[gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
Correct the description of SSL/TLS-related flags to match their modern use. USE=ssl is a feature flag that enables support for SSL/TLS, while USE=gnutls and USE=libressl are implementation toggling flags. Unify the descriptions a bit. Make sure to mention both SSL and TLS to avoid confusion. Inform about the necessity of enabling USE=ssl in both implementation flags, and replace 'might' with 'if present'. --- profiles/use.desc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/profiles/use.desc b/profiles/use.desc index 43423a017a5f..4ac5d5ad6136 100644 --- a/profiles/use.desc +++ b/profiles/use.desc @@ -119,7 +119,7 @@ gmp - Add support for dev-libs/gmp (GNU MP library) gnome - Add GNOME support gnome-keyring - Enable support for storing passwords via gnome-keyring gnuplot - Enable support for gnuplot (data and function plotting) -gnutls - Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support) +gnutls - Prefer net-libs/gnutls as SSL/TLS provider (requires USE=ssl if present) gphoto2 - Add digital camera support gpm - Add support for sys-libs/gpm (Console-based mouse driver) gps - Add support for Global Positioning System @@ -179,7 +179,7 @@ libcaca - Add support for colored ASCII-art graphics libedit - Use the libedit library (replacement for readline) libffi - Enable support for Foreign Function Interface library libnotify - Enable desktop notification support -libressl - Use dev-libs/libressl as SSL provider (might need ssl USE flag), packages should not depend on this USE flag +libressl - Use dev-libs/libressl instead of dev-libs/openssl as SSL/TLS provider (requires USE=ssl if present), packages should not depend on this USE flag libsamplerate - Build with support for converting sample rates using libsamplerate libwww - Add libwww support (General purpose WEB API) lirc - Add support for lirc (Linux's Infra-Red Remote Control) @@ -319,7 +319,7 @@ sox - Add support for Sound eXchange (SoX) speex - Add support for the speex audio codec (used for speech) spell - Add dictionary support sqlite - Add support for sqlite - embedded sql database -ssl - Add support for Secure Socket Layer connections +ssl - Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security) startup-notification - Enable application startup event feedback mechanism static - !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically static-libs - Build static versions of dynamic libraries as well -- 2.16.1
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
On 01/30/2018 11:11 PM, Michał Górny wrote: > Correct the description of SSL/TLS-related flags to match their modern > use. USE=ssl is a feature flag that enables support for SSL/TLS, > while USE=gnutls and USE=libressl are implementation toggling flags. > > Unify the descriptions a bit. Make sure to mention both SSL and TLS > to avoid confusion. Inform about the necessity of enabling USE=ssl > in both implementation flags, and replace 'might' with 'if present'. > +1 / Reviewed-By -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
> On Tue, 30 Jan 2018, Michał Górny wrote: > Correct the description of SSL/TLS-related flags to match their modern > use. USE=ssl is a feature flag that enables support for SSL/TLS, > while USE=gnutls and USE=libressl are implementation toggling flags. > Unify the descriptions a bit. Make sure to mention both SSL and TLS > to avoid confusion. Inform about the necessity of enabling USE=ssl > in both implementation flags, and replace 'might' with 'if present'. > --- > profiles/use.desc | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > diff --git a/profiles/use.desc b/profiles/use.desc > index 43423a017a5f..4ac5d5ad6136 100644 > --- a/profiles/use.desc > +++ b/profiles/use.desc > @@ -119,7 +119,7 @@ gmp - Add support for dev-libs/gmp (GNU MP library) > gnome - Add GNOME support > gnome-keyring - Enable support for storing passwords via gnome-keyring > gnuplot - Enable support for gnuplot (data and function plotting) > -gnutls - Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support) > +gnutls - Prefer net-libs/gnutls as SSL/TLS provider (requires USE=ssl if > present) NACK. This seems to imply that USE="-ssl gnutls" is not a valid configuration? What if the user prefers gnutls and therefore has globally enabled the gnutls flag, but -ssl for a single package? How about "(needs USE=ssl to take effect)" instead? > gphoto2 - Add digital camera support > gpm - Add support for sys-libs/gpm (Console-based mouse driver) > gps - Add support for Global Positioning System > @@ -179,7 +179,7 @@ libcaca - Add support for colored ASCII-art graphics > libedit - Use the libedit library (replacement for readline) > libffi - Enable support for Foreign Function Interface library > libnotify - Enable desktop notification support > -libressl - Use dev-libs/libressl as SSL provider (might need ssl USE flag), > packages should not depend on this USE flag > +libressl - Use dev-libs/libressl instead of dev-libs/openssl as SSL/TLS > provider (requires USE=ssl if present), packages should not depend on this > USE flag Same here. > libsamplerate - Build with support for converting sample rates using > libsamplerate > libwww - Add libwww support (General purpose WEB API) > lirc - Add support for lirc (Linux's Infra-Red Remote Control) > @@ -319,7 +319,7 @@ sox - Add support for Sound eXchange (SoX) > speex - Add support for the speex audio codec (used for speech) > spell - Add dictionary support > sqlite - Add support for sqlite - embedded sql database > -ssl - Add support for Secure Socket Layer connections > +ssl - Add support for SSL/TLS connections (Secure Socket Layer / Transport > Layer Security) > startup-notification - Enable application startup event feedback mechanism > static - !!do not set this during bootstrap!! Causes binaries to be > statically linked instead of dynamically > static-libs - Build static versions of dynamic libraries as well > -- > 2.16.1 pgpnVRtA9g04Q.pgp Description: PGP signature
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
On 01/31/2018 12:22 AM, Ulrich Mueller wrote: >> gnome-keyring - Enable support for storing passwords via gnome-keyring >> gnuplot - Enable support for gnuplot (data and function plotting) >> -gnutls - Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support) >> +gnutls - Prefer net-libs/gnutls as SSL/TLS provider (requires USE=ssl if >> present) > NACK. This seems to imply that USE="-ssl gnutls" is not a valid > configuration? What if the user prefers gnutls and therefore has > globally enabled the gnutls flag, but -ssl for a single package? > > How about "(needs USE=ssl to take effect)" instead? > as I understand it ssl is intended as a generic use flag, of which gnutls can be one of the providers. In the case of of app-crypt/gnupg there are only two possible providers, gnutls, and ntbtls, of which only one is available in tree, so gnutls is the only one, so the only one relevant for Gentoo is gnutls, hence no use flag for it, either TLS is enabled, or it is not. in this scenario I don't see why "ssl -gnutls" would not be a valid configuration as long as ssl is a generic use flag as it is presented to be. It doesn't mean never install gnutls, but just not preferring it in cases where there are other providers of ssl/tls, that the global description already indicate. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
On Tue, Jan 30, 2018 at 5:22 PM, Ulrich Mueller wrote: >> On Tue, 30 Jan 2018, Michał Górny wrote: > NACK. This seems to imply that USE="-ssl gnutls" is not a valid > configuration? What if the user prefers gnutls and therefore has > globally enabled the gnutls flag, but -ssl for a single package? Because having gnutls enabled and ssl disabled, if a package has both flags, is nonsense? What is "I want gnutls but I don't want support for SSL/TLS" supposed to do?
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
> On Tue, 30 Jan 2018, Gordon Pettey wrote: > On Tue, Jan 30, 2018 at 5:22 PM, Ulrich Mueller wrote: >> NACK. This seems to imply that USE="-ssl gnutls" is not a valid >> configuration? What if the user prefers gnutls and therefore has >> globally enabled the gnutls flag, but -ssl for a single package? > Because having gnutls enabled and ssl disabled, if a package has > both flags, is nonsense? What is "I want gnutls but I don't want > support for SSL/TLS" supposed to do? The gnutls flag doesn't have the meaning "I want gnutls". It has the meaning "I prefer net-libs/gnutls as SSL/TLS provider". So with USE="-ssl" the gnutls flag is a no-op, and neither the ebuild nor the user should have to care about it. Ulrich pgpKNL5xyUizt.pgp Description: PGP signature
Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags
January 31, 2018 10:53 AM, "Ulrich Mueller" wrote: > The gnutls flag doesn't have the meaning "I want gnutls". It has > the meaning "I prefer net-libs/gnutls as SSL/TLS provider". So with > USE="-ssl" the gnutls flag is a no-op, and neither the ebuild nor > the user should have to care about it. > > Ulrich I agree, it is bothersome to have to add extra negative use flags when it could be ignored. -- Corentin “Nado” Pazdera