[gentoo-dev] Creating a USE_EXPAND for ssl providers

Thu, 29 May 2014 10:40:32 -0700 

Hi everyone,
Back in Jun 2012 I added a CURL_SSL to the USE_EXPAND to represent the different ssl providers for curl. This was to get away from the old ssl USE flag logic which you still see in packages like media-video/rtmpdump. Quoting from there so you don't have to go find it yourself (and removing extraneous stuff) we have: 

IUSE="gnutls polarssl ssl"

DEPEND="ssl? (
        gnutls? ( net-libs/gnutls )
        polarssl? ( !gnutls? ( >=net-libs/polarssl-0.14.0 ) )
        !gnutls? ( !polarssl? ( dev-libs/openssl ) )
    )"

pkg_setup() {
    if ! use ssl && ( use gnutls || use polarssl ) ; then
        ewarn "USE='gnutls polarssl' are ignored without USE='ssl'."
        ewarn "Please review the local USE flags for this package."
    fi
}



The idea is that if you say USE=ssl but nothing more, you default to 
openssl.  This is asymmetrical and doesn't scale well.  So I made the 
leap in curl to the following (modulo extra stuff):



IUSE="${IUSE} curl_ssl_axtls curl_ssl_cyassl curl_ssl_gnutls 
curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl"


RDEPEND="
    ssl? (
        curl_ssl_axtls?  ( net-libs/axtls app-misc/ca-certificates )
        curl_ssl_cyassl? ( net-libs/cyassl app-misc/ca-certificates )
        curl_ssl_gnutls? (
            || (
                ( >=net-libs/gnutls-3[static-libs?] dev-libs/nettle )

                ( =net-libs/gnutls-2.12*[nettle,static-libs?] 
dev-libs/nettle )
                ( =net-libs/gnutls-2.12*[-nettle,static-libs?] 
dev-libs/libgcrypt[static-libs?] )

            )
            app-misc/ca-certificates
        )
        curl_ssl_openssl? ( dev-libs/openssl[static-libs?] )
        curl_ssl_nss? ( dev-libs/nss app-misc/ca-certificates )
        curl_ssl_polarssl? ( net-libs/polarssl:= app-misc/ca-certificates )
    )

REQUIRED_USE="
    curl_ssl_winssl? ( elibc_Winnt )
    ssl? (
        ^^ (
            curl_ssl_axtls
            curl_ssl_cyassl
            curl_ssl_gnutls
            curl_ssl_openssl
            curl_ssl_nss
            curl_ssl_polarssl
            curl_ssl_winssl
        )
    )"



With the number of ssl providers growing, like libressl, and with issues 
like bug #510974, I think its time we consider making this a uniform way 
of dealing with ssl providers in gentoo.  We would proceed something 
like this:



1. Introduce a new USE_EXPAND called SSL which mirrors CURL_SSL --- 
becuase CURL_SSL is too provincial a name.


2. migrate curl and all its dependencies to the SSL use expand.

3. Migrate over all consumers of ssl to the new SSL use expand system.

What do  people think?

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : bluen...@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA
























					Reply via email to