRPATH} +. endif +MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH} +OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH} +.endif + +LDFLAGS+= ${OPENSSL_LDFLAGS} + +.endif Index: head/Mk/bsd.openssl.mk =================================================================== --- head/Mk/bsd.openssl.mk +++ head/Mk/bsd.openssl.mk @@ -1,117 +0,0 @@ -# -# $FreeBSD$ -# bsd.openssl.mk - Support for OpenSSL based ports. -# -# Use of 'USE_OPENSSL=yes' includes this Makefile after bsd.ports.pre.mk -# -# The port can now set these options in the Makefiles. -# -# WITH_OPENSSL_BASE=yes - Use the version in the base system. -# WITH_OPENSSL_PORT=yes - Use the OpenSSL port, even if base is up to date. -# -# USE_OPENSSL_RPATH=yes - Pass RFLAGS options in CFLAGS, -# needed for ports who don't use LDFLAGS. -# -# Overrideable defaults: -# -# DEFAULT_VERSIONS+= ssl= -# -# Variants being base, openssl, openssl-devel, libressl, and libressl-devel. -# -# The Makefile sets these variables: -# OPENSSLBASE - "/usr" or ${LOCALBASE} -# OPENSSLDIR - path to openssl -# OPENSSLLIB - path to the libs -# OPENSSLINC - path to the matching includes -# OPENSSLRPATH - rpath for dynamic linker -# -# MAKE_ENV - extended with the variables above -# CONFIGURE_ENV - extended with LDFLAGS -# BUILD_DEPENDS - are added if needed -# RUN_DEPENDS - are added if needed - -OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org - -.include "${PORTSDIR}/Mk/bsd.default-versions.mk" - -.if ${SSL_DEFAULT} == base -OPENSSLBASE= /usr -OPENSSLDIR?= /etc/ssl - -. if !exists(${DESTDIR}/usr/lib/libcrypto.so) -check-depends:: - @${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of" - @${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your" - @${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook" - @${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)" - @${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD" - @${ECHO_CMD} "OpenSSL distribution." - @${FALSE} -. endif -. if exists(${LOCALBASE}/lib/libcrypto.so) -check-depends:: - @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" - @${ECHO_CMD} "base system. You can't build against it, while a newer" - @${ECHO_CMD} "version is installed by a port." - @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." - @${FALSE} -. endif - -# OpenSSL in the base system may not include IDEA for patent licensing reasons. -. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) -OPENSSL_IDEA= ${MAKE_IDEA} -. else -OPENSSL_IDEA?= NO -. endif - -. if ${OPENSSL_IDEA} == "NO" -# XXX This is a hack to work around the fact that /etc/make.conf clobbers -# our CFLAGS. It might not be enough for all future ports. -. if defined(HAS_CONFIGURE) -CFLAGS+= -DNO_IDEA -. else -OPENSSL_CFLAGS+= -DNO_IDEA -. endif -MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" -. endif - -.else # ${SSL_DEFAULT} != base - -OPENSSLBASE= ${LOCALBASE} - -OPENSSL_PORT= security/${SSL_DEFAULT} - -# Get OPENSSL_SHLIBVER from the port -.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> - -. if !defined(OPENSSL_SHLIBVER) -.error You are using an unsupported SSL provider ${SSL_DEFAULT} -. endif - -OPENSSLDIR?= ${OPENSSLBASE}/openssl -BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} -RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} -OPENSSLRPATH= ${LOCALBASE}/lib - -.endif - -OPENSSLLIB= ${OPENSSLBASE}/lib -OPENSSLINC= ${OPENSSLBASE}/include - -MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} -MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} -MAKE_ENV+= OPENSSLINC=${OPENSSLINC} -MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} - -.if defined(OPENSSLRPATH) -. if defined(USE_OPENSSL_RPATH) -CFLAGS+= -Wl,-rpath,${OPENSSLRPATH} -. endif -MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH} -OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH} -.endif - -LDFLAGS+= ${OPENSSL_LDFLAGS} - -### crypto -#RESTRICTED= "Contains cryptography." Index: head/Mk/bsd.port.mk =================================================================== --- head/Mk/bsd.port.mk +++ head/Mk/bsd.port.mk @@ -1352,7 +1352,7 @@ .endif .if defined(USE_OPENSSL) -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl .endif .if defined(USE_EMACS) @@ -1525,6 +1525,9 @@ PKGORIGIN=${PKGORIGIN} \ LIB_RUN_DEPENDS='${_LIB_RUN_DEPENDS:C,[^:]*:([^:]*):?.*,\1,}' \ PKGBASE=${PKGBASE} +.if !empty(USES:Mssl) +QA_ENV+= USESSSL=yes +.endif .if !empty(USES:Mdesktop-file-utils) QA_ENV+= USESDESKTOPFILEUTILS=yes .endif Index: head/Mk/bsd.sanity.mk =================================================================== --- head/Mk/bsd.sanity.mk +++ head/Mk/bsd.sanity.mk @@ -177,7 +177,8 @@ PYDISTUTILS_AUTOPLIST PYTHON_PY3K_PLIST_HACK PYDISTUTILS_NOEGGINFO \ USE_PYTHON_PREFIX USE_BZIP2 USE_XZ USE_PGSQL NEED_ROOT \ UNIQUENAME LATEST_LINK USE_SQLITE USE_FIREBIRD -SANITY_DEPRECATED= PYTHON_PKGNAMESUFFIX USE_AUTOTOOLS PLIST_DIRSTRY USE_BDB USE_MYSQL WANT_MYSQL_VER +SANITY_DEPRECATED= PYTHON_PKGNAMESUFFIX USE_AUTOTOOLS PLIST_DIRSTRY \ + USE_BDB USE_MYSQL WANT_MYSQL_VER USE_OPENSSL SANITY_NOTNEEDED= WX_UNICODE USE_AUTOTOOLS_ALT= USES=autoreconf and GNU_CONFIGURE=yes @@ -221,6 +222,7 @@ USE_BDB_ALT= USES=bdb:${USE_BDB} USE_MYSQL_ALT= USES=mysql:${USE_MYSQL} WANT_MYSQL_VER_ALT= USES=mysql:${WANT_MYSQL_VER} +USE_OPENSSL_ALT= USES=ssl .for a in ${SANITY_DEPRECATED} .if defined(${a}) Index: head/devel/libopkele/Makefile =================================================================== --- head/devel/libopkele/Makefile +++ head/devel/libopkele/Makefile @@ -19,7 +19,7 @@ libxslt.so:textproc/libxslt USE_LDCONFIG= yes -USES= libtool gmake pkgconfig compiler:c++11-lang +USES= libtool gmake pkgconfig compiler:c++11-lang ssl GNU_CONFIGURE= yes CONFIGURE_ENV= "OPENSSL_CFLAGS=${CFLAGS} -l${OPENSSLINC}" \ OPENSSL_LIBS=-L${OPENSSLLIB} @@ -27,13 +27,8 @@ CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -# This port needs OpenSSL 0.9.8b which is present in 7.0 and up -USE_OPENSSL= yes - .include -.include "${PORTSDIR}/Mk/bsd.openssl.mk" - # If we use the base OpenSSL either by default or # by design, we need to remove the openssl dependency # in pkgconfig/libopkele.pc. Index: head/devel/p5-Event-RPC/Makefile =================================================================== --- head/devel/p5-Event-RPC/Makefile +++ head/devel/p5-Event-RPC/Makefile @@ -26,7 +26,6 @@ OPTIONS_DEFAULT= EVENT ANYEVENT SSL .include -.include BUILD_DEPENDS= p5-Storable>=0:devel/p5-Storable @@ -43,11 +42,10 @@ .endif .if ${PORT_OPTIONS:MSSL} -# we can't use USE_OPENSSL=yes after including bsd.port.pre.mk -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl BUILD_DEPENDS+= p5-IO-Socket-SSL>=0:security/p5-IO-Socket-SSL .endif RUN_DEPENDS:= ${BUILD_DEPENDS} -.include +.include Index: head/dns/opendd/Makefile =================================================================== --- head/dns/opendd/Makefile +++ head/dns/opendd/Makefile @@ -30,7 +30,7 @@ .endif .if ${PORT_OPTIONS:MOPENSSL} -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} MAKE_ENV+= "USE_SOCKET_SSL=yes" Index: head/ftp/vsftpd-ext/Makefile =================================================================== --- head/ftp/vsftpd-ext/Makefile +++ head/ftp/vsftpd-ext/Makefile @@ -57,7 +57,7 @@ .endif .if ${PORT_OPTIONS:MVSFTPD_SSL} && !defined(WITHOUT_SSL) -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl SSL_SUFFIX= -ssl CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} Index: head/ftp/vsftpd/Makefile =================================================================== --- head/ftp/vsftpd/Makefile +++ head/ftp/vsftpd/Makefile @@ -33,7 +33,7 @@ .include .if ${PORT_OPTIONS:MVSFTPD_SSL} && !defined(WITHOUT_SSL) -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl SSL_SUFFIX= -ssl CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} Index: head/net/isc-dhcp43-server/Makefile =================================================================== --- head/net/isc-dhcp43-server/Makefile +++ head/net/isc-dhcp43-server/Makefile @@ -108,10 +108,9 @@ .endif .if ${PORT_OPTIONS:MLDAP_SSL} && ${PORT_OPTIONS:MLDAP} -USE_OPENSSL= yes +USES+= ssl CONFIGURE_ARGS+=--with-ldapcrypto LIBS+= -lssl -.include "${PORTSDIR}/Mk/bsd.openssl.mk" .endif .if ${PORT_OPTIONS:MIPV6} Index: head/security/R-cran-openssl/Makefile =================================================================== --- head/security/R-cran-openssl/Makefile +++ head/security/R-cran-openssl/Makefile @@ -18,7 +18,7 @@ .if ${OSVERSION} < 1000015 WITH_OPENSSL_PORT= yes R_POSTCMD_INSTALL_OPTIONS+= --configure-vars="INCLUDE_DIR=${OPENSSLINC} LIB_DIR=${OPENSSLLIB}" -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl .endif .include Index: head/security/ftimes/Makefile =================================================================== --- head/security/ftimes/Makefile +++ head/security/ftimes/Makefile @@ -61,6 +61,8 @@ MAP_TOOLS_DESC= Install map tools XMAGIC_DESC= XMagic support +SSL_USES= ssl + .include LIB_DEPENDS+= libpcre.so:devel/pcre @@ -110,8 +112,6 @@ .endif .if ${PORT_OPTIONS:MSSL} -# we can't use USE_OPENSSL=yes after including bsd.port.pre.mk -.include "${PORTSDIR}/Mk/bsd.openssl.mk" CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE} .else CONFIGURE_ARGS+= --without-ssl