If you wish, you may rebuild all dports to use non-base SSL library of your choice

John Marino dragonflybsd at marino.st
Sat Sep 17 07:47:47 PDT 2016


The DPorts tree has been audited and fixed to work with dports-based SSL 
libraries such as:
   /security/openssl
   /security/openssl-devel (untested)
   /security/libressl
   /security/libressl-devel (untested)

Currently they will still build with the DF base openssl libraries.  If 
you want to use one of the dports SSL libraries above, put 
"SSL_DEFAULT=<portname>" in your make.conf and rebuild them all.

For example, put:
SSL_DEFAULT=libressl
in /usr/local/etc/synth/LiveSystem-make.conf
and use synth to rebuild all packages, then reinstall from your local 
repository.

In about a week, the dports framework will be changed to use 
dports-based libressl be default ON MASTER (existing releases will still 
use base openssl), so if you want something else on master you need to 
set SSL_DEFAULT anyway.  (Note that there are a few ports that are 
OpenSSL-only, so those will only be available to people that build their 
own packages with SSL_DEFAULT=openssl set in the future).

You can maintain the current behavior by setting "SSL_DEFAULT=base" in 
make.conf, but at some point we are going to unhook the base OpenSSL 
from the build by default.

Let's pick a date, say 14 October 2016.
I proposed that after that point, the base openSSL will not longer build 
and "make upgrade" will remove it from the system.  We can have a new 
build variable, e.g. KEEP_OPENSSL, that would keep building it and not 
remove it during upgrade, but that variable would probably be removed 
before the next release.

If anyone has a big issue with that proposal, just speak up.  Nothing is 
set in stone yet.

John

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



More information about the Users mailing list