1 |
Friends, |
2 |
|
3 |
I think it is time to import LibreSSL[0]. There are not many packages |
4 |
left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). |
5 |
|
6 |
My idea would be: |
7 |
|
8 |
1. import "dev-libs/libressl" (this will block dev-libs/openssl) and |
9 |
introduce the global USE flag "libressl" with the following description: |
10 |
""" |
11 |
libressl - Use dev-libs/libressl as SSL provider (might need ssl USE |
12 |
flag), packages should not depend on this USE flag |
13 |
""" |
14 |
|
15 |
2. slowly start migrating those ~550 packages with "libressl" USE flag |
16 |
which is similar to gnutls USE flag. |
17 |
There will be no virtual, because those don't give sufficient control |
18 |
(libressl and openssl are not ABI compatible). |
19 |
|
20 |
I think mass commits don't work since the way we version ebuilds doesn't |
21 |
necessarily trigger git file collisions if someone bumped in between the |
22 |
commits, so the rebase will likely contain inconsistent packages. |
23 |
|
24 |
What this plan requires is: |
25 |
Everyone who is able to test libressl (e.g. via the libressl overlay |
26 |
[1]) should have permission to bump unstable arch packages with an |
27 |
additional libressl USE flag, because otherwise this will be nearly |
28 |
impossible to carry out via bug reports. |
29 |
You will need the libressl overlay for this transition period (which |
30 |
doesn't block openssl), until most ebuilds have been converted in |
31 |
unstable branch. |
32 |
|
33 |
There are also a few eclasses involved: |
34 |
mysql-v2, mysql-multilib, ssl-cert, bitcoincore and apache-2 |
35 |
|
36 |
I have created a wiki page [2] for the transition which also includes a |
37 |
list of all ebuilds that have to be converted (people should update that |
38 |
list when they add libressl support to a package). |
39 |
|
40 |
Did I miss anything? |
41 |
|
42 |
|
43 |
As always: keep bikeshed to a minimum. |
44 |
|
45 |
|
46 |
-- |
47 |
[0] http://www.libressl.org |
48 |
[1] https://github.com/gentoo/libressl |
49 |
[2] https://github.com/gentoo/libressl/wiki/Transition-plan |