From nobody Tue Nov 28 01:48:32 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SfQN020GRz52QyK for ; Tue, 28 Nov 2023 01:48:32 +0000 (UTC) (envelope-from osa@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SfQN01YWrz4rNn; Tue, 28 Nov 2023 01:48:32 +0000 (UTC) (envelope-from osa@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701136112; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mStu35zj6mDSXZzUTk3PMqm3G+THh7L2nE7iLxLGefg=; b=UAB1cHkMNCeM3k/vPond36tJmXI5X0qR7lFH22qx5kkdgfoE5W017iBCvjNhtpfqnpKfzm H7m6xFXVnr0urJRcpX69EWlG2zwkxIY1IXOIchea7TKaJUUlEi74LDzF+S5ROLQ8vTxtVw RQffCiZ7GfVdm1/Jk2D5R4DlAjZmnAOvcHGfZZPzcfLmrURqOsXA8rsQn1viF0GqSmt9Kv GOtNtsWnkOIl9d3GEebhWKkuL/wkLvzKF9lcijGdQAzTstrZFb54qf8UzI8mQBbzO3NPdm 6nJ9Mxmg+DkNxQp0MdPk6koQXHI7Q4oEGqGqh2ELfdcdX5WawdhALsgA3BZKnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701136112; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mStu35zj6mDSXZzUTk3PMqm3G+THh7L2nE7iLxLGefg=; b=Gzll/dnqocmtWPmNcp5NLMndMmdG1TrlLgn/JHa7nIXQ46EULXnFbu8zzTuinXMF5I4BNB /2xYt3UZG458OtPVwTRX6RmzH31muRXfZKDAZBB55b+exTin+7yLezoE1C263Oy6Q2ZQt3 T0mUQ0PTJkzKDYd5Jt4Z/J5Eqkm1Kd/Yu7oE6iv96Nx2q+QS3GbaeffUs47RJj59kpnxLn 8Rl1rMkT5OaA2AZlXQQ2fWMDbfxEjIBi+J7iAjcFwI2yDJP6tyWB16DlSlXX1auGOCOTj1 BJXqO1PMkEwz5d/ECtslbXokFZBX/1e4YLarIqy3lYaEKBVF+EVuqGPO8bLr2w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701136112; a=rsa-sha256; cv=none; b=Iv1n8NAB3i/mONJJdTuCFOGJZ3yCGenpzKqyNtLqyhisxQ/Y4HlzSCZghzBZOBDkrU4NYB QAolim0iT9VykkyROf8mZiKY/HWtX46zot3sRXjw9X/eWLA8IJSF/Ircb1tvMvo1XGmheh ieKqOeAfHxGrkruANaNR+il5WUUrD6eL6lKEuQwQg393DJ3Brax1YGfXxPxRlTJCYu/nWB 87kZinZZael/gKOWgN1/G9pU2Jlp9O4oeD3m0Z6kPSVxaiaJyGzmTvs6Oya4S/UHcIWJ02 bx/19Z0KxakeZ9Nqkmd6+TzHUm7heSgbkVIy+6PNofaNeM9mSlgHmtlyvbiMPA== Received: by freefall.freebsd.org (Postfix, from userid 975) id 2552C10698; Tue, 28 Nov 2023 01:48:32 +0000 (UTC) Date: Tue, 28 Nov 2023 01:48:32 +0000 From: "Sergey A. Osokin" To: d@delphij.net Cc: freebsd-ports@freebsd.org, danfe@freebsd.org Subject: Re: Best practice for port that are meant to be statically linked, or how should we handle boringssl Message-ID: References: <7a92ad42-b45d-46d4-b2f2-54b4bfcf2e93@delphij.net> List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0Zi4hfgOf4RtvXoW" Content-Disposition: inline In-Reply-To: <7a92ad42-b45d-46d4-b2f2-54b4bfcf2e93@delphij.net> --0Zi4hfgOf4RtvXoW Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Sun, Nov 26, 2023 at 11:07:21PM -0800, Xin Li wrote: >=20 > I recently noticed that security/boringssl is treated in a similar way of > OpenSSL and LibreSSL. Although boringssl is derived from OpenSSL, it's > usually meant to be statically linked into the resulting binary, because > there is no guarantee of ABI stability across different releases and the > caller is expected to evolve fast enough to follow the latest version of = it. There's no releases for BoringSSL. > OpenBSD seems to be going though the statically linked route and they > install boringssl into ${PREFIX}/eboringssl instead of the regular > ${PREFIX}. This way, it's no longer conflicting with other OpenSSL/Libre= SSL > installation (technically, it still is, but only if the binary links agai= nst > both OpenSSL/LibreSSL _and_ boringssl). Generally speaking, I don't think this is the good idea to link a binary to both OpenSSL/LibreSSL _and_ BoringSSL. > Should we follow this? And is using something like ${PREFIX}/eboringssl a > good model? (I think ultimately we need something like it). A project, that wants to be depended on BoringSSL needs to be aware that last one is not intended for general use, as OpenSSL or LibreSSL is. Follow that the project needs to keep its source code consistent with changes, that BoringSSL project does, on daily basis. --=20 Sergey A. Osokin --0Zi4hfgOf4RtvXoW Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQITBAEBCgB9FiEEZTMJYdHlAQrZCsSmOBlAga+KbzQFAmVlRutfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY1 MzMwOTYxRDFFNTAxMEFEOTBBQzRBNjM4MTk0MDgxQUY4QTZGMzQACgkQOBlAga+K bzQ9DwwAoiSKOlSZpUvMRPkOuWC9LBvfsDBZg/9n31x9uKrNyeItsq9E2vbpt5Kl ZdgJN9mMbdWJbOoKy6y6OcTKHLMcbwLZJhaRcrharAspx64muH2gmuSowj/GOEHS sHcoL9dthIfuOLIVn81KpPNvmSEyeUNXhTlGJswlNxFdzfxBGA8JAVhKKAXYo1pc dMB+fEFL6R4ZqO47WM/vVvdpg3X4v03dxgwOKMSX+c8KTEBbYwy9uun5zSYimUN5 /nkjdFoCxSXWclxFkp69Nqtap8zjuoLj717pfdL5D2wf7PnuutCSXxlbDfsXnm/a sOPVGDF9WAWjaqs/t0z4b6MbeF/uY3OIcSjIPMBvYpwCxHFXRBHRcoYvK4jZNEYC 9gN6/aDq4eL3WRfWJm3iXC2l7A52UPcJx+BjEqD2h48DJUcToFCORUvPB5a62xBE 8fNCUDb6rUT05ViHyUGa0WqSbpNETmjCu/m83MsjzTYjBiFUzRg1dDPhOGHvCQGB Z9BhNeKT =+KJt -----END PGP SIGNATURE----- --0Zi4hfgOf4RtvXoW--