Bug 234612 - security/p5-openxpki: 2.2.3 package is missing in FreeBSD 12.0 (BROKEN with OpenSSL 1.1.x)
Summary: security/p5-openxpki: 2.2.3 package is missing in FreeBSD 12.0 (BROKEN with O...
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-04 13:56 UTC by Anton Samsonov
Modified: 2019-10-11 12:43 UTC (History)
2 users (show)

See Also:
svysh.fbsd: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Samsonov 2019-01-04 13:56:41 UTC 
After updating to FreeBSD 12.0, I no longer see p5-openxpki binary package
(for both amd64 and i386), although p5-openxpki-i18n-2.2.3 is still provided.
According to Bug 233564 this port is actively maintained, and no takedown
was mentioned in release notes, so I suppose said issue is just a mistake.
Comment 1 Sergei Vyshenski 2019-01-04 21:21:29 UTC 
A note from maintainer.

Have little understanding about how ports are selected to be represented in the central binary package repository, and who controls this selection. I can only speculate, that most probably binary packages are prepared mainly for default configuration of the freshly installed bare system. 

But you can not build port security/p5-openxpki on 12.0 with defaults. You have to alter default configuration by placing a line "DEFAULT_VERSIONS+=      ssl=openssl" to the file  /etc/make.conf. In other words, you have to rebuild all of your ports with openssl-1.0.2 from ports. (Note, that 12.0 has openssl-1.1.1 in a base system.)

The reason why this is necessary, is a line "BROKEN_SSL= openssl111" in the port's Makefile. And the reason for the latter is a sad fact, that upstream still does not support openssl-1.1.x. 

At the moment I am working on this problem together with the upstream. But the story promises to be long, because a number of dependencies for this port also do not support openssl-1.1.x.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2019-01-05 01:11:49 UTC 
Consider this issue resolved (answered) with: "broken with openssl111, the openssl version in 12.0-RELEASE base, which is the root cause of a missing package, as it cannot be built.". Maintainer also provided a workaround (replacing openssl111 with openssl (1.0x)

@Sergei Please re-open this issue with a patch for OpenSSL 1.1.x support when it's ready.
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2019-01-05 13:45:20 UTC 
(In reply to Sergei Vyshenski from comment #1)

> Have little understanding about how ports are selected to be represented in
> the central binary package repository, and who controls this selection.

The packages are generated by portmgr using poudriere using default configurations.  So, anything that does not show up in 'make -V IGNORE' for that ARCH and OSVERSION will be published.  Given that there are over 35,000 ports and more than a dozen supported combinations of ARCH and OSVERSION, it is not possible to adjust configurations for individual ports.
Comment 4 Sergei Vyshenski 2019-10-11 12:43:03 UTC 
PR #241196 offers a version of openxpki, which build fine at both openssl 1.0 and 1.1.