Difference between revisions of "Fink:Policy:system-openssl"

From the Fink Wiki
Jump to: navigation, search
(Deprecation of system-openssl-dev: done one)
(more OpenSSL updates)
Line 85: Line 85:
 
|-
 
|-
 
|irsii||GPL||Daniel Macks||10.9 only (10.10+ fixed, no need to keep 10.9 in sync)
 
|irsii||GPL||Daniel Macks||10.9 only (10.10+ fixed, no need to keep 10.9 in sync)
|-
 
|libdbusmenu-qt5.2||LGPL||Hanspeter Niederstrasser
 
 
|-
 
|-
 
|libkf5kdelibs4support5||GPL||Hanspeter Niederstrasser
 
|libkf5kdelibs4support5||GPL||Hanspeter Niederstrasser
|-
 
|libofx4||GPL||Dave Reiser
 
 
|-
 
|-
 
|libtorrent15||GPL||David Fang
 
|libtorrent15||GPL||David Fang
Line 99: Line 95:
 
|-
 
|-
 
|postfix*||OSI-Approved||Daniel Johnson
 
|postfix*||OSI-Approved||Daniel Johnson
|-
 
|qtiplot-qt4-*||GPL||Alexandre Vial
 
|-
 
|qwt-qt4-*||LGPL||Alexandre Vial
 
 
|-
 
|-
 
|qwt6-qt4-*||LGPL||Daniel Macks
 
|qwt6-qt4-*||LGPL||Daniel Macks
Line 111: Line 103:
 
|-
 
|-
 
|vorbis-tools||GPL||Max Horn
 
|vorbis-tools||GPL||Max Horn
|-
 
|xchat||GPL||Max Horn
 
 
|}
 
|}
   

Revision as of 04:19, 12 March 2016


Linking Against the System OpenSSL

There is a package in Fink called system-openssl-dev that exists to make it easier to link software against Apple's provided OpenSSL (why?). It creates symlinks in prefix/lib/system-openssl that you can use to override the flags of existing software.

In some cases, you will have to patch your package to point to the system-openssl directory, but most likely, all you will have to do to use system-openssl-dev is to set one or more of the following:

 CPPFLAGS:        -I%p/lib/system-openssl/include
 CFLAGS:          -I%p/lib/system-openssl/include
 CXXFLAGS:        -I%p/lib/system-openssl/include
 
 LDFLAGS:         -L%p/lib/system-openssl/lib
 LIBS:            -L%p/lib/system-openssl/lib
 
 PKG_CONFIG_PATH: %p/lib/system-openssl/lib/pkgconfig

Creating Upgrade Packages

Since the goal is to create packages using OpenSSL that don't have to be in the crypto/ tree, you will probably want to make upgrade packages for the old versions of your SSL packages. If you have a set of packages such as foo and foo-ssl both of which have splitoffs, you will have conflict/upgrade issues if you just make a new foo-ssl dummy package that depends on foo. Instead, the recommended practice is to create a foo-unified package.

Example: Before Unification

foo.info:

 Package: foo
 Depends: %N-shlibs
 Conflicts: foo-ssl
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-ssl-shlibs
 <<

foo-ssl.info:

 Package: foo-ssl
 Depends: %N-shlibs
 Conflicts: foo
 SplitOff: <<
   Package: %N-shlibs
   Conflicts: foo-shlibs
 <<

Example: After Unification

foo-unified.info:

 Package: foo-unified
 Depends: %N-shlibs
 Replaces: foo (<< %v-%r), foo-ssl (<< %v-%r)
 SplitOff: <<
   Package: %N-shlibs
   Replaces: foo-shlibs (<< %v-%r), foo-ssl (<< %v-%r)
 <<
 SplitOff2: <<
   Package: foo
   Depends: %N (= %v-%r)
 <<
 SplitOff3: <<
   Package: foo-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<
 SplitOff4: <<
   Package: foo-ssl
   Depends: %N (= %v-%r)
 <<
 SplitOff5: <<
   Package: foo-ssl-shlibs
   Depends: %N-shlibs (= %v-%r)
 <<

Deprecation of system-openssl-dev

OS X 10.11 has deprecated the use of a system provided OpenSSL library. While /usr/lib/libcrypto.0.9.8.dylibs and /usr/lib/libssl.0.9.8.dylib were not removed, Apple removed the OpenSSL headers in /usr/include/openssl and other compile-time files. Therefore, it is no longer possible to compile programs that use the system OpenSSL on OS X 10.11. As a result, the system-openssl-dev package is marked as available only on 10.10 and earlier. In order to accommodate this change, packages will need to transition to use Fink's OpenSSL (openssl100-dev/openssl100-shlibs as of Oct 2015) or some other SSL provider (such as GnuTLS via Fink's gnutls28/gnutls28-shlibs). Because binaries of (L)GPL packages that link to OpenSSL cannot be distributed for licensing reasons, a new value for the License: field has been created. (L)GPL packages can now be marked (as of Fink-0.39.2) as either GPL/OpenSSL or LGPL/OpenSSL so that the original license information is kept, but also note that it links to OpenSSL and therefore keep it out of the binary distribution.

The following table is a list of packages as of October 13, 2015pruned as fixed that use system-openssl-dev and need to be updated.

Package License Maintainer Notes
gnucash2 GPL Dave Reiser 10.{9,10} only (10.11 fixed, no need to keep dists in sync)
gwenhywfar60 LGPL Dave Reiser
irsii GPL Daniel Macks 10.9 only (10.10+ fixed, no need to keep 10.9 in sync)
libkf5kdelibs4support5 GPL Hanspeter Niederstrasser
libtorrent15 GPL David Fang
libtorrent19 GPL David Fang
mp3diags-* GPL2 Daniel Johnson
postfix* OSI-Approved Daniel Johnson
qwt6-qt4-* LGPL Daniel Macks
swi-prolog LGPL Jesse Alama
valkyrie* GPL2+ Daniel Johnson
vorbis-tools GPL Max Horn