Fink:Policy:system-openssl

From the Fink Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


Linking Against the System OpenSSL

There is a package in Fink called system-openssl-dev that exists to make it easier to link software against Apple's provided OpenSSL (why?). It creates symlinks in prefix/lib/system-openssl that you can use to override the flags of existing software.

In some cases, you will have to patch your package to point to the system-openssl directory, but most likely, all you will have to do to use system-openssl-dev is to set one or more of the following: 

 CPPFLAGS:        -I%p/lib/system-openssl/include
 CFLAGS:          -I%p/lib/system-openssl/include
 CXXFLAGS:        -I%p/lib/system-openssl/include
 
 LDFLAGS:         -L%p/lib/system-openssl/lib
 LIBS:            -L%p/lib/system-openssl/lib
 
 PKG_CONFIG_PATH: %p/lib/system-openssl/lib/pkgconfig

Creating Upgrade Packages

Since the goal is to create packages using OpenSSL that don't have to be in the crypto/ tree, you will probably want to make upgrade packages for the old versions of your SSL packages. If you have a set of packages such as foo and foo-ssl both of which have splitoffs, you will have conflict/upgrade issues if you just make a new foo-ssl dummy package that depends on foo. Instead, the recommended practice is to create a foo-unified package.

Example: Before Unification

foo.info: 

 Package: foo
 Depends: %N-shlibs
 Conflicts: foo-ssl
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-ssl-shlibs
 <<

foo-ssl.info: 

 Package: foo-ssl
 Depends: %N-shlibs
 Conflicts: foo
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-shlibs
 <<

Example: After Unification

foo-unified.info: 

 Package: foo-unified
 Depends: %N-shlibs
 Replaces: foo (<< %v-%r), foo-ssl (<< %v-%r)
 SplitOff: <<
   Package: %N-shlibs
   Replaces: foo-shlibs (<< %v-%r), foo-ssl (<< %v-%r)
 <<
 SplitOff2: <<
   Package: foo
   Depends: %N (= %v-%r)
 <<
 SplitOff3: <<
   Package: foo-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<
 SplitOff4: <<
   Package: foo-ssl
   Depends: %N (= %v-%r)
 <<
 SplitOff5: <<
   Package: foo-ssl-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<

Deprecation of system-openssl-dev

OS X 10.11 has deprecated the use of a system provided OpenSSL library. While /usr/lib/libcrypto.0.9.8.dylibs and /usr/lib/libssl.0.9.8.dylib were not removed, Apple removed the OpenSSL headers in /usr/include/openssl and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the system-openssl-dev package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (openssl100-dev/openssl100-shlibs as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's gnutls28/gnutls28-shlibs). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the License: field has been created. (L)GPL packages can now be marked (as of Fink-0.39.2) as either GPL/OpenSSL or LGPL/OpenSSL so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution.

The following table is a list of packages as of October 13, 2015pruned as fixed that use system-openssl-dev and need to be updated. Packages that are only for distributions up through 10.10 can continue to use system-openssl-dev.

Package License Maintainer Notes
postfix* OSI-Approved Daniel Johnson emailed Aug 6
Retrieved from "https://wiki.finkproject.org/index.php?title=Fink:Policy:system-openssl&oldid=200"