Re: [gentoo-dev] Re: Creating a USE_EXPAND for ssl providers - gentoo-dev

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-dev@l.g.o
Subject:	Re: [gentoo-dev] Re: Creating a USE_EXPAND for ssl providers
Date:	Fri, 30 May 2014 12:00:58
Message-Id:	`53887384.3060404@gentoo.org`
In Reply to:	Re: [gentoo-dev] Re: Creating a USE_EXPAND for ssl providers by Ian Stakenvicius

1

On 05/29/14 23:21, Ian Stakenvicius wrote:

2

> Sorry for the possible HTML email, this is from my phone..

3

>

4

>

5

>> On May 29, 2014, at 10:20 PM, Duncan <1i5t5.duncan@×××.net> wrote:

6

>>

7

>> Anthony G. Basile posted on Thu, 29 May 2014 13:42:01 -0400 as excerpted:

8

>>

9

>>> With the number of ssl providers growing, like libressl, and with issues

10

>>> like bug #510974, I think its time we consider making this a uniform way

11

>>> of dealing with ssl providers in gentoo.  We would proceed something

12

>>> like this:

13

>>>

14

>>> 1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL ---

15

>>> becuase CURL_SSL is too provincial a name.

16

>>>

17

>>> 2. migrate curl and all its dependencies to the SSL use expand.

18

>>>

19

>>> 3. Migrate over all consumers of ssl to the new SSL use expand system.

20

>>>

21

>>> What do  people think?

22

>> What about an ssl.eclass to handle it?

23

>>

24

>> Obviously Peter's concern about packages that only support some of the

25

>> options would need to be taken into account, with some sort of variable,

26

>> say SSL_SUPPORTED, that would be set before eclass inheritance.  Then the

27

>> eclass could formalize the general dependency logic and expose variables

28

>> of its own that could in turn be used to set package specific options.

29

>>

30

>> Or is package handling too individualized for an eclass to work well,

31

>> even with a mechanism to tell the eclass which ssl providers were

32

>> supported and further mechanisms to allow package specific logic where

33

>> required?

34

> USE_EXPAND generally works or is meant to work when all participating ebuilds are ok with working from the exact same set of flags.

35

36

Not at all.  There are a several counter examples but one particularly 

37

close to what I'm proposing is LINGUAS.  Look at how it is used in 

38

postgresql-base:

39

40

LINGUAS="af cs de en es fa fr hr hu it ko nb pl pt_BR ro ru sk sl sv tr 

41

zh_CN zh_TW"

42

43

for lingua in ${LINGUAS} ; do

44

     IUSE+=" linguas_${lingua}"

45

done

46

47

Only a few of the 251 linguas listed in profiles/desc/linguas.desc are used.

48

49

Other uses of USE_EXPAND span the spectrum and do not fit neatly into 

50

"all participating ebuilds are ok with working from the exact same set 

51

of flags."  Take a look at ELIBC where most ebuilds that invoke any 

52

elibc_* just make use of one or another elibc_* for some exceptional 

53

sitatuation, usually related to elibc_FreeBSD or elibc_uclibc.  Most of 

54

these package would not even build under, for example, elibc_Winnt.  Yet 

55

other USE_EXPANDS are localized in the tree like XTABLES_ADDONS which is 

56

only used in net-firewall/xtables-addons and little possibility of 

57

generalization to other packages.

58

59

I don't know what you mean by "working" in "working from the exact same 

60

set of flags" but there are lots of examples where ebuild simply ignore 

61

a portion of all the possible use flags in the USE_EXPAND set because 

62

they can't/don't use them.   The idea I have of a USE_EXPAND is a 

63

namespace of use flags which, like any plain global use flag, can be 

64

shared between several ebuilds.  Not that all of the use flags in that 

65

namespace need to be useable by every participating ebuild, but the 

66

namespace is meaningful to every participating ebuild.  All ebuilds that 

67

provide an ssl layer can participate in the SSL use_expand even though a 

68

package might only build against some subset of the ssl providers listed 

69

in the USE_EXPAND.

70

71

> The only case I can think of otherwise right now is PYTHON_TARGETS, and even then it is generally considered that all packages can support at least a small subset of the flags.  Even then, we have a second var (PYTHON_SINGLE_TARGET) for special case packages.

72

>

73

> If that is the case here, we should be ok with a similar concept as that brought by python-r1.eclass.  However I fear that packages are still going to need to have fallback logic or preference-based flag ordering if we are going to avoid the need for a bunch of package.use entries on end user systems.

74

75

Fallback logic would have to be on a per ebuild basis.  It makes no 

76

sense otherwise.  Eg.  There is no preferred ssl provider for curl and 

77

USE=ssl there simply means "curl will have an ssl layer" without 

78

prejudice as to the backend that will provide that ssl layer.

79

80

>

81

> Or is the plan to essentially do that anyways, ie, expect the SSL use_expand to only set one global default, and any deviations from that would be taken care of via package.use entries?

82

83

No.  What's wrong with

84

85

REQUIRED_USE="

86

     ssl? (

87

         ^^ (

88

             curl_ssl_axtls

89

             curl_ssl_cyassl

90

             curl_ssl_gnutls

91

             curl_ssl_openssl

92

             curl_ssl_nss

93

             curl_ssl_polarssl

94

             curl_ssl_winssl

95

)

96

)"

97

98

>

99

> I don't suppose PMS allows the order of the list of flags in a var to be relied upon?  That could make this easier:

100

>

101

> SSL="polarssl openssl"

102

>

103

> ... would use polarssl first and foremost but use OpenSSL iff polarssl isn't supported by the package (assuming OpenSSL is); the eclass would handle the preference logic that would make the secondary flags be ignored in favour of the primary one.

104

>

105

> Thoughts?

106

>

107

>

108

>> --

109

>> Duncan - List replies preferred.   No HTML msgs.

110

>> "Every nonfree program has a lord, a master --

111

>> and if you use the program, he is your master."  Richard Stallman

112

>>

113

>>

114

115

116

--

117

Anthony G. Basile, Ph.D.

118

Gentoo Linux Developer [Hardened]

119

E-Mail    : blueness@g.o

120

GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA

121

GnuPG ID  : F52D4BBA

Gentoo Archives: gentoo-dev

Replies

1	On 05/29/14 23:21, Ian Stakenvicius wrote:
2	> Sorry for the possible HTML email, this is from my phone..
3	>
4	>
5	>> On May 29, 2014, at 10:20 PM, Duncan <1i5t5.duncan@×××.net> wrote:
6	>>
7	>> Anthony G. Basile posted on Thu, 29 May 2014 13:42:01 -0400 as excerpted:
8	>>
9	>>> With the number of ssl providers growing, like libressl, and with issues
10	>>> like bug #510974, I think its time we consider making this a uniform way
11	>>> of dealing with ssl providers in gentoo. We would proceed something
12	>>> like this:
13	>>>
14	>>> 1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL ---
15	>>> becuase CURL_SSL is too provincial a name.
16	>>>
17	>>> 2. migrate curl and all its dependencies to the SSL use expand.
18	>>>
19	>>> 3. Migrate over all consumers of ssl to the new SSL use expand system.
20	>>>
21	>>> What do people think?
22	>> What about an ssl.eclass to handle it?
23	>>
24	>> Obviously Peter's concern about packages that only support some of the
25	>> options would need to be taken into account, with some sort of variable,
26	>> say SSL_SUPPORTED, that would be set before eclass inheritance. Then the
27	>> eclass could formalize the general dependency logic and expose variables
28	>> of its own that could in turn be used to set package specific options.
29	>>
30	>> Or is package handling too individualized for an eclass to work well,
31	>> even with a mechanism to tell the eclass which ssl providers were
32	>> supported and further mechanisms to allow package specific logic where
33	>> required?
34	> USE_EXPAND generally works or is meant to work when all participating ebuilds are ok with working from the exact same set of flags.
35
36	Not at all. There are a several counter examples but one particularly
37	close to what I'm proposing is LINGUAS. Look at how it is used in
38	postgresql-base:
39
40	LINGUAS="af cs de en es fa fr hr hu it ko nb pl pt_BR ro ru sk sl sv tr
41	zh_CN zh_TW"
42
43	for lingua in ${LINGUAS} ; do
44	IUSE+=" linguas_${lingua}"
45	done
46
47	Only a few of the 251 linguas listed in profiles/desc/linguas.desc are used.
48
49	Other uses of USE_EXPAND span the spectrum and do not fit neatly into
50	"all participating ebuilds are ok with working from the exact same set
51	of flags." Take a look at ELIBC where most ebuilds that invoke any
52	elibc_* just make use of one or another elibc_* for some exceptional
53	sitatuation, usually related to elibc_FreeBSD or elibc_uclibc. Most of
54	these package would not even build under, for example, elibc_Winnt. Yet
55	other USE_EXPANDS are localized in the tree like XTABLES_ADDONS which is
56	only used in net-firewall/xtables-addons and little possibility of
57	generalization to other packages.
58
59	I don't know what you mean by "working" in "working from the exact same
60	set of flags" but there are lots of examples where ebuild simply ignore
61	a portion of all the possible use flags in the USE_EXPAND set because
62	they can't/don't use them. The idea I have of a USE_EXPAND is a
63	namespace of use flags which, like any plain global use flag, can be
64	shared between several ebuilds. Not that all of the use flags in that
65	namespace need to be useable by every participating ebuild, but the
66	namespace is meaningful to every participating ebuild. All ebuilds that
67	provide an ssl layer can participate in the SSL use_expand even though a
68	package might only build against some subset of the ssl providers listed
69	in the USE_EXPAND.
70
71	> The only case I can think of otherwise right now is PYTHON_TARGETS, and even then it is generally considered that all packages can support at least a small subset of the flags. Even then, we have a second var (PYTHON_SINGLE_TARGET) for special case packages.
72	>
73	> If that is the case here, we should be ok with a similar concept as that brought by python-r1.eclass. However I fear that packages are still going to need to have fallback logic or preference-based flag ordering if we are going to avoid the need for a bunch of package.use entries on end user systems.
74
75	Fallback logic would have to be on a per ebuild basis. It makes no
76	sense otherwise. Eg. There is no preferred ssl provider for curl and
77	USE=ssl there simply means "curl will have an ssl layer" without
78	prejudice as to the backend that will provide that ssl layer.
79
80	>
81	> Or is the plan to essentially do that anyways, ie, expect the SSL use_expand to only set one global default, and any deviations from that would be taken care of via package.use entries?
82
83	No. What's wrong with
84
85	REQUIRED_USE="
86	ssl? (
87	^^ (
88	curl_ssl_axtls
89	curl_ssl_cyassl
90	curl_ssl_gnutls
91	curl_ssl_openssl
92	curl_ssl_nss
93	curl_ssl_polarssl
94	curl_ssl_winssl
95	)
96	)"
97
98	>
99	> I don't suppose PMS allows the order of the list of flags in a var to be relied upon? That could make this easier:
100	>
101	> SSL="polarssl openssl"
102	>
103	> ... would use polarssl first and foremost but use OpenSSL iff polarssl isn't supported by the package (assuming OpenSSL is); the eclass would handle the preference logic that would make the secondary flags be ignored in favour of the primary one.
104	>
105	> Thoughts?
106	>
107	>
108	>> --
109	>> Duncan - List replies preferred. No HTML msgs.
110	>> "Every nonfree program has a lord, a master --
111	>> and if you use the program, he is your master." Richard Stallman
112	>>
113	>>
114
115
116	--
117	Anthony G. Basile, Ph.D.
118	Gentoo Linux Developer [Hardened]
119	E-Mail : blueness@g.o
120	GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
121	GnuPG ID : F52D4BBA