| 1 |
Friends, |
| 2 |
|
| 3 |
I think it is time to import LibreSSL[0]. There are not many packages |
| 4 |
left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). |
| 5 |
|
| 6 |
My idea would be: |
| 7 |
|
| 8 |
1. import "dev-libs/libressl" (this will block dev-libs/openssl) and |
| 9 |
introduce the global USE flag "libressl" with the following description: |
| 10 |
""" |
| 11 |
libressl - Use dev-libs/libressl as SSL provider (might need ssl USE |
| 12 |
flag), packages should not depend on this USE flag |
| 13 |
""" |
| 14 |
|
| 15 |
2. slowly start migrating those ~550 packages with "libressl" USE flag |
| 16 |
which is similar to gnutls USE flag. |
| 17 |
There will be no virtual, because those don't give sufficient control |
| 18 |
(libressl and openssl are not ABI compatible). |
| 19 |
|
| 20 |
I think mass commits don't work since the way we version ebuilds doesn't |
| 21 |
necessarily trigger git file collisions if someone bumped in between the |
| 22 |
commits, so the rebase will likely contain inconsistent packages. |
| 23 |
|
| 24 |
What this plan requires is: |
| 25 |
Everyone who is able to test libressl (e.g. via the libressl overlay |
| 26 |
[1]) should have permission to bump unstable arch packages with an |
| 27 |
additional libressl USE flag, because otherwise this will be nearly |
| 28 |
impossible to carry out via bug reports. |
| 29 |
You will need the libressl overlay for this transition period (which |
| 30 |
doesn't block openssl), until most ebuilds have been converted in |
| 31 |
unstable branch. |
| 32 |
|
| 33 |
There are also a few eclasses involved: |
| 34 |
mysql-v2, mysql-multilib, ssl-cert, bitcoincore and apache-2 |
| 35 |
|
| 36 |
I have created a wiki page [2] for the transition which also includes a |
| 37 |
list of all ebuilds that have to be converted (people should update that |
| 38 |
list when they add libressl support to a package). |
| 39 |
|
| 40 |
Did I miss anything? |
| 41 |
|
| 42 |
|
| 43 |
As always: keep bikeshed to a minimum. |
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
[0] http://www.libressl.org |
| 48 |
[1] https://github.com/gentoo/libressl |
| 49 |
[2] https://github.com/gentoo/libressl/wiki/Transition-plan |
Archives