Too many third-party ports expect to be able to find OpenSSL or libcrypto/libssl through pkg-config. We may want to decide whether to provide libssl.pc, libcrypto.pc and openssl.pc files, as the ports to, for the base openssl. See for instance https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257658
(In reply to Matthias Andree from comment #0) +1 for providing 3 *.pc files. With latest update to security/tpm2-tss, it forcibly pulls in security/openssl and causing some other ports depending on base openssl to fail. See Bug 262569. Adding 3 *.pc files, picked from stage directory of security/openssl with partial modification, to /usr/libdata/pkgconfig and reverting partially solved the issue. Currently no idea where to store *.pc files under /usr/src and how to pick them, I'll upload here the modified *.pc files later. Candidates are: Put under /usr/src/secure/ and modify Makefile there for all 3 *.pc files. Put libcrypto.pc under /usr/src/secure/libcrypto/, libssl.pc under /usr/src/secure/libssl/, openssl.pc under /usr/src/secure/usr.bin/openssl/ and modify each Makefile there. Note that every supported releng/* branches would need different version strings, while main, stable/13 and stable/12 are OK.
Created attachment 232544 [details] libcrypto.pc for main, stable/13 and stable/12 libcrypto.pc for main, stable/13 and stable/12. Picked from stagedir of security/openssl and modified "prefix=/usr/local" to "prefix=/usr".
Created attachment 232545 [details] libssl.pc for main, stable/13 and stable/12 libssl.pc for main, stable/13 and stable/12. Picked from stagedir of security/openssl and modified "prefix=/usr/local" to "prefix=/usr".
Created attachment 232546 [details] openssl.pc for main, stable/13 and stable/12. openssl.pc for main, stable/13 and stable/12. Picked from stagedir of security/openssl and modified "prefix=/usr/local" to "prefix=/usr".
Sorry. Missed file type for libcrypto.pc and libssl.pc. They aren't diff files, but plain texts. Would be no harm to download, though.
Personally I don't like adding these files to the base. However, portmgr has to make the decision ultimately because it may break existing ports and they own ports/Mk/Uses/ssl, etc.
(In reply to Jung-uk Kim from comment #6) Agreed that it should be of a decision by portmgr. But if decided not to install *.pc files, and your fix on Bug 262569 (CONFIGURE_ENV= CRYPTO_CFLAGS="-I${OPENSSLINC}" CRYPTO_LIBS="-L${OPENSSLLIB} -lcrypto" \ line) is generic enough, CRYPTO_CFLAGS setting should be in Mk/Uses/ssl.mk, maybe as CONFIGURE_ENV+=. I couldn't find these usage of variables on Chapter 17.88 ssl of Porter's Handbook. It only describes about MAKE_ENV.
Do we have any way of controlling what OpenSSL variant ports will pick up if we have both base and port providing .pc files ? I'm not sure if modifying PKG_CONFIG_LIBDIR and PKG_CONFIG_PATH is the right way to go in that regard.
(In reply to Tomoaki AOKI from comment #7) We should be careful of setting global variables as they might interfere with ports in general. I'm fairly sure that I've seen examples of the being mentioned in Porters Handbook at some point.
(In reply to Daniel Engberg from comment #9) Hm, so does it seem reasonable that... *Base installs *.pc files somewhere under /usr/share/examples/. (/usr/share/examples/openssl/?) *Create brand-new port that picks *.pc from /usr/share/examples/*/ and installs them into /usr/libdata/pkgconfig/, CONFLICTS_INSTALLs with all SSL-related ports which installs libcrypto.so and/or libssl.so. */usr/ports/Mk/Uses/ssl.mk sets BUILD_DEPENDS with the port mentioned above if DEFAULT_VERSIONS+=ssl=base or none specified (defaulted to base by /usr/ports/Mk/bsd.default-versions.mk currently). *Any src comitter who updated base OpenSSL bump the port ASAP. Assuming one port maintainer promotes to ports committer, and if approved afterwards, get src commit bit, meaning every src committer also have ports commit bit.
*** Bug 257158 has been marked as a duplicate of this bug. ***
Also related, https://reviews.freebsd.org/D37988
Created attachment 244838 [details] patch for security/libfido2/Makefile
I am trying to build an environment with the security/openssl30 package installed with 13.2-RELEASE ("DEFAULT_VERSIONS+=ssl=openssl30" in make.conf), but the /usr/libdata/pkgconfig/libcrypto.pc file causes security/libfido2 to fail to build. I applied the patch attached to /usr/ports/security/libfido2/Makefile and it worked, but is there any better way? I think trying to switch to security/openssl30 may cause similar problems in other ports using cmake to build.