Bug 270035 - Developer checks for stage-qa emit false positives re: USES= ssl with OpenSSL ports
Summary: Developer checks for stage-qa emit false positives re: USES= ssl with OpenSSL...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Ports Framework (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Fernando Apesteguía
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-08 13:32 UTC by Enji Cooper
Modified: 2024-01-20 18:50 UTC (History)
3 users (show)

See Also:

Attachments
Patch for qa.sh (995 bytes, patch)
2023-09-21 13:53 UTC, Fernando Apesteguía 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Enji Cooper freebsd_committer freebsd_triage 2023-03-08 13:32:03 UTC 
“make stage-qa” emits warnings about “USES= ssl” with the OpenSSL ports ; it probably does similar with the other SSL variants, e.g., LibreSSL.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2023-03-10 11:30:01 UTC 
I've seen this too IIRC with multimedia/plexmediaserver-plexpass.
Comment 2 Enji Cooper freebsd_committer freebsd_triage 2023-03-10 18:51:08 UTC 
(In reply to Fernando Apesteguía from comment #1)

That might be valid.

It's invalid for security/openssl*, etc, because it creates a dependency loop by adding security/openssl* to the list of dependencies.
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2023-09-21 13:53:33 UTC 
Created attachment 245093 [details]
Patch for qa.sh

qa.sh checks the library requirements for every elf executable and .so file in the staging directory. If readelf(1) reports a NEEDED libcrypto.so or NEEDED libssl.so for the executable or .so file, then it warns about USES=ssl if not found in the port's Makefile.

In the case of security/libressl, qa.sh detects these libraries needed:

Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/bin/ocspcheck
Warning: (0x0000000000000001 NEEDED               Shared library: [libssl.so.53]) in /usr/local/bin/openssl
Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/bin/openssl
Warning: (0x0000000000000001 NEEDED               Shared library: [libcrypto.so.50]) in /usr/local/lib/libssl.so.53.0.2

I think if the port itself provides the libcrypto.so or libssl.so libraries, then we shouldn't check for the USES=ssl.

This patch tries to address this case. It seems to work. It still warns for other ports if they link against those libraries, the libraries are not provided by the port itself and USES=ssl is not used.

Would you give it a try?
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2023-09-25 12:06:10 UTC 
https://reviews.freebsd.org/D41973
Comment 5 commit-hook freebsd_committer freebsd_triage 2024-01-20 18:49:25 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d9fc94dd9d4227cd78b4f40a0e614c64ca1bbaa8

commit d9fc94dd9d4227cd78b4f40a0e614c64ca1bbaa8
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-09-21 12:46:10 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-01-20 18:47:41 +0000

    Scripts/qa.sh: fine tune USES=ssl recommendation

    Try to avoid the "you need USES=ssl" in ports that provide a libssl.so or
    libcrypto.so libraries themselves like security/openssl or security/libressl.

    PR:                     270035
    Approved by:            portmgr (mat@)
    Differential Revision:  https://reviews.freebsd.org/D41973

 Mk/Scripts/qa.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2024-01-20 18:50:40 UTC 
Committed,

Thanks!