Created attachment 155107 [details] patch This is to particularly prevent the use of OpenSSL from base by ports, which should only use openssl port. Ports framework should first be first fixed to prevent OpenSSL from the base, then this check will serve to assure such use doesn't happen any more. See current discussion in ports@
Created attachment 155108 [details] patch
Created attachment 155109 [details] patch
Option GSSAPI=BASE will always cause this check failure, so it should be removed. Ex. ftp/curl. Banning libssl.so,libcrypto.so is sufficient to catch gssapi, because base gssapi always pulls base libssl.
If you need PKGNAME in the qa script, why don't you pass PKGNAME instead of PKGBASE-VERSION to it ?
(In reply to yuri from comment #3) GSSAPI=BASE (and GSS_API=NONE) are needed at present to help avoid these conflicts in some situation (asterisk port with SRTP support, for example). If the conflict is solved or removed GSSAPI=BASE can go away. At present an exp-run with this QA test and WITH_OPENSSL_PORT=yes can give us a picture of how bad the situation is. We should start patching things from there.
Created attachment 155116 [details] patch Corrected PKGNAME, thanks.
Why don't you add PKGNAME or whatever to QA_ENV?
Created attachment 155117 [details] patch Moved PNKNAME to QA_ENV
I believe this can be checked in as warning instead of an error first. Later, when all of them fixed, warning can be changed into an error.
Could you please commit this in the warning mode: these lines > err "Shared library ${so_name} from the base system should not be used by port." > return 1 replaced with this line > warn "Shared library ${so_name} from the base system should not be used by port." for now? At least, it will make it obvious which ports are still affected. I am getting new qbittorrent version crashing in openssl on one of the systems for no apparent reason, and working on other systems. And qbittorrent also triggers such warning.
I think that this is really premature, using openssl from base is still the default.
No way, it crashes all over the place. Look for discussion in ports@ started on Apr 1. Ask bdrewery@ if in doubt. They tried to correct this, but didn't succeed or finish yet. I have this new qbittorrent package. When I installed the same package on 3 machines, 2 work fine, and one crashes in OpenSSL. This is when I have rebuilt it manually in ports. When I rebuild it in poudriere - all 3 of them crash. Because poudriere is more likely to link with the base OpenSSL. It is a very nasty problem. Need to get rid of the base OpenSSL as soon as possible.
Currently being worked on https://reviews.freebsd.org/D5865