223457 – security/testssl.sh: Use security/openssl-unsafe

Bug 223457 - security/testssl.sh: Use security/openssl-unsafe

Summary: security/testssl.sh: Use security/openssl-unsafe

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Tobias Kortkamp

URL:
Keywords:	needs-qa, patch

Depends on:
Blocks:

Reported:	2017-11-05 22:13 UTC by Bernard Spil
Modified:	2017-11-06 20:35 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
svn diff for security/testssl.sh (5.48 KB, patch) 2017-11-05 22:13 UTC, Bernard Spil	tobik: maintainer-approval-	Details \| Diff
svn diff for security/testssl.sh (4.91 KB, patch) 2017-11-06 15:39 UTC, Bernard Spil	brnrd: maintainer-approval?	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Spil freebsd_committer

2017-11-05 22:13:14 UTC

Created attachment 187771 [details]
svn diff for security/testssl.sh

```
security/testssl.sh: Use secutity/openssl-unsafe

 - Run with security/openssl-unsafe

PR: ?
```

The security/openssl-unsafe port is exactly what you should want to depend on. This port was failing if the user had selected e.g. DEFAULT_VERSIONS= ssl=openssl-devel.

Comment 1 Tobias Kortkamp freebsd_committer

2017-11-06 14:20:51 UTC

Comment on attachment 187771 [details]
svn diff for security/testssl.sh

Sure, in principle this sound like a good idea.  However there are a
couple of issues.

+.if ${ARCH} != i386
+BUILD_DEPENDS=	${LOCALBASE}/openssl-unsafe/bin/openssl:security/openssl-unsafe
+RUN_DEPENDS+=	${BUILD_DEPENDS_amd64}

 post-patch:
+	${REINPLACE_CMD} -e "s|OPENSSL=PREFIX|OPENSSL=${PREFIX}|" ${WRKSRC}/testssl.sh
+.endif

So what happens on i386?  Why is openssl-unsafe not working on i386?
What does BUILD_DEPENDS_amd64 do?  Why even set BUILD_DEPENDS when the
port now uses NO_BUILD=yes? 

-	-e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@'

This needs to stay.  Otherwise testssl.sh can't find its data files.

-	-e '/check_bsd_mount$$/d'

This too.  The check is bogus.  Testssl.sh does not require a mounted
fdescfs to work and neither does bash.

--- security/testssl.sh/pkg-message	(nonexistent)
+++ security/testssl.sh/pkg-message	(working copy)

What for?

> This port was failing if the user had selected e.g. DEFAULT_VERSIONS= ssl=openssl-devel.

I cannot replicate this with the latest version in the ports tree
(openssl-devel-1.1.0g) on 11.1/amd64.

Comment 2 Bernard Spil freebsd_committer

2017-11-06 14:40:52 UTC

Hi Tobias,

Pulled the trigger on submitting a PR too early. Sorry for the poor quality patch.

BUILD_DEP: Not relevant with NO_BUILD
Removal of patching: Hadn't investigated what it actually did
pkg-message: What was I even thinking...
i386: hadn't cracked that one yet

Comment 3 Bernard Spil freebsd_committer

2017-11-06 15:39:34 UTC

Created attachment 187800 [details]
svn diff for security/testssl.sh

Fixed openssl-unsafe building in i386 with ports r453623
Reverted removals of post-patch
No pkg-message

Comment 4 commit-hook freebsd_committer

2017-11-06 20:34:18 UTC

A commit references this bug:

Author: tobik
Date: Mon Nov  6 20:33:13 UTC 2017
New revision: 453645
URL: https://svnweb.freebsd.org/changeset/ports/453645

Log:
  security/testssl.sh: Use security/openssl-unsafe

  This greatly simplifies the port and we can stop building our own
  unsafe openssl version.

  PR:		223457
  Submitted by:	brnrd

Changes:
  head/security/testssl.sh/Makefile
  head/security/testssl.sh/distinfo
  head/security/testssl.sh/files/
  head/security/testssl.sh/files/patch-testssl.sh
  head/security/testssl.sh/pkg-plist

Comment 5 Tobias Kortkamp freebsd_committer

2017-11-06 20:35:12 UTC

No real objections now, so committed. Thanks! :)