1 |
I've seen a lot of ebuilds lately that use 'openssl' USE flag for the |
2 |
purpose of enabling ssl features. I think this should be discouraged |
3 |
since it introduces inconsistency and is especially confusing for |
4 |
packages like media-video/ffmpeg, where'd you expect to get ssl support |
5 |
by having the global ssl USE flag enabled. |
6 |
|
7 |
Furthermore, some packages have started to do things like |
8 |
REQUIRED_USE="^^ ( openssl libressl )" |
9 |
which is even more inconsistent now and will make it very hard for |
10 |
people to switch to libressl without figuring out a lot of blockers, |
11 |
since we have conflicting meanings of 'openssl' now. One uses it as a |
12 |
feature flag, the other as a provider flag. |
13 |
|
14 |
|
15 |
We have two choices here afais to design the USE flag meanings and how |
16 |
they are used by ebuild authors: |
17 |
|
18 |
A) 1 feature flag, 2 lax provider flags, 1 strict provider flag |
19 |
* ssl: enable any sort of SSL/TLS support |
20 |
* gnutls: primarily to enable gnutls provided ssl support in case |
21 |
there is a choice |
22 |
* openssl: primarily to enable openssl provided ssl support in case |
23 |
there is a choice (might be implemented as !gnutls? instead) |
24 |
* libressl: switch the openssl provider to libressl _without_ |
25 |
conflicting with openssl, so any alternative usage of |
26 |
'openssl' USE flag will not break the libressl dep-graph |
27 |
|
28 |
consequences: |
29 |
* REQUIRED_USE="^^ ( openssl libressl )" is _disallowed_ |
30 |
* packages like media-video/ffmpeg should switch the USE flag |
31 |
openssl->ssl to avoid confusing global user configuration, but it's |
32 |
not strictly disallowed |
33 |
|
34 |
|
35 |
B) 1 feature flag, 3 strict provider flags |
36 |
* ssl: enable any sort of SSL/TLS support |
37 |
* gnutls: only to enable gnutls provided ssl support in case there |
38 |
is a choice |
39 |
* openssl: only to enable openssl provided ssl support in case |
40 |
there is a choice (should not be implemented as !gnutls?) |
41 |
* libressl: only to enable libressl provided ssl support in case there |
42 |
is a choice, must conflict with 'openssl' USE flag |
43 |
|
44 |
consequences: |
45 |
* REQUIRED_USE="^^ ( openssl libressl )" is not only allowed, it is |
46 |
_mandatory_ |
47 |
* packages like media-video/ffmpeg _must_ switch the USE flag |
48 |
openssl->ssl to avoid breaking global USE flags |
49 |
* !gnutls? ( dev-libs/openssl:0 ) will be bad form or even disallowed |
50 |
|
51 |
|
52 |
A is not that difficult. Most uses of 'openssl' can just be replaced |
53 |
with 'ssl', others probably with '!gnutls?' even. A few exotic ones |
54 |
might stay and we will have to advice users to set USE="openssl |
55 |
libressl" instead of USE="-openssl libressl". |
56 |
B will definitely be more work, but ofc is also a lot cleaner and |
57 |
totally unambigous. |
58 |
|
59 |
I hope I didn't confuse anything here. |