diff --git Mk/bsd.default-versions.mk Mk/bsd.default-versions.mk index aa39c5c..f81e976 100644 --- Mk/bsd.default-versions.mk +++ Mk/bsd.default-versions.mk @@ -61,6 +61,47 @@ PYTHON2_DEFAULT?= 2.7 PYTHON3_DEFAULT?= 3.4 # Possible values: 2.0, 2.1, 2.2, 2.3 RUBY_DEFAULT?= 2.2 +# Possible values: base, openssl, openssl-devel, libressl, libressl-devel +.if !defined(SSL_DEFAULT) +# If no preference was set, check for an installed base version +# but give an installed port preference over it. +. if defined(WITH_OPENSSL_PORT) +. if defined(OPENSSL_PORT) +SSL_DEFAULT:=${OPENSSL_PORT:T} +WARNING+= "Using WITH_OPENSSL_PORT and OPENSSL_PORT in make.conf is deprecated, replace them with DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT}" +. else +SSL_DEFAULT=openssl +WARNING+= "Using WITH_OPENSSL_PORT in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=openssl" +. endif +. elif defined(WITH_OPENSSL_BASE) +SSL_DEFAULT=base +WARNING+= "USing WITH_OPENSSL_BASE in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=base" +. elif !defined(WITH_OPENSSL_BASE) && \ + !defined(WITH_OPENSSL_PORT) && \ + !defined(SSL_DEFAULT) && \ + !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ + exists(${DESTDIR}/usr/include/openssl/opensslv.h) +SSL_DEFAULT= base +. else +. if exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) +# find installed port and use it for dependency +. if !defined(OPENSSL_INSTALLED) +. if defined(DESTDIR) +PKGARGS= -c ${DESTDIR} +. else +PKGARGS= +. endif +OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : +. endif +. if defined(OPENSSL_INSTALLED) && !empty(OPENSSL_INSTALLED) +SSL_DEFAULT:= ${OPENSSL_INSTALLED:T} +WARNING+= "You have ${OPENSSL_INSTALLED} installed but do not have DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT} set" +. endif +. endif +. endif +# Make sure we have a default in the end +SSL_DEFAULT?= base +.endif # Possible values: 8.4, 8.5, 8.6 TCLTK_DEFAULT?= 8.6 diff --git Mk/bsd.openssl.mk Mk/bsd.openssl.mk index 8f4a98c..9476d75 100644 --- Mk/bsd.openssl.mk +++ Mk/bsd.openssl.mk @@ -31,16 +31,9 @@ OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org -# If no preference was set, check for an installed base version -# but give an installed port preference over it. -.if !defined(WITH_OPENSSL_BASE) && \ - !defined(WITH_OPENSSL_PORT) && \ - !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ - exists(${DESTDIR}/usr/include/openssl/opensslv.h) -WITH_OPENSSL_BASE=yes -.endif +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base OPENSSLBASE= /usr OPENSSLDIR?= /etc/ssl @@ -59,7 +52,7 @@ check-depends:: @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" @${ECHO_CMD} "base system. You can't build against it, while a newer" @${ECHO_CMD} "version is installed by a port." - @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." + @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." @${FALSE} . endif @@ -81,39 +74,18 @@ OPENSSL_CFLAGS+= -DNO_IDEA MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" . endif -.else # !defined(WITH_OPENSSL_BASE) +.else # ${SSL_DEFAULT} != base OPENSSLBASE= ${LOCALBASE} -. if !defined(OPENSSL_PORT) && \ - exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) -# find installed port and use it for dependency -. if !defined(OPENSSL_INSTALLED) -. if defined(DESTDIR) -PKGARGS= -c ${DESTDIR} -. else -PKGARGS= -. endif -OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : -. endif -. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" -OPENSSL_PORT= ${OPENSSL_INSTALLED} -OPENSSL_SHLIBFILE!= ${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$" -OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E} -. endif -. endif -# LibreSSL and OpenSSL-BETA specific SHLIBVER -. if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl -OPENSSL_SHLIBVER?= 37 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel -OPENSSL_SHLIBVER?= 38 -. elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/openssl-devel -OPENSSL_SHLIBVER?= 9 -. endif +OPENSSL_PORT= security/${SSL_DEFAULT} + +# Get OPENSSL_SHLIBVER from the port +.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> -# default -OPENSSL_PORT?= security/openssl -OPENSSL_SHLIBVER?= 8 +. if !defined(OPENSSL_SHLIBVER) +.error You are using an unsupported SSL provider ${SSL_DEFAULT} +. endif OPENSSLDIR?= ${OPENSSLBASE}/openssl BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} diff --git archivers/py-borgbackup/Makefile archivers/py-borgbackup/Makefile index 47628c0..1fe961e 100644 --- archivers/py-borgbackup/Makefile +++ archivers/py-borgbackup/Makefile @@ -27,17 +27,19 @@ USES= python:3.4+ USE_PYTHON= autoplist distutils USE_OPENSSL= yes -.include - -.if defined(PACKAGE_BUILDING) && ${PYTHON_VER} != ${PYTHON_DEFAULT} -IGNORE= you have python ${PYTHON_DEFAULT} set as the default, and this needs ${PYTHON_VER} -.endif +.include # borg requires openssl>=1.0.0 .if ${OSVERSION} < 1000015 WITH_OPENSSL_PORT=yes .endif +.include + +.if defined(PACKAGE_BUILDING) && ${PYTHON_VER} != ${PYTHON_DEFAULT} +IGNORE= you have python ${PYTHON_DEFAULT} set as the default, and this needs ${PYTHON_VER} +.endif + post-install: ${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/borg/*.so diff --git databases/mysql57-server/Makefile databases/mysql57-server/Makefile index 52b40d6..a1cd2fc 100644 --- databases/mysql57-server/Makefile +++ databases/mysql57-server/Makefile @@ -129,7 +129,7 @@ PERFSCHM_SUB_LIST+= PERFSCHEMRC="" PERFSCHM_SUB_LIST_OFF+= PERFSCHEMRC="--skip-performance-schema" .endif -.include +.include ### Just for the sake of FreeBSD 9.X ### .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 @@ -137,10 +137,13 @@ PERFSCHM_SUB_LIST_OFF+= PERFSCHEMRC="--skip-performance-schema" EXTRA_PATCHES+= ${PATCHDIR}/rapid_plugin-patch-_x_mysqlxtest__src_mysqlxtest.cc .endif WITH_OPENSSL_PORT= yes +.endif + +.include ### FreeBSD Version > 9.X ### -.else -.if defined(WITH_OPENSSL_BASE) +.if ! ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 +.if ${SSL_DEFAULT} == base CMAKE_ARGS+= -DWITH_SSL=system .else CMAKE_ARGS+= -DWITH_SSL=${OPENSSLBASE} diff --git devel/libgit2/Makefile devel/libgit2/Makefile index 0267e18..89fad80 100644 --- devel/libgit2/Makefile +++ devel/libgit2/Makefile @@ -40,7 +40,7 @@ BROKEN_sparc64= does not install: thread-local storage not supported post-patch: @${REINPLACE_CMD} -e "s|/pkgconfig|/../libdata/pkgconfig|; \ /LIBGIT2_PC_REQUIRES.*zlib/ d" ${WRKSRC}/CMakeLists.txt -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e "/LIBGIT2_PC_REQUIRES.*openssl/ d" \ ${WRKSRC}/CMakeLists.txt .endif diff --git devel/libopkele/Makefile devel/libopkele/Makefile index fd34fbf..938ac81 100644 --- devel/libopkele/Makefile +++ devel/libopkele/Makefile @@ -41,7 +41,7 @@ USE_OPENSSL= yes post-patch: @ ${REINPLACE_CMD} -e "s|pkgconfigdir =.*|pkgconfigdir = ${PREFIX}/libdata/pkgconfig|g" \ ${WRKSRC}/Makefile.in -.if !defined(WITH_OPENSSL_PORT) +.if ${SSL_DEFAULT} == base @ ${REINPLACE_CMD} -e "s|Requires: openssl|Requires:|" ${WRKSRC}/libopkele.pc.in .endif diff --git devel/thrift-cpp/Makefile devel/thrift-cpp/Makefile index 921af99..68e9d49 100644 --- devel/thrift-cpp/Makefile +++ devel/thrift-cpp/Makefile @@ -47,7 +47,7 @@ CONFIGURE_ARGS+= \ .include -.if !defined(WITH_OPENSSL_PORT) && \ +.if ${SSL_DEFAULT} == base && \ ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015 # src/thrift/transport/TSSLSocket.cpp:147: error: 'TLSv1_1_method' was not declared in this scope # src/thrift/transport/TSSLSocket.cpp:149: error: 'TLSv1_2_method' was not declared in this scope diff --git dns/bind9-devel/Makefile dns/bind9-devel/Makefile index 14f1d35..2809cdc 100644 --- dns/bind9-devel/Makefile +++ dns/bind9-devel/Makefile @@ -207,7 +207,7 @@ PORTDOCS= * .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. diff --git dns/bind910/Makefile dns/bind910/Makefile index eff02f4..4ca3b1d 100644 --- dns/bind910/Makefile +++ dns/bind910/Makefile @@ -232,7 +232,7 @@ PORTDOCS= * .include -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. diff --git dns/bind99/Makefile dns/bind99/Makefile index ddd3e61..be7d98b 100644 --- dns/bind99/Makefile +++ dns/bind99/Makefile @@ -191,7 +191,7 @@ PORTDOCS= * .include -.if ( ${PORT_OPTIONS:MGOST} ) && defined(WITH_OPENSSL_BASE) +.if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ WITH_OPENSSL_PORT=yes to your /etc/make.conf and rebuild everything \ that needs SSL. diff --git emulators/virtualbox-ose/Makefile emulators/virtualbox-ose/Makefile index 504b652..f7ad1e0 100644 --- emulators/virtualbox-ose/Makefile +++ emulators/virtualbox-ose/Makefile @@ -209,7 +209,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/extrapatch-Config.kmk \ ${PATCHDIR}/extrapatch-src-recompiler-Makefile.kmk .endif -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base CONFIGURE_ARGS+= --with-openssl-dir="${OPENSSLBASE}" .endif diff --git ftp/curl/Makefile ftp/curl/Makefile index 890067a..a98d8d6 100644 --- ftp/curl/Makefile +++ ftp/curl/Makefile @@ -32,7 +32,10 @@ THREADED_RESOLVER_DESC= Threaded DNS resolver TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support LOCALBASE?= /usr/local -.if defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so)) + +.include <${PORTSDIR}/Mk/bsd.default-versions.mk> + +.if ${SSL_DEFAULT} != base OPTIONS_DEFAULT+= GSSAPI_NONE .else OPTIONS_DEFAULT+= GSSAPI_BASE @@ -148,11 +151,11 @@ IGNORE= only supports TLS-SRP with either OpenSSL or GnuTLS IGNORE= only supports LDAPS with SSL .endif -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && (defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so))) +.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && ${SSL_DEFAULT} != base IGNORE= GSSAPI_BASE is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system .endif -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl" +.if ${SSL_DEFAULT} == libressl .if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} IGNORE= GSSAPI_BASE is not compatible with LibreSSL. Use other GSSAPI options .endif diff --git mail/deforaos-mailer/Makefile mail/deforaos-mailer/Makefile index d701b3c..b27c89f 100644 --- mail/deforaos-mailer/Makefile +++ mail/deforaos-mailer/Makefile @@ -36,7 +36,7 @@ DOCS_BUILD_DEPENDS= xsltproc:textproc/libxslt \ .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # openssl from base doesn't install a .pc file and pkg-config didn't like it CONFIGURE_ENV+= libssl_CFLAGS="-I${OPENSSLINC}" libssl_LIBS="-L${OPENSSLLIB} -lssl" .endif diff --git mail/dk-milter/Makefile mail/dk-milter/Makefile index a717b0c..b041467 100644 --- mail/dk-milter/Makefile +++ mail/dk-milter/Makefile @@ -85,7 +85,7 @@ SITE_SUB+= -e '\|bld_USE_ARLIB|s/^dnl //g' SITE_SUB+= -e '/-DPOPAUTH/s/^dnl //g' .endif -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base SITE_SUB+= -e 's|%%OPENSSL%%|dnl |g' .else SITE_SUB+= -e 's|%%OPENSSL%%||g' \ diff --git mail/sendmail/Makefile mail/sendmail/Makefile index bdaed98..608babd 100644 --- mail/sendmail/Makefile +++ mail/sendmail/Makefile @@ -310,7 +310,7 @@ help: .include .if ${PORT_OPTIONS:MTLS} -.if !defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} != base SITE+= ${FILESDIR}/site.config.m4.ssl .endif SITE+= ${FILESDIR}/site.config.m4.tls diff --git net-im/telepathy-gabble/Makefile net-im/telepathy-gabble/Makefile index 1b8e448..db27193 100644 --- net-im/telepathy-gabble/Makefile +++ net-im/telepathy-gabble/Makefile @@ -33,7 +33,9 @@ INSTALL_TARGET= install-strip PLIST_SUB= PVERSION=${PORTVERSION} -.if defined(WITH_OPENSSL_BASE) +.include + +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -ssl -crypto" OPENSSL_CFLAGS="-I/usr/include" .endif @@ -41,4 +43,4 @@ post-patch: @${REINPLACE_CMD} -e 's|-Werror||g' \ ${WRKSRC}/lib/ext/wocky/configure -.include +.include diff --git net-im/telepathy-idle/Makefile net-im/telepathy-idle/Makefile index b20a1ee..48c2d87 100644 --- net-im/telepathy-idle/Makefile +++ net-im/telepathy-idle/Makefile @@ -23,7 +23,7 @@ INSTALL_TARGET= install-strip .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base CONFIGURE_ENV+= OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/include" .endif diff --git net-mgmt/net-snmp/Makefile net-mgmt/net-snmp/Makefile index e8070f9..3d876ce 100644 --- net-mgmt/net-snmp/Makefile +++ net-mgmt/net-snmp/Makefile @@ -215,7 +215,7 @@ CONFLICTS= ucd-snmp-4.* net-snmp-5.3.* .include -.if defined(WITH_OPENSSL_PORT) || defined(OPENSSL_PORT) +.if ${SSL_DEFAULT} != base LCRYPTO= -lcrypto .else LCRYPTO= diff --git net-mgmt/zabbix3-server/Makefile net-mgmt/zabbix3-server/Makefile index d87e0d6..e53d2ec 100644 --- net-mgmt/zabbix3-server/Makefile +++ net-mgmt/zabbix3-server/Makefile @@ -150,9 +150,9 @@ GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls POLARSSL_CONFIGURE_WITH=mbedtls POLARSSL_LIB_DEPENDS= libmbedtls.so:security/polarssl13 -.include +.include -.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= OpenSSL from the base system is too old, add WITH_OPENSSL_PORT to your /etc/make.conf and rebuild everything that needs SSL. .endif @@ -194,4 +194,4 @@ post-install: .endif .endif -.include +.include diff --git net/hostapd/Makefile net/hostapd/Makefile index b12ea52..f7fa070 100644 --- net/hostapd/Makefile +++ net/hostapd/Makefile @@ -24,16 +24,16 @@ OPTIONS_DEFINE= PORTS_SSL PORTS_SSL_DESC= Build with OpenSSL from ports (instead of base system) -.include +.include .if ${PORT_OPTIONS:MPORTS_SSL} -.if !defined(WITH_OPENSSL_PORT) -IGNORE= the PORTS_SSL option not allowed when WITH_OPENSSL_PORT is not set +.if ${SSL_DEFAULT} == base +IGNORE= the PORTS_SSL option not allowed when using SSL from base .endif CONFIGURE_ARGS+= --with-ssl-dir=${PREFIX} .else -.if defined(WITH_OPENSSL_PORT) -IGNORE= the PORTS_SSL option is required when WITH_OPENSSL_PORT is set +.if ${SSL_DEFAULT} != base +IGNORE= the PORTS_SSL option is required when using SSL from ports .endif .endif @@ -52,4 +52,4 @@ do-install: ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ ${STAGEDIR}${MANPREFIX}/man/man8 -.include +.include diff --git net/openldap24-server/Makefile net/openldap24-server/Makefile index efb6e65..253aebe 100644 --- net/openldap24-server/Makefile +++ net/openldap24-server/Makefile @@ -189,14 +189,6 @@ CONFIGURE_ARGS= --with-threads=posix \ # XXX FreeBSD does not implement O_DSYNC and fdatasync at this time. CFLAGS+= -DMDB_DSYNC=O_SYNC -Dfdatasync=fsync -.if !${PORT_OPTIONS:MFETCH} -CONFIGURE_ARGS+= --without-fetch -.else -. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" || defined(WITH_OPENSSL_PORT) -BROKEN= using OpenSSL from ports and OPTION FETCH together is not supported -. endif -.endif - .if ${PORT_OPTIONS:MSASL} LIB_DEPENDS+= libsasl2.so:security/cyrus-sasl2 CONFIGURE_ARGS+= --with-cyrus-sasl @@ -512,6 +504,16 @@ PLIST_SUB+= SHLIB_MAJOR=${OPENLDAP_SHLIB_MAJOR} PLIST_SUB+= SHLIB_MINOR=${OPENLDAP_SHLIB_MINOR} PLIST_SUB+= OPENLDAP_MAJOR=${OPENLDAP_MAJOR} +.include + +.if !${PORT_OPTIONS:MFETCH} +CONFIGURE_ARGS+= --without-fetch +.else +. if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" || ${SSL_DEFAULT} != base +BROKEN= using OpenSSL from ports and OPTION FETCH together is not supported +. endif +.endif + post-patch: @${REINPLACE_CMD} -e 's|%LOCALSTATEDIR%/run/|${LDAP_RUN_DIR}/|g' \ ${SED_MODULES} ${WRKSRC}/servers/slapd/slapd.conf @@ -588,4 +590,4 @@ post-install: .endif .endif # defined(CLIENT_ONLY) -.include +.include diff --git net/socat/Makefile net/socat/Makefile index 700cd88..e9d89a9 100644 --- net/socat/Makefile +++ net/socat/Makefile @@ -29,7 +29,7 @@ OPTIONS_DEFINE= DOCS .include -.if defined(WITH_OPENSSL_PORT) +.if ${SSL_DEFAULT} != base CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib .endif diff --git net/tigervnc/Makefile net/tigervnc/Makefile index 0c42ae64..812f60a 100644 --- net/tigervnc/Makefile +++ net/tigervnc/Makefile @@ -110,7 +110,7 @@ CONFIGURE_ARGS+= \ TIGERVNC_XORG_PATCH_VER= 117 # import from x11-server/xorg-server/Makefile -.ifdef WITH_OPENSSL_BASE +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't # install a .pc file and configure will fail trying to find it. # Setting both of those variables to a *non-empty* value by-passes diff --git security/R-cran-openssl/Makefile security/R-cran-openssl/Makefile index 59f7bea..f058add 100644 --- security/R-cran-openssl/Makefile +++ security/R-cran-openssl/Makefile @@ -13,7 +13,7 @@ LICENSE= MIT USES= cran:auto-plist -.include +.include .if ${OSVERSION} < 1000015 WITH_OPENSSL_PORT= yes @@ -21,4 +21,4 @@ R_POSTCMD_INSTALL_OPTIONS+= --configure-vars="INCLUDE_DIR=${OPENSSLINC} LIB_DIR= .include "${PORTSDIR}/Mk/bsd.openssl.mk" .endif -.include +.include diff --git security/bro/Makefile security/bro/Makefile index efdc807..b0a0ff9 100644 --- security/bro/Makefile +++ security/bro/Makefile @@ -137,8 +137,8 @@ CMAKE_ARGS+= -D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so:security/openssl RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so:security/openssl .else -.if defined(WITH_OPENSSL_PORT) -IGNORE= the SSL option is requred when WITH_OPENSSL_PORT is enabled +.if ${SSL_DEFAULT} != base +IGNORE= the SSL option is requred when using SSL from ports .endif .endif diff --git security/libressl-devel/version.mk security/libressl-devel/version.mk new file mode 100644 index 0000000..2457aac --- /dev/null +++ security/libressl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 38 diff --git security/libressl/version.mk security/libressl/version.mk new file mode 100644 index 0000000..d71bc8f --- /dev/null +++ security/libressl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 37 diff --git security/libssh2/Makefile security/libssh2/Makefile index 0657911..54ef094 100644 --- security/libssh2/Makefile +++ security/libssh2/Makefile @@ -43,7 +43,7 @@ USE_OPENSSL= yes post-patch: @${REINPLACE_CMD} -e '/Libs:/s/@LDFLAGS@//' -e '/Libs:/s/@LIBS@//' \ ${WRKSRC}/libssh2.pc.in -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base @${REINPLACE_CMD} -e 's/LIBSREQUIRED=libssl,libcrypto/LIBS="$$LIBS -lssl -lcrypto"/' \ ${WRKSRC}/configure .endif diff --git security/openssl-devel/version.mk security/openssl-devel/version.mk new file mode 100644 index 0000000..2c0b7b9 --- /dev/null +++ security/openssl-devel/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 9 diff --git security/openssl/version.mk security/openssl/version.mk new file mode 100644 index 0000000..6747404 --- /dev/null +++ security/openssl/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 8 diff --git security/p5-openxpki/Makefile security/p5-openxpki/Makefile index 6d48f89..973ff2c 100644 --- security/p5-openxpki/Makefile +++ security/p5-openxpki/Makefile @@ -114,7 +114,7 @@ post-stage: .include -.if defined(WITH_OPENSSL_PORT) && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT} == libressl IGNORE= this version of OpenXPKI is not fully functional with LibreSSL library, use OpenSSL instead .endif diff --git security/py-m2crypto/Makefile security/py-m2crypto/Makefile index f427a08..1cb6ffd 100644 --- security/py-m2crypto/Makefile +++ security/py-m2crypto/Makefile @@ -27,7 +27,7 @@ PLIST_FILES= %%PYTHON_SITELIBDIR%%/M2Crypto/_m2crypto.py \ .include -.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= py-m2crypto requires OpenSSL 1.0.1e+ .endif diff --git security/softhsm2/Makefile security/softhsm2/Makefile index a519524..3bf3a48 100644 --- security/softhsm2/Makefile +++ security/softhsm2/Makefile @@ -38,8 +38,10 @@ CRYP_OPEN_USE= openssl=yes CRYP_OPEN_VARS= WITH_OPENSSL_PORT=yes CRYP_OPEN_CONFIGURE_ON= --with-crypto-backend=openssl -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.include + +.if ${SSL_DEFAULT} == libressl CONFIGURE_ARGS+= --disable-gost .endif -.include +.include diff --git security/stunnel/Makefile security/stunnel/Makefile index aaeaed8..1f0a8ce 100644 --- security/stunnel/Makefile +++ security/stunnel/Makefile @@ -74,11 +74,13 @@ CONFIGURE_ARGS+=--with-threads=pthread LDFLAGS+= -lpthread .endif -.if ${PORT_OPTIONS:MFIPS} && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.include + +.if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT} == libressl IGNORE= LibreSSL does not support FIPS standard .endif -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT} == libressl NO_PACKAGE= The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries .endif @@ -115,4 +117,4 @@ cert: @${ECHO} "" @(cd ${WRKSRC}/tools/; make install-data-local) -.include +.include diff --git www/libmicrohttpd/Makefile www/libmicrohttpd/Makefile index df0c583..c137fee 100644 --- www/libmicrohttpd/Makefile +++ www/libmicrohttpd/Makefile @@ -41,7 +41,7 @@ PLIST_FILES= include/microhttpd.h \ .include -.if !(defined(WITH_OPENSSL_BASE) && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) +.if !(${SSL_DEFAULT} == base && ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015) PLIST_FILES+= include/microspdy.h \ lib/libmicrospdy.a \ lib/libmicrospdy.so \ diff --git www/spdylay/Makefile www/spdylay/Makefile index bc535ba..6a27e5e 100644 --- www/spdylay/Makefile +++ www/spdylay/Makefile @@ -37,7 +37,7 @@ PORTDOCS= * .include -.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT) +.if ${OSVERSION} < 1000000 && ${SSL_DEFAULT} == base IGNORE= spdylay requires OpenSSL 1.0.1+ .endif diff --git x11-servers/xorg-server/Makefile x11-servers/xorg-server/Makefile index bc12d55..26946dc 100644 --- x11-servers/xorg-server/Makefile +++ x11-servers/xorg-server/Makefile @@ -64,7 +64,7 @@ PLIST= ${.CURDIR}/pkg-plist .include -.if defined(WITH_OPENSSL_BASE) +.if ${SSL_DEFAULT} == base # The reason why I use this is cause openssl from base doesn't install a .pc file # and configure will fail trying to find it. Setting both of those variables to # a *non-empty* value by-passes the pkg-config check.