From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3D2511381FA for ; Thu, 29 May 2014 17:39:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 71491E08F4; Thu, 29 May 2014 17:39:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 56206E077C for ; Thu, 29 May 2014 17:39:38 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-145-97.buffalo.res.rr.com [74.77.145.97]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id 340F833BED2 for ; Thu, 29 May 2014 17:39:36 +0000 (UTC) Message-ID: <53877169.3010800@gentoo.org> Date: Thu, 29 May 2014 13:42:01 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: Gentoo Development Subject: [gentoo-dev] Creating a USE_EXPAND for ssl providers Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 667e2661-df52-4e90-a420-f94e6fe1d58f X-Archives-Hash: 3fd9df7fdd7ac976b87e4e15587bfa63 Hi everyone, Back in Jun 2012 I added a CURL_SSL to the USE_EXPAND to represent the different ssl providers for curl. This was to get away from the old ssl USE flag logic which you still see in packages like media-video/rtmpdump. Quoting from there so you don't have to go find it yourself (and removing extraneous stuff) we have: IUSE="gnutls polarssl ssl" DEPEND="ssl? ( gnutls? ( net-libs/gnutls ) polarssl? ( !gnutls? ( >=net-libs/polarssl-0.14.0 ) ) !gnutls? ( !polarssl? ( dev-libs/openssl ) ) )" pkg_setup() { if ! use ssl && ( use gnutls || use polarssl ) ; then ewarn "USE='gnutls polarssl' are ignored without USE='ssl'." ewarn "Please review the local USE flags for this package." fi } The idea is that if you say USE=ssl but nothing more, you default to openssl. This is asymmetrical and doesn't scale well. So I made the leap in curl to the following (modulo extra stuff): IUSE="${IUSE} curl_ssl_axtls curl_ssl_cyassl curl_ssl_gnutls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl" RDEPEND=" ssl? ( curl_ssl_axtls? ( net-libs/axtls app-misc/ca-certificates ) curl_ssl_cyassl? ( net-libs/cyassl app-misc/ca-certificates ) curl_ssl_gnutls? ( || ( ( >=net-libs/gnutls-3[static-libs?] dev-libs/nettle ) ( =net-libs/gnutls-2.12*[nettle,static-libs?] dev-libs/nettle ) ( =net-libs/gnutls-2.12*[-nettle,static-libs?] dev-libs/libgcrypt[static-libs?] ) ) app-misc/ca-certificates ) curl_ssl_openssl? ( dev-libs/openssl[static-libs?] ) curl_ssl_nss? ( dev-libs/nss app-misc/ca-certificates ) curl_ssl_polarssl? ( net-libs/polarssl:= app-misc/ca-certificates ) ) REQUIRED_USE=" curl_ssl_winssl? ( elibc_Winnt ) ssl? ( ^^ ( curl_ssl_axtls curl_ssl_cyassl curl_ssl_gnutls curl_ssl_openssl curl_ssl_nss curl_ssl_polarssl curl_ssl_winssl ) )" With the number of ssl providers growing, like libressl, and with issues like bug #510974, I think its time we consider making this a uniform way of dealing with ssl providers in gentoo. We would proceed something like this: 1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL --- becuase CURL_SSL is too provincial a name. 2. migrate curl and all its dependencies to the SSL use expand. 3. Migrate over all consumers of ssl to the new SSL use expand system. What do people think? -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA GnuPG ID : F52D4BBA