From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OkFb9-0006uC-Hw for garchives@archives.gentoo.org; Sat, 14 Aug 2010 12:12:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 925E2E097E; Sat, 14 Aug 2010 12:12:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 5FF8AE0934 for ; Sat, 14 Aug 2010 12:12:17 +0000 (UTC) Received: from [83.146.207.236] (dyn-207-236-dsl.vsp.fi [83.146.207.236]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPSA id 81A071B4209 for ; Sat, 14 Aug 2010 12:12:16 +0000 (UTC) Message-ID: <4C6688B1.7070608@gentoo.org> Date: Sat, 14 Aug 2010 15:14:41 +0300 From: Samuli Suominen User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100808 Lightning/1.0b2pre Thunderbird/3.1.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Why (i.e. USE="openssl" instead of USE="ssl") References: <1281785177.6299.58.camel@lillen> In-Reply-To: <1281785177.6299.58.camel@lillen> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 25ca1adc-bc77-47fd-ad98-d96d959b14db X-Archives-Hash: a23ba497f8e94a667cc51828ac685918 On 08/14/2010 02:26 PM, Peter Hjalmarsson wrote: > This is about my beloved USE="ssl". A bit long and ranty, but if you > want the consensus, just read the last part. > > > Today a new snapshot of gnash was uploaded where the old USE="ssl" was > renamed to USE="openssl". > > So yet another package where if you want ssl support you have to > _personally_ audit what function this useflag has (i.e. does it enable > ssl or tune the ssl implementation?). > > So I wanted to figure it out, does gnash provide ssl itself and the > USE="openssl" only tunes how it is implemented or does USE="openssl" > enable ssl? > > So what does the flag really do? Their local description does not say > very much: > local:openssl:www-plugins/gnash: Enable directly using OpenSSL > > What is even "enabled directly"? Still not much smarter. > Unpacking the source and looking in ./configure --help and the strange > description for the use flag gets an explanation: > --enable-ssl Enable using OpenSSL directly > > Still not much smarter... > > Looking inside configure.ac makes me smarter tho: > > dnl Enable using OpenSSL with libnet. > AC_ARG_ENABLE(ssl, > AC_HELP_STRING([--enable-ssl], [Enable using OpenSSL directly]), > [case "${enableval}" in > yes) build_ssl=yes ;; > no) build_ssl=no ;; > *) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl option]) ;; > esac], build_ssl=no) > > So apparently it seems the flag enables ssl support using openssl. > > No, I did not review the source to make sure that build_ssl does really > build ssl, but do I really have to to find out what a USE-flag does? > > Personally I would still like the description for the useflag to really > describe the flag, like: > global:ssl: Adds support for Secure Socket Layer connections > > (and thus in this case the use flag to still be USE="ssl") > > > > And why I post here instead of making a bug is to try to start a > discussion that is still not finished[1]: > What function should useflags bring? > > There are some packages (like networkmanager) that does not have a ssl > flag (it is always enabled), and the gnutls/nss useflags are used to > fine tune what implementation to use. If non selected the upstream > preferred (nss) is chosen. > > Then there are some packages (like qemu) where there is only one flag > (USE="gnutls") that enables support for encrypten vnc. > > Then there are packages like curl where the local description of > USE="ssl" says it all: > local:ssl:net-misc/curl: Enable crypto engine support (via openssl if > USE='-gnutls -nss') > > > > > > So as a user, if I want to have Secure Socket Layer or Transport Layer > Security, do I really need to learn the name of every implementation > known to man and enable their respective use flag to ensure that my > whole system has support for it, or should I just have to enable > USE="ssl"? > And will I still be sure that those use flag did not disable a (maybe > superior or by maintainer preferred) internal ssl implementation? > > > [1] Last time I did a bugreport about this, here is the answer: > https://bugs.gentoo.org/show_bug.cgi?id=310681 Long story short: If package has SSL support, and use "ssl" is ignored or not present in a ebuild. it's plain broken. Every ebuild in tree with USE="openssl" is a QA violation, and should be fixed asap.