Bug 223457

Summary: security/testssl.sh: Use security/openssl-unsafe
Product: Ports & Packages Reporter: Bernard Spil <brnrd>
Component: Individual Port(s)Assignee: Tobias Kortkamp <tobik>
Status: Closed FIXED    
Severity: Affects Only Me CC: tobik
Priority: --- Keywords: needs-qa, patch
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
svn diff for security/testssl.sh
tobik: maintainer-approval-
svn diff for security/testssl.sh brnrd: maintainer-approval?

Description Bernard Spil freebsd_committer freebsd_triage 2017-11-05 22:13:14 UTC 
Created attachment 187771 [details]
svn diff for security/testssl.sh

```
security/testssl.sh: Use secutity/openssl-unsafe

 - Run with security/openssl-unsafe

PR: ?
```

The security/openssl-unsafe port is exactly what you should want to depend on. This port was failing if the user had selected e.g. DEFAULT_VERSIONS= ssl=openssl-devel.
Comment 1 Tobias Kortkamp freebsd_committer freebsd_triage 2017-11-06 14:20:51 UTC 
Comment on attachment 187771 [details]
svn diff for security/testssl.sh

Sure, in principle this sound like a good idea.  However there are a
couple of issues.

+.if ${ARCH} != i386
+BUILD_DEPENDS=	${LOCALBASE}/openssl-unsafe/bin/openssl:security/openssl-unsafe
+RUN_DEPENDS+=	${BUILD_DEPENDS_amd64}

 post-patch:
+	${REINPLACE_CMD} -e "s|OPENSSL=PREFIX|OPENSSL=${PREFIX}|" ${WRKSRC}/testssl.sh
+.endif

So what happens on i386?  Why is openssl-unsafe not working on i386?
What does BUILD_DEPENDS_amd64 do?  Why even set BUILD_DEPENDS when the
port now uses NO_BUILD=yes? 

-	-e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@'

This needs to stay.  Otherwise testssl.sh can't find its data files.

-	-e '/check_bsd_mount$$/d'

This too.  The check is bogus.  Testssl.sh does not require a mounted
fdescfs to work and neither does bash.

--- security/testssl.sh/pkg-message	(nonexistent)
+++ security/testssl.sh/pkg-message	(working copy)

What for?

> This port was failing if the user had selected e.g. DEFAULT_VERSIONS= ssl=openssl-devel.

I cannot replicate this with the latest version in the ports tree
(openssl-devel-1.1.0g) on 11.1/amd64.
Comment 2 Bernard Spil freebsd_committer freebsd_triage 2017-11-06 14:40:52 UTC 
Hi Tobias,

Pulled the trigger on submitting a PR too early. Sorry for the poor quality patch.

BUILD_DEP: Not relevant with NO_BUILD
Removal of patching: Hadn't investigated what it actually did
pkg-message: What was I even thinking...
i386: hadn't cracked that one yet
Comment 3 Bernard Spil freebsd_committer freebsd_triage 2017-11-06 15:39:34 UTC 
Created attachment 187800 [details]
svn diff for security/testssl.sh

Fixed openssl-unsafe building in i386 with ports r453623
Reverted removals of post-patch
No pkg-message
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-11-06 20:34:18 UTC 
A commit references this bug:

Author: tobik
Date: Mon Nov  6 20:33:13 UTC 2017
New revision: 453645
URL: https://svnweb.freebsd.org/changeset/ports/453645

Log:
  security/testssl.sh: Use security/openssl-unsafe

  This greatly simplifies the port and we can stop building our own
  unsafe openssl version.

  PR:		223457
  Submitted by:	brnrd

Changes:
  head/security/testssl.sh/Makefile
  head/security/testssl.sh/distinfo
  head/security/testssl.sh/files/
  head/security/testssl.sh/files/patch-testssl.sh
  head/security/testssl.sh/pkg-plist
Comment 5 Tobias Kortkamp freebsd_committer freebsd_triage 2017-11-06 20:35:12 UTC 
No real objections now, so committed. Thanks! :)