Difference between revisions of "Fink:Policy:system-openssl"
(→Deprecation of system-openssl-dev: done one) |
(→Deprecation of system-openssl-dev: one left) |
||
(30 intermediate revisions by 2 users not shown) | |||
Line 74: | Line 74: | ||
OS X 10.11 has deprecated the use of a system provided OpenSSL library. While <code>/usr/lib/libcrypto.0.9.8.dylibs</code> and <code>/usr/lib/libssl.0.9.8.dylib</code> were not removed, Apple removed the OpenSSL headers in <code>/usr/include/openssl</code> and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the <code>system-openssl-dev</code> package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (<code>openssl100-dev</code>/<code>openssl100-shlibs</code> as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's <code>gnutls28</code>/<code>gnutls28-shlibs</code>). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the <code>License:</code> field has been [https://github.com/fink/fink/pull/126 created]. (L)GPL packages can now be marked (as of Fink-0.39.2) as either <code>GPL/OpenSSL</code> or <code> LGPL/OpenSSL</code> so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution. |
OS X 10.11 has deprecated the use of a system provided OpenSSL library. While <code>/usr/lib/libcrypto.0.9.8.dylibs</code> and <code>/usr/lib/libssl.0.9.8.dylib</code> were not removed, Apple removed the OpenSSL headers in <code>/usr/include/openssl</code> and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the <code>system-openssl-dev</code> package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (<code>openssl100-dev</code>/<code>openssl100-shlibs</code> as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's <code>gnutls28</code>/<code>gnutls28-shlibs</code>). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the <code>License:</code> field has been [https://github.com/fink/fink/pull/126 created]. (L)GPL packages can now be marked (as of Fink-0.39.2) as either <code>GPL/OpenSSL</code> or <code> LGPL/OpenSSL</code> so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution. |
||
− | The following table is a list of packages <s>as of October 13, 2015</s><u>pruned as fixed</u> that use <code>system-openssl-dev</code> and need to be updated. |
+ | The following table is a list of packages <s>as of October 13, 2015</s><u>pruned as fixed</u> that use <code>system-openssl-dev</code> and need to be updated. Packages that are only for distributions up through 10.10 can continue to use system-openssl-dev. |
{| class="wikitable sortable" |
{| class="wikitable sortable" |
||
|- |
|- |
||
− | !Package!!License!!Maintainer |
+ | !Package!!License!!Maintainer!!Notes |
|- |
|- |
||
⚫ | |||
− | |arora||GPL||Jack Fink |
||
− | |- |
||
− | |arora-mac||GPL||Jack Fink |
||
− | |- |
||
− | |baz||LGPL||None |
||
− | |- |
||
− | |crypt-openssl-bignum-pm*||GPL||Keith Ward |
||
− | |- |
||
− | |crypt-openssl-random-pm*||GPL||Keith Ward |
||
− | |- |
||
− | |crypt-openssl-rsa-pm*||GPL||Keith Ward |
||
− | |- |
||
− | |fraqtive||GPL||Jack Fink |
||
− | |- |
||
− | |gnucash2||GPL||Dave Reiser |
||
− | |- |
||
− | |gnupg2||GPL||Brendan Cully |
||
− | |- |
||
− | |gwenhywfar60||LGPL||Dave Reiser |
||
− | |- |
||
− | |irsii||GPL||Daniel Macks |
||
− | |- |
||
− | |isync||GPL||Brendan Cully |
||
− | |- |
||
− | |jpilot||GPL||Alexander Hansen |
||
− | |- |
||
− | |libdbusmenu-qt5.2||LGPL||Hanspeter Niederstrasser |
||
− | |- |
||
− | |libkf5kdelibs4support5||GPL||Hanspeter Niederstrasser |
||
− | |- |
||
− | |libmsn-0.3||GPL||None |
||
− | |- |
||
− | |libofx4||GPL||Dave Reiser |
||
− | |- |
||
− | |libtorrent15||GPL||David Fang |
||
− | |- |
||
− | |libtorrent19||GPL||David Fang |
||
− | |- |
||
− | |lynx||GPL||elcepi |
||
− | |- |
||
− | |lynx-cur||GPL||elcepi |
||
− | |- |
||
− | |m2crypto-py*||BSD||Brendan Cully |
||
− | |- |
||
− | |mp3diags-*||GPL2||Daniel Johnson |
||
− | |- |
||
− | |mupdf||GPL||Stefan Bruda |
||
− | |- |
||
− | |mutt||GPL||Brendan Cully |
||
− | |- |
||
− | |mysql-python-py*||GPL||Beat Birkhofer |
||
− | |- |
||
− | |nginx||BSD||Andreas Gockel |
||
− | |- |
||
− | |nginx-cur||BSD||Andreas Gockel |
||
− | |- |
||
− | |openvpn||GPL||Andreas Gockel |
||
− | |- |
||
⚫ | |||
− | |- |
||
− | |qtiplot-qt4-*||GPL||Alexandre Vial |
||
− | |- |
||
− | |qwt-qt4-*||LGPL||Alexandre Vial |
||
− | |- |
||
− | |qwt6-qt4-*||LGPL||Daniel Macks |
||
− | |- |
||
− | |root5*||LGPL||Remi Mommsen |
||
− | |- |
||
− | |socat||GPL||Andreas Gockel |
||
− | |- |
||
− | |socnetv-mac||GPL||Jack Fink |
||
− | |- |
||
− | |swi-prolog||LGPL||Jesse Alama |
||
− | |- |
||
− | |sylpheed||GPL||Kevin Horton |
||
− | |- |
||
− | |tcpflow||GPL||Nick Siripipat |
||
− | |- |
||
− | |valkyrie*||GPL2+||Daniel Johnson |
||
− | |- |
||
− | |vorbis-tools||GPL||Max Horn |
||
− | |- |
||
− | |xchat||GPL||Max Horn |
||
|} |
|} |
||
Latest revision as of 19:14, 8 October 2016
Linking Against the System OpenSSL
There is a package in Fink called system-openssl-dev
that exists to make it easier to link software against Apple's provided OpenSSL (why?). It creates symlinks in prefix/lib/system-openssl
that you can use to override the flags of existing software.
In some cases, you will have to patch your package to point to the system-openssl directory, but most likely, all you will have to do to use system-openssl-dev is to set one or more of the following:
CPPFLAGS: -I%p/lib/system-openssl/include CFLAGS: -I%p/lib/system-openssl/include CXXFLAGS: -I%p/lib/system-openssl/include LDFLAGS: -L%p/lib/system-openssl/lib LIBS: -L%p/lib/system-openssl/lib PKG_CONFIG_PATH: %p/lib/system-openssl/lib/pkgconfig
Creating Upgrade Packages
Since the goal is to create packages using OpenSSL that don't have to be in the crypto/
tree, you will probably want to make upgrade packages for the old versions of your SSL packages. If you have a set of packages such as foo
and foo-ssl
both of which have splitoffs, you will have conflict/upgrade issues if you just make a new foo-ssl dummy package that depends on foo
. Instead, the recommended practice is to create a foo-unified
package.
Example: Before Unification
foo.info:
Package: foo Depends: %N-shlibs Conflicts: foo-ssl SplitOff: << Package: %N-shlibs Conflicts: foo-ssl-shlibs <<
foo-ssl.info:
Package: foo-ssl Depends: %N-shlibs Conflicts: foo SplitOff: << Package: %N-shlibs Conflicts: foo-shlibs <<
Example: After Unification
foo-unified.info:
Package: foo-unified Depends: %N-shlibs Replaces: foo (<< %v-%r), foo-ssl (<< %v-%r) SplitOff: << Package: %N-shlibs Replaces: foo-shlibs (<< %v-%r), foo-ssl (<< %v-%r) << SplitOff2: << Package: foo Depends: %N (= %v-%r) << SplitOff3: << Package: foo-shlibs Depends: %N-shlibs (= %v-%r) << SplitOff4: << Package: foo-ssl Depends: %N (= %v-%r) << SplitOff5: << Package: foo-ssl-shlibs Depends: %N-shlibs (= %v-%r) <<
Deprecation of system-openssl-dev
OS X 10.11 has deprecated the use of a system provided OpenSSL library. While /usr/lib/libcrypto.0.9.8.dylibs
and /usr/lib/libssl.0.9.8.dylib
were not removed, Apple removed the OpenSSL headers in /usr/include/openssl
and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the system-openssl-dev
package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (openssl100-dev
/openssl100-shlibs
as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's gnutls28
/gnutls28-shlibs
). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the License:
field has been created. (L)GPL packages can now be marked (as of Fink-0.39.2) as either GPL/OpenSSL
or LGPL/OpenSSL
so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution.
The following table is a list of packages as of October 13, 2015pruned as fixed that use system-openssl-dev
and need to be updated. Packages that are only for distributions up through 10.10 can continue to use system-openssl-dev.
Package | License | Maintainer | Notes |
---|---|---|---|
postfix* | OSI-Approved | Daniel Johnson | emailed Aug 6 |