Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 514376 - dev-libs/boringssl - the google fork of openssl
Summary: dev-libs/boringssl - the google fork of openssl
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Default Assignee for New Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-22 08:14 UTC by Agostino Sarubbo
Modified: 2022-12-14 13:49 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Aric Belsito 2016-06-11 00:37:42 UTC 
@Agostino

What's the status on this. Are we planning on supporting boringssl?

According to this page:
https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md

It doesn't look like it's a good idea.
> Note: BoringSSL does not have a stable API or ABI. It must be updated with its consumers. It is not suitable for, say, a system library in a traditional Linux distribution.

Should we close this?

I looked into building it at one point, and it onlyy creates static libraries (though I suppose we could patch it and then force it to work with all OpenSSL-dependent packages).
Comment 2 Aric Belsito 2017-01-18 22:52:28 UTC 
Boringssl now has an option to build shared libraries. If we want this in the tree, we just need to fix the install phase.

I can write an ebuild..
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-19 10:05:00 UTC 
If you want to proxy-maintain it, it is fine.
Comment 4 pva 2017-06-07 18:45:23 UTC 
Upstream still recommends to bundle specific boringssl version with program and depend on specific commit. So while may be it's possible to build shared library I don't see how we could use it at the moment. So I think until anything in tree depends on this library we don't need it. 

And hey, Aric, I found your overlay: https://github.com/lluixhi/gentoo-boringssl :) Was it really worth efforts? Currently I've played with grpcio, that depends on boringssl. As expected grpcio depends on specific commit and otherwise it won't work. Also grpcio needed sources not shared library, so I have not tried your ebuild.
Comment 5 Dennis Schridde 2020-02-03 22:18:12 UTC 
Google is now more specific about the target audience:

> BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
> 
> Although BoringSSL is an open source project, it is not intended for general
> use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
> so is likely to be frustrating because there are no guarantees of API or ABI
> stability.

Source: https://boringssl.googlesource.com/boringssl/
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-14 13:49:52 UTC 
(In reply to Dennis Schridde from comment #5)
> Google is now more specific about the target audience:
> 
> > BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
> > 
> > Although BoringSSL is an open source project, it is not intended for general
> > use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
> > so is likely to be frustrating because there are no guarantees of API or ABI
> > stability.
> 
> Source: https://boringssl.googlesource.com/boringssl/

And hence WONTFIX. They're very clear about folks not using it nowadays.