Bug 270035

Summary: Developer checks for stage-qa emit false positives re: USES= ssl with OpenSSL ports
Product: Ports & Packages Reporter: Enji Cooper <ngie>
Component: Ports FrameworkAssignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Some People CC: fernape, grahamperrin, ports-bugs
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch for qa.sh none

Description Enji Cooper freebsd_committer freebsd_triage 2023-03-08 13:32:03 UTC 
“make stage-qa” emits warnings about “USES= ssl” with the OpenSSL ports ; it probably does similar with the other SSL variants, e.g., LibreSSL.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2023-03-10 11:30:01 UTC 
I've seen this too IIRC with multimedia/plexmediaserver-plexpass.
Comment 2 Enji Cooper freebsd_committer freebsd_triage 2023-03-10 18:51:08 UTC 
(In reply to Fernando Apesteguía from comment #1)

That might be valid.

It's invalid for security/openssl*, etc, because it creates a dependency loop by adding security/openssl* to the list of dependencies.
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2023-09-21 13:53:33 UTC 
Created attachment 245093 [details]
Patch for qa.sh

qa.sh checks the library requirements for every elf executable and .so file in the staging directory. If readelf(1) reports a NEEDED libcrypto.so or NEEDED libssl.so for the executable or .so file, then it warns about USES=ssl if not found in the port's Makefile.

In the case of security/libressl, qa.sh detects these libraries needed:

Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/bin/ocspcheck
Warning: (0x0000000000000001 NEEDED               Shared library: [libssl.so.53]) in /usr/local/bin/openssl
Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/bin/openssl
Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/lib/libssl.so.53.0.2

I think if the port itself provides the libcrypto.so or libssl.so libraries, then we shouldn't check for the USES=ssl.

This patch tries to address this case. It seems to work. It still warns for other ports if they link against those libraries, the libraries are not provided by the port itself and USES=ssl is not used.

Would you give it a try?
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2023-09-25 12:06:10 UTC 
https://reviews.freebsd.org/D41973
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-01-20 18:49:25 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d9fc94dd9d4227cd78b4f40a0e614c64ca1bbaa8

commit d9fc94dd9d4227cd78b4f40a0e614c64ca1bbaa8
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-09-21 12:46:10 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-01-20 18:47:41 +0000

    Scripts/qa.sh: fine tune USES=ssl recommendation

    Try to avoid the "you need USES=ssl" in ports that provide a libssl.so or
    libcrypto.so libraries themselves like security/openssl or security/libressl.

    PR:                     270035
    Approved by:            portmgr (mat@)
    Differential Revision:  https://reviews.freebsd.org/D41973

 Mk/Scripts/qa.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2024-01-20 18:50:40 UTC 
Committed,

Thanks!