If you wish, you may rebuild all dports to use non-base SSL library of your choice
John Marino
dragonflybsd at marino.st
Sat Sep 17 07:47:47 PDT 2016
The DPorts tree has been audited and fixed to work with dports-based SSL
libraries such as:
/security/openssl
/security/openssl-devel (untested)
/security/libressl
/security/libressl-devel (untested)
Currently they will still build with the DF base openssl libraries. If
you want to use one of the dports SSL libraries above, put
"SSL_DEFAULT=<portname>" in your make.conf and rebuild them all.
For example, put:
SSL_DEFAULT=libressl
in /usr/local/etc/synth/LiveSystem-make.conf
and use synth to rebuild all packages, then reinstall from your local
repository.
In about a week, the dports framework will be changed to use
dports-based libressl be default ON MASTER (existing releases will still
use base openssl), so if you want something else on master you need to
set SSL_DEFAULT anyway. (Note that there are a few ports that are
OpenSSL-only, so those will only be available to people that build their
own packages with SSL_DEFAULT=openssl set in the future).
You can maintain the current behavior by setting "SSL_DEFAULT=base" in
make.conf, but at some point we are going to unhook the base OpenSSL
from the build by default.
Let's pick a date, say 14 October 2016.
I proposed that after that point, the base openSSL will not longer build
and "make upgrade" will remove it from the system. We can have a new
build variable, e.g. KEEP_OPENSSL, that would keep building it and not
remove it during upgrade, but that variable would probably be removed
before the next release.
If anyone has a big issue with that proposal, just speak up. Nothing is
set in stone yet.
John
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Users
mailing list