From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 38B2B1387FD for ; Wed, 11 Jun 2014 11:32:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 731AAE0A65; Wed, 11 Jun 2014 11:32:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 835D6E0936 for ; Wed, 11 Jun 2014 11:32:39 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-145-97.buffalo.res.rr.com [74.77.145.97]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id A185C3400BA for ; Wed, 11 Jun 2014 11:32:38 +0000 (UTC) Message-ID: <53983E5A.5000509@gentoo.org> Date: Wed, 11 Jun 2014 07:32:42 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Creating a USE_EXPAND for ssl providers References: <53877169.3010800@gentoo.org> <539839A6.9090509@gentoo.org> In-Reply-To: <539839A6.9090509@gentoo.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Archives-Salt: b9049cf8-88c3-4930-86e8-640bc8afea38 X-Archives-Hash: fbc958ab9338fee6546a6920419d9c9f On 06/11/14 07:12, Chí-Thanh Christopher Nguyễn wrote: > Dear all, > > I'm a bit late to the party, but here is my $0.02: > >> REQUIRED_USE=" >> curl_ssl_winssl? ( elibc_Winnt ) >> ssl? ( >> ^^ ( >> [...] >> ) >> )" > I don't like this. If the user specifies several SSL providers in > make.conf, it should mean that any of these is fine and the ebuild can > choose an arbitrary one. The exactly-one-of operator would cause emerge > to complain in this case and possibly force the user to have complex > package.use setups. That's a good point and not one that I wasn't aware of. But how would we better design this? The only thing I can thing of (suggested earlier) is an eclass with some intelligence. I'm not sure of the most userfriendly way of doing this. > >> With the number of ssl providers growing, like libressl, and with >> issues like bug #510974, I think its time we consider making this a >> uniform way of dealing with ssl providers in gentoo. We would proceed >> something like this: >> >> 1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL --- >> becuase CURL_SSL is too provincial a name. >> >> 2. migrate curl and all its dependencies to the SSL use expand. >> >> 3. Migrate over all consumers of ssl to the new SSL use expand system. >> >> What do people think? > I think a better name for the USE_EXPAND would be CRYPTO_PROVIDER (or > similar) instead of just SSL, as the libraries are not strictly used for > SSL but also for other forms of crypto (e.g. [1]). Agreed. > > > Best regards, > Chí-Thanh Christopher Nguyễn > > > [1] https://bugs.gentoo.org/show_bug.cgi?id=512664 > -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA GnuPG ID : F52D4BBA