Fink:Policy:system-openssl

From the Fink Wiki
Jump to navigation Jump to search


Linking Against the System OpenSSL

There is a package in Fink called system-openssl-dev that exists to make it easier to link software against Apple's provided OpenSSL (why?). It creates symlinks in prefix/lib/system-openssl that you can use to override the flags of existing software.

In some cases, you will have to patch your package to point to the system-openssl directory, but most likely, all you will have to do to use system-openssl-dev is to set one or more of the following:

 CPPFLAGS:        -I%p/lib/system-openssl/include
 CFLAGS:          -I%p/lib/system-openssl/include
 CXXFLAGS:        -I%p/lib/system-openssl/include
 
 LDFLAGS:         -L%p/lib/system-openssl/lib
 LIBS:            -L%p/lib/system-openssl/lib
 
 PKG_CONFIG_PATH: %p/lib/system-openssl/lib/pkgconfig

Creating Upgrade Packages

Since the goal is to create packages using OpenSSL that don't have to be in the crypto/ tree, you will probably want to make upgrade packages for the old versions of your SSL packages. If you have a set of packages such as foo and foo-ssl both of which have splitoffs, you will have conflict/upgrade issues if you just make a new foo-ssl dummy package that depends on foo. Instead, the recommended practice is to create a foo-unified package.

Example: Before Unification

foo.info:

 Package: foo
 Depends: %N-shlibs
 Conflicts: foo-ssl
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-ssl-shlibs
 <<

foo-ssl.info:

 Package: foo-ssl
 Depends: %N-shlibs
 Conflicts: foo
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-shlibs
 <<

Example: After Unification

foo-unified.info:

 Package: foo-unified
 Depends: %N-shlibs
 Replaces: foo (<< %v-%r), foo-ssl (<< %v-%r)
 SplitOff: <<
   Package: %N-shlibs
   Replaces: foo-shlibs (<< %v-%r), foo-ssl (<< %v-%r)
 <<
 SplitOff2: <<
   Package: foo
   Depends: %N (= %v-%r)
 <<
 SplitOff3: <<
   Package: foo-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<
 SplitOff4: <<
   Package: foo-ssl
   Depends: %N (= %v-%r)
 <<
 SplitOff5: <<
   Package: foo-ssl-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<

Deprecation of system-openssl-dev

OS X 10.11 has deprecated the use of a system provided OpenSSL library. While /usr/lib/libcrypto.0.9.8.dylibs and /usr/lib/libssl.0.9.8.dylib were not removed, Apple removed the OpenSSL headers in /usr/include/openssl and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the system-openssl-dev package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (openssl100-dev/openssl100-shlibs as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's gnutls28/gnutls28-shlibs). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the License: field has been created. (L)GPL packages can now be marked (as of Fink-0.39.2) as either GPL/OpenSSL or LGPL/OpenSSL so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution.

The following table is a list of packages as of October 13, 2015pruned as fixed that use system-openssl-dev and need to be updated.

Package License Maintainer
crypt-openssl-bignum-pm* GPL Keith Ward
crypt-openssl-random-pm* GPL Keith Ward
crypt-openssl-rsa-pm* GPL Keith Ward
fraqtive GPL Jack Fink
gnucash2 GPL Dave Reiser
gnupg2 GPL Brendan Cully
gwenhywfar60 LGPL Dave Reiser
irsii GPL Daniel Macks
isync GPL Brendan Cully
jpilot GPL Alexander Hansen
libdbusmenu-qt5.2 LGPL Hanspeter Niederstrasser
libkf5kdelibs4support5 GPL Hanspeter Niederstrasser
libofx4 GPL Dave Reiser
libtorrent15 GPL David Fang
libtorrent19 GPL David Fang
lynx GPL elcepi
lynx-cur GPL elcepi
m2crypto-py* BSD Brendan Cully
mp3diags-* GPL2 Daniel Johnson
mupdf GPL Stefan Bruda
mutt GPL Brendan Cully
mysql-python-py* GPL Beat Birkhofer
nginx BSD Andreas Gockel
nginx-cur BSD Andreas Gockel
openvpn GPL Andreas Gockel
postfix* OSI-Approved Daniel Johnson
qtiplot-qt4-* GPL Alexandre Vial
qwt-qt4-* LGPL Alexandre Vial
qwt6-qt4-* LGPL Daniel Macks
root5* LGPL Remi Mommsen
socat GPL Andreas Gockel
socnetv-mac GPL Jack Fink
swi-prolog LGPL Jesse Alama
sylpheed GPL Kevin Horton
tcpflow GPL Nick Siripipat
valkyrie* GPL2+ Daniel Johnson
vorbis-tools GPL Max Horn
xchat GPL Max Horn