| 1 |
Hi everyone, |
| 2 |
|
| 3 |
Back in Jun 2012 I added a CURL_SSL to the USE_EXPAND to represent the |
| 4 |
different ssl providers for curl. This was to get away from the old ssl |
| 5 |
USE flag logic which you still see in packages like |
| 6 |
media-video/rtmpdump. Quoting from there so you don't have to go find it |
| 7 |
yourself (and removing extraneous stuff) we have: |
| 8 |
|
| 9 |
IUSE="gnutls polarssl ssl" |
| 10 |
|
| 11 |
DEPEND="ssl? ( |
| 12 |
gnutls? ( net-libs/gnutls ) |
| 13 |
polarssl? ( !gnutls? ( >=net-libs/polarssl-0.14.0 ) ) |
| 14 |
!gnutls? ( !polarssl? ( dev-libs/openssl ) ) |
| 15 |
)" |
| 16 |
|
| 17 |
pkg_setup() { |
| 18 |
if ! use ssl && ( use gnutls || use polarssl ) ; then |
| 19 |
ewarn "USE='gnutls polarssl' are ignored without USE='ssl'." |
| 20 |
ewarn "Please review the local USE flags for this package." |
| 21 |
fi |
| 22 |
} |
| 23 |
|
| 24 |
|
| 25 |
The idea is that if you say USE=ssl but nothing more, you default to |
| 26 |
openssl. This is asymmetrical and doesn't scale well. So I made the |
| 27 |
leap in curl to the following (modulo extra stuff): |
| 28 |
|
| 29 |
IUSE="${IUSE} curl_ssl_axtls curl_ssl_cyassl curl_ssl_gnutls |
| 30 |
curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl" |
| 31 |
|
| 32 |
RDEPEND=" |
| 33 |
ssl? ( |
| 34 |
curl_ssl_axtls? ( net-libs/axtls app-misc/ca-certificates ) |
| 35 |
curl_ssl_cyassl? ( net-libs/cyassl app-misc/ca-certificates ) |
| 36 |
curl_ssl_gnutls? ( |
| 37 |
|| ( |
| 38 |
( >=net-libs/gnutls-3[static-libs?] dev-libs/nettle ) |
| 39 |
( =net-libs/gnutls-2.12*[nettle,static-libs?] |
| 40 |
dev-libs/nettle ) |
| 41 |
( =net-libs/gnutls-2.12*[-nettle,static-libs?] |
| 42 |
dev-libs/libgcrypt[static-libs?] ) |
| 43 |
) |
| 44 |
app-misc/ca-certificates |
| 45 |
) |
| 46 |
curl_ssl_openssl? ( dev-libs/openssl[static-libs?] ) |
| 47 |
curl_ssl_nss? ( dev-libs/nss app-misc/ca-certificates ) |
| 48 |
curl_ssl_polarssl? ( net-libs/polarssl:= app-misc/ca-certificates ) |
| 49 |
) |
| 50 |
|
| 51 |
REQUIRED_USE=" |
| 52 |
curl_ssl_winssl? ( elibc_Winnt ) |
| 53 |
ssl? ( |
| 54 |
^^ ( |
| 55 |
curl_ssl_axtls |
| 56 |
curl_ssl_cyassl |
| 57 |
curl_ssl_gnutls |
| 58 |
curl_ssl_openssl |
| 59 |
curl_ssl_nss |
| 60 |
curl_ssl_polarssl |
| 61 |
curl_ssl_winssl |
| 62 |
) |
| 63 |
)" |
| 64 |
|
| 65 |
|
| 66 |
With the number of ssl providers growing, like libressl, and with issues |
| 67 |
like bug #510974, I think its time we consider making this a uniform way |
| 68 |
of dealing with ssl providers in gentoo. We would proceed something |
| 69 |
like this: |
| 70 |
|
| 71 |
1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL --- |
| 72 |
becuase CURL_SSL is too provincial a name. |
| 73 |
|
| 74 |
2. migrate curl and all its dependencies to the SSL use expand. |
| 75 |
|
| 76 |
3. Migrate over all consumers of ssl to the new SSL use expand system. |
| 77 |
|
| 78 |
What do people think? |
| 79 |
|
| 80 |
-- |
| 81 |
Anthony G. Basile, Ph.D. |
| 82 |
Gentoo Linux Developer [Hardened] |
| 83 |
E-Mail : blueness@g.o |
| 84 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 85 |
GnuPG ID : F52D4BBA |
Archives