Fink:Policy:system-openssl
Linking Against the System OpenSSL
There is a package in Fink called system-openssl-dev that exists to make it easier to link software against Apple's provided OpenSSL (why?). It creates symlinks in prefix/lib/system-openssl that you can use to override the flags of existing software.
In some cases, you will have to patch your package to point to the system-openssl directory, but most likely, all you will have to do to use system-openssl-dev is to set one or more of the following:
CPPFLAGS: -I%p/lib/system-openssl/include CFLAGS: -I%p/lib/system-openssl/include CXXFLAGS: -I%p/lib/system-openssl/include LDFLAGS: -L%p/lib/system-openssl/lib LIBS: -L%p/lib/system-openssl/lib PKG_CONFIG_PATH: %p/lib/system-openssl/lib/pkgconfig
Creating Upgrade Packages
Since the goal is to create packages using OpenSSL that don't have to be in the crypto/ tree, you will probably want to make upgrade packages for the old versions of your SSL packages. If you have a set of packages such as foo and foo-ssl both of which have splitoffs, you will have conflict/upgrade issues if you just make a new foo-ssl dummy package that depends on foo. Instead, the recommended practice is to create a foo-unified package.
Example: Before Unification
foo.info:
Package: foo Depends: %N-shlibs Conflicts: foo-ssl SplitOff: << Package: %N-shlibs Conflicts: foo-ssl-shlibs <<
foo-ssl.info:
Package: foo-ssl Depends: %N-shlibs Conflicts: foo SplitOff: << Package: %N-shlibs Conflicts: foo-shlibs <<
Example: After Unification
foo-unified.info:
Package: foo-unified Depends: %N-shlibs Replaces: foo (<< %v-%r), foo-ssl (<< %v-%r) SplitOff: << Package: %N-shlibs Replaces: foo-shlibs (<< %v-%r), foo-ssl (<< %v-%r) << SplitOff2: << Package: foo Depends: %N (= %v-%r) << SplitOff3: << Package: foo-shlibs Depends: %N-shlibs (= %v-%r) << SplitOff4: << Package: foo-ssl Depends: %N (= %v-%r) << SplitOff5: << Package: foo-ssl-shlibs Depends: %N-shlibs (= %v-%r) <<
Deprecation of system-openssl-dev
OS X 10.11 has deprecated the use of a system provided OpenSSL library. While /usr/lib/libcrypto.0.9.8.dylibs and /usr/lib/libssl.0.9.8.dylib were not removed, Apple removed the OpenSSL headers in /usr/include/openssl and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the system-openssl-dev package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (openssl100-dev/openssl100-shlibs as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's gnutls28/gnutls28-shlibs). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the License: field has been created. (L)GPL packages can now be marked (as of Fink-0.39.2) as either GPL/OpenSSL or LGPL/OpenSSL so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution.
The following table is a list of packages as of October 13, 2015pruned as fixed that use system-openssl-dev and need to be updated.
| Package | License | Maintainer | Notes |
|---|---|---|---|
| gnucash2 | GPL | Dave Reiser | 10.{9,10} only (10.11 fixed, no need to keep dists in sync) |
| irsii | GPL | Daniel Macks | 10.9 only (10.10+ fixed, no need to keep 10.9 in sync) |
| libkf5kdelibs4support5 | GPL | Hanspeter Niederstrasser | |
| libtorrent15 | GPL | David Fang | |
| libtorrent19 | GPL | David Fang | |
| mp3diags-* | GPL2 | Daniel Johnson | |
| postfix* | OSI-Approved | Daniel Johnson | |
| valkyrie* | GPL2+ | Daniel Johnson | |
| vorbis-tools | GPL | Max Horn |