As an example, Juniper Networks needs openldap-sasl-client in order to authenticate on our FreeBSD build systems. But openldap-client is a dependacy for a LARGE number of other ports we need to use.
The 'ldd' difference that SASL support adds is only:
libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2
liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2
+ libsasl2.so.3 => /usr/local/lib/libsasl2.so.3
libssl.so.111 => /usr/lib/libssl.so.111
libcrypto.so.111 => /lib/libcrypto.so.111
libc.so.7 => /lib/libc.so.7
+ libdl.so.1 => /usr/lib/libdl.so.1
libthr.so.3 => /lib/libthr.so.3
I do not see this as a burden given the LARGE number of dependancies most of our other ports have grown in the last decade as every knob of functionality seems turned on in many.
SASL support should be the default for openldap-client given it is so low cost, but the cost of having to build 1000 packages from source is a high burden on an organization.
*** Bug 257375 has been marked as a duplicate of this bug. ***
See also: bug 248222
Created attachment 226671 [details]
Patch for exp-run that permanently enables SASL for OpenLDAP port
(For portmgr@ -- should the exp-run passes, may I also request an approval to commit the change to individual ports that depends on openldap24-client instead of seeking approval from maintainers individually? These are mainly to adapt with new port option. I can revert the databases/mysql57-server/Makefile change which drops llvm 9.0 dependency, if that's considered controversial.).
*** Bug 257234 has been marked as a duplicate of this bug. ***
https://reviews.freebsd.org/D31301 is the same patch
(In reply to Xin LI from comment #6)
Why do you want to remove the option to build without SASL support, instead of only swaping the default?
Pre-built packages would fit the needs as described in this report, but anyobody else, not needing/wanting SASL dependency, still was able to build the lean package?
I'd strongly vote for keeping options in place and just add SASL to OPTIONS_DEFAULT (along with the fixes in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257234)
The port even respects build-time installation variants nicely.
I'm missing the benefit of removing the variant.
(In reply to Harald Schmalzbauer from comment #7)
Supporting SASL is part of LDAPv3 RFC wire protocol, so it's not unreasonable that a third party expected it and as you can see there are some highly used packages that depended on it.
And immediately after flipping the default, we are reinforcing that expectation; ports which will not work with a non-SASL variant of OpenLDAP would be silently broken instead of being pointed out by package builders, and it would be a waste of time for users who opt to a !SASL version of OpenLDAP.
Therefore, making it an option is a no go in my opinion.
Can you refresh the patch?
error: patch failed: mail/postfix-current/Makefile:2
error: mail/postfix-current/Makefile: patch does not apply
error: patch failed: mail/postfix/Makefile:2
error: mail/postfix/Makefile: patch does not apply
error: patch failed: mail/postfix35/Makefile:2
error: mail/postfix35/Makefile: patch does not apply
Created attachment 226751 [details]
Refresh with latest main
Sure, here you go
Exp-run looks fine
A commit in branch main references this bug:
Author: Xin LI <delphij@FreeBSD.org>
AuthorDate: 2021-08-01 08:31:01 +0000
Commit: Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-08-01 08:32:35 +0000
net/openldap24-server: Make SASL permanent for OpenLDAP port.
Reviewed by: obrien
Approved by: portmgr (exp-run by antoine)
Differential Revision: https://reviews.freebsd.org/D31301
CHANGES | 5 +++
MOVED | 1 +
Mk/bsd.ldap.mk | 13 +-------
Mk/bsd.port.mk | 5 +--
UPDATING | 13 ++++++++
databases/mysql57-client/Makefile | 4 +--
databases/mysql57-server/Makefile | 11 -------
databases/percona57-client/Makefile | 4 +--
lang/php73/Makefile | 2 +-
lang/php73/Makefile.ext | 6 +---
lang/php74/Makefile | 2 +-
lang/php74/Makefile.ext | 6 +---
lang/php80/Makefile | 2 +-
lang/php80/Makefile.ext | 6 +---
mail/opendkim/Makefile | 6 +---
mail/postfix-current/Makefile | 13 ++------
mail/postfix/Makefile | 13 ++------
mail/postfix35/Makefile | 13 ++------
mail/vpopmail/Makefile | 8 ++---
net-mgmt/adcli/Makefile | 3 +-
net/Makefile | 1 -
net/ldapscripts/Makefile | 2 +-
net/nss-pam-ldapd/Makefile | 2 +-
net/nss_ldap/Makefile | 10 ++----
net/openldap24-sasl-client/Makefile (gone) | 7 ----
net/openldap24-server/Makefile | 53 +++++-------------------------
net/py-ldap/Makefile | 10 +-----
net/py-ldap0/Makefile | 4 +--
security/cyrus-sasl2-ldapdb/Makefile | 7 ----
security/cyrus-sasl2-saslauthd/Makefile | 6 ++--
security/cyrus-sasl2/Makefile | 2 +-
security/heimdal/Makefile | 5 +--
sysutils/ldapvi/Makefile | 7 +---
sysutils/msktutil/Makefile | 3 +-
34 files changed, 65 insertions(+), 190 deletions(-)
*** Bug 248222 has been marked as a duplicate of this bug. ***