| 1 |
I've seen a lot of ebuilds lately that use 'openssl' USE flag for the |
| 2 |
purpose of enabling ssl features. I think this should be discouraged |
| 3 |
since it introduces inconsistency and is especially confusing for |
| 4 |
packages like media-video/ffmpeg, where'd you expect to get ssl support |
| 5 |
by having the global ssl USE flag enabled. |
| 6 |
|
| 7 |
Furthermore, some packages have started to do things like |
| 8 |
REQUIRED_USE="^^ ( openssl libressl )" |
| 9 |
which is even more inconsistent now and will make it very hard for |
| 10 |
people to switch to libressl without figuring out a lot of blockers, |
| 11 |
since we have conflicting meanings of 'openssl' now. One uses it as a |
| 12 |
feature flag, the other as a provider flag. |
| 13 |
|
| 14 |
|
| 15 |
We have two choices here afais to design the USE flag meanings and how |
| 16 |
they are used by ebuild authors: |
| 17 |
|
| 18 |
A) 1 feature flag, 2 lax provider flags, 1 strict provider flag |
| 19 |
* ssl: enable any sort of SSL/TLS support |
| 20 |
* gnutls: primarily to enable gnutls provided ssl support in case |
| 21 |
there is a choice |
| 22 |
* openssl: primarily to enable openssl provided ssl support in case |
| 23 |
there is a choice (might be implemented as !gnutls? instead) |
| 24 |
* libressl: switch the openssl provider to libressl _without_ |
| 25 |
conflicting with openssl, so any alternative usage of |
| 26 |
'openssl' USE flag will not break the libressl dep-graph |
| 27 |
|
| 28 |
consequences: |
| 29 |
* REQUIRED_USE="^^ ( openssl libressl )" is _disallowed_ |
| 30 |
* packages like media-video/ffmpeg should switch the USE flag |
| 31 |
openssl->ssl to avoid confusing global user configuration, but it's |
| 32 |
not strictly disallowed |
| 33 |
|
| 34 |
|
| 35 |
B) 1 feature flag, 3 strict provider flags |
| 36 |
* ssl: enable any sort of SSL/TLS support |
| 37 |
* gnutls: only to enable gnutls provided ssl support in case there |
| 38 |
is a choice |
| 39 |
* openssl: only to enable openssl provided ssl support in case |
| 40 |
there is a choice (should not be implemented as !gnutls?) |
| 41 |
* libressl: only to enable libressl provided ssl support in case there |
| 42 |
is a choice, must conflict with 'openssl' USE flag |
| 43 |
|
| 44 |
consequences: |
| 45 |
* REQUIRED_USE="^^ ( openssl libressl )" is not only allowed, it is |
| 46 |
_mandatory_ |
| 47 |
* packages like media-video/ffmpeg _must_ switch the USE flag |
| 48 |
openssl->ssl to avoid breaking global USE flags |
| 49 |
* !gnutls? ( dev-libs/openssl:0 ) will be bad form or even disallowed |
| 50 |
|
| 51 |
|
| 52 |
A is not that difficult. Most uses of 'openssl' can just be replaced |
| 53 |
with 'ssl', others probably with '!gnutls?' even. A few exotic ones |
| 54 |
might stay and we will have to advice users to set USE="openssl |
| 55 |
libressl" instead of USE="-openssl libressl". |
| 56 |
B will definitely be more work, but ofc is also a lot cleaner and |
| 57 |
totally unambigous. |
| 58 |
|
| 59 |
I hope I didn't confuse anything here. |
Archives