[MacPorts] #69490: libressl cannot be installed when it depends on a clang port because it conflicts with openssl

MacPorts noreply at macports.org
Fri Apr 26 08:21:43 UTC 2024 

#69490: libressl cannot be installed when it depends on a clang port because it
conflicts with openssl
-------------------------+----------------------
  Reporter:  ryandesign  |      Owner:  artkiver
      Type:  defect      |     Status:  assigned
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:
      Port:  libressl    |
-------------------------+----------------------

Comment (by artkiver):

 Respectfully, this doesn't track.

 I don't know where you got the impression that anyone insinuated that
 LibreSSL is a "drop in replacement" for OpenSSL. LibreSSL forked from
 OpenSSL, a decade ago (specifically, April 22nd, 2014) and has taken a
 different trajectory over the ensuing years, even if it was initially
 intended to be relatively compatible (which is a given, since it was a
 fork) the LibreSSL and OpenSSL codebases have, and continue to diverge.
 So, while maybe in 2014, it was relatively easy to substitute OpenSSL with
 LibreSSL, doing so now might be a bit more challenging?

 The good news is: many projects, like macOS, have long since done the
 heavy lifting of having migrated to LibreSSL.

 MacPorts, is a different beast though and I am guessing there are reasons
 jeremyhu left 54744 unaddressed for years before he went AWOL?

 Moreover, your suggestion here: https://github.com/macports/macports-
 ports/pull/23716#issuecomment-2078328088 suggesting that one can simply
 add

 {{{
 port:libretls
 }}}

 As a dependency, doesn't really function.

 e.g. if done to the Got Portfile, one will encounter this sort of error
 when attempting to install it:

 {{{
  got # port -v install
 --->  Computing dependencies for got...
 Error: Can't install openssl because conflicting ports are active:
 libressl
 Error: Follow https://guide.macports.org/#project.tickets if you believe
 there
 is a bug.
 Error: Processing of port got failed
 }}}

 If you examine the Portfile for devel/libretls you'll see:

 {{{
 depends_lib         port:openssl
 }}}

 Indeed, libtls is ''already'' supplied by libressl, as mentioned in the
 port description, from looking at e.g.
 https://ports.macports.org/port/libressl/

 You'll see (apologies for the strange formatting, italics added for
 emphasis):

 {{{
 LibreSSL SSL/TLS cryptography library

 LibreSSL is composed of four parts: The openssl(1) utility, which provides
 tools for managing keys, certificates, etc. libcrypto: a library of
 cryptography fundamentals libssl: a TLS library, backwards-compatible with
 OpenSSL
 }}}
 '' libtls: a new TLS library, designed to make it easier to write
 foolproof applications''
 {{{
 This port tracks the stable releases, for development releases please use
 libressl-devel.
 }}}

 In other words, the entire point of libretls /devel/libretls is to provide
 libtls functionality, to OpenSSL. LibreSSL, already has libtls as a given.

 But, for the sake of argument, I went ahead and modify the /devel/libretls
 Portfile manually to have

 {{{
 depends_lib         path:lib/libssl.dylib:openssl \
 }}}

 Instead of:

 {{{
 depends_lib         port:openssl
 }}}

 Attempting to install that locally, fails with the following:

 {{{
 Error: Failed to activate libretls: Image error: /opt/local/include/tls.h
 is being used by the active libressl port.  Please deactivate this port
 first, or use 'port -f activate libretls' to force the activation.
     while executing
 "throw registry::image-error $msg"
     ("foreach" body line 47)
     invoked from within
 "foreach file $imagefiles {
                 set srcfile "${extracted_dir}${file}"

                 # To be able to install links, we test if we can lst..."
     invoked from within
 "registry::write {
             foreach file $imagefiles {
                 set srcfile "${extracted_dir}${file}"

                 # To be able to instal..."
 Error: See
 /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_devel_libretls/libretls/main.log
 for details.
 Error: Follow https://guide.macports.org/#project.tickets if you believe
 there
 is a bug.
 Error: Processing of port libretls failed
 }}}

 Candidly, it would probably save everyone some headaches if devel/libretls
 also had conflicts statements with libressl and libressl-devel.

 Having written as much, there's an OpenSSL PortGroup too, which some
 Portfiles reference instead of any of the previously mentioned
 methodologies for linking a particular TLS library. So, while I don't
 disagree that it's quite a bit of effort to migrate your estimate of 800
 some odd MacPorts to something that has better affinity with libressl,
 which seems possible in theory, that doesn't change the reality that most
 definitely, something changed within MacPorts and the GitHub Actions CI as
 well since some of these MacPorts (e.g. libressl, got) were last updated
 that is resulting in more breakage, whereas previously

 {{{
 depends_lib         path:lib/libssl.dylib:openssl \
 }}}

 Was seemingly sufficient to facilitate user choice in which TLS library
 was in use without throwing errors or causing undue breakage that is more
 recently observable.

 I could certainly benefit for more help, but retreading old suggestions
 and old tickets that predate any of the time with when I began to
 contribute to MacPorts doesn't seem particularly helpful; especially given
 that https://trac.macports.org/ticket/54744 makes reference to boringssl
 which near as I can discern, does not exist within MacPorts at all, and if
 it did previously, I have no idea when it was deprecated.

 Replying to [comment:4 ryandesign]:
 > Replying to [comment:3 artkiver]:
 > > I think I might be seeing this issue rear its ugly head here as well:
 > >
 > > https://github.com/macports/macports-ports/pull/23716
 >
 > I don't believe that's related. That's about libretls; this ticket is
 about libressl.
 >
 > > Albeit, I am sort of wondering if this Trac issue is assigned
 correctly, since I haven't touched any of the buildbot code
 >
 > It's assigned to the libressl maintainers because it occurs due to a
 design decision of the libressl port: pretending that it is a drop-in
 replacement for openssl. I'm not suggesting that you should modify
 buildbot or GitHub Actions or mpbb to work around this or set up a local
 environment for either of those; I'm suggesting that the design of the
 libressl port should be changed per #54744.

-- 
Ticket URL: <https://trac.macports.org/ticket/69490#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list