> On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote: > > ? >> >>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said: >> >>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin at lispworks.com> wrote: >>> >>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said: >>>> >>>> What are peoples thoughts on how to address the support mismatch between >>>> FreeBSD and OpenSSL? And how to address it? >>> >>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the >>> pkg version of OpenSSL? Currently, it looks like you have build your own >>> ports if you want that. >> >> This pretty much breaks LibreSSL ports usage for binary package consumers. > > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always > use the base OpenSSL at the moment?Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally. In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL. For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch. Effectively, using the second tier crypto to emulate the first tier crypto would trash the second tier for everyone else. Cheers, Franco
>>>>> On Fri, 11 Dec 2020 13:28:43 +0100, Franco Fichtner said: > > > On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote: > > > > ? > >> > >>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said: > >> > >>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin at lispworks.com> wrote: > >>> > >>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said: > >>>> > >>>> What are peoples thoughts on how to address the support mismatch between > >>>> FreeBSD and OpenSSL? And how to address it? > >>> > >>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the > >>> pkg version of OpenSSL? Currently, it looks like you have build your own > >>> ports if you want that. > >> > >> This pretty much breaks LibreSSL ports usage for binary package consumers. > > > > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always > > use the base OpenSSL at the moment? > > Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally. > > In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL. > > For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch.OK, I see what you mean now. The underlying problem is that it is impossible to install packages/ports for OpenSSL and LibreSSL at the same time. __Martin
Hi Franco, On Fri, Dec 11, 2020 at 01:28:43PM +0100, Franco Fichtner wrote:> > > On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote: > > > > > > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always > > use the base OpenSSL at the moment? > > Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally. > > In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL. > > For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch. > > Effectively, using the second tier crypto to emulate the first tier crypto would trash the second tier for everyone else.Could you please clarify what you mean by "second tier crypto" and "first tier crypto"? I'm having a hard time understanding this statement. Thanks, Ben