=sys-fs/cryptsetup-2.0.6 emerges fine with USE="libressl -openssl" =sys-fs/cryptsetup-2.1.0 errors with: REQUIRED_USE flag constraints unsatisfied: exactly-one-of ( gcrypt kernel nettle openssl ) Any idea why in sys-fs/cryptsetup-2.1.0 has this line: CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" when it should be: CRYPTO_BACKENDS="gcrypt kernel nettle openssl" as no new back-ends have been added between 2.0.6 and 2.1.0? Secondly, the "openssl" USE flag should depend on OpenSSL, not LibreSSL _OR_ OpenSSL. The "ssl" USE flag should be used instead for non-OpenSSL/LibreSSL specific, but in this application, it doesn't make much more sense than it does right now. I believe the absolute best option is this: Change: openssl? ( dev-libs/openssl:0=[static-libs(+)] ) to: openssl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:=[static-libs(+)] ) Then have the behavior: exactly-one-of ( gcrypt kernel nettle openssl libressl ) Permanent fix, problem solved for good.
Sorry, made a mistake in the copypasta. What I meant was, Change: openssl? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:=[static-libs(+)] ) ) to: openssl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:=[static-libs(+)] ) To have the intended behavior of: exactly-one-of ( gcrypt kernel nettle openssl libressl ) Which would then require the following change: CRYPTO_BACKENDS="gcrypt kernel nettle openssl +libressl" All fixed.
(In reply to Alec Ari from comment #0) > > Any idea why in sys-fs/cryptsetup-2.1.0 has this line: > > CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" > > when it should be: > > CRYPTO_BACKENDS="gcrypt kernel nettle openssl" > > as no new back-ends have been added between 2.0.6 and 2.1.0? Quote from https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/v2.1.0-ReleaseNotes#L51 : * Default cryptographic backend used for LUKS header processing is now OpenSSL. For years, OpenSSL provided better performance for PBKDF. And you're wrong. CRYPTO_BACKENDS in old cryptsetup releases was "+gcrypt kernel nettle openssl" (note the "+" in fron to "gcrypt"). So yes, requiring USE="openssl libressl" to get libressl dependency pulled in, is kind of contradicting itself. As soon as my time allows I gonna try to make this less confusing.
'And you're wrong. CRYPTO_BACKENDS in old cryptsetup releases was "+gcrypt kernel nettle openssl" (note the "+" in fron to "gcrypt").' OpenSSL was already there before, but now it has a + flag on it. 2.0.6: CRYPTO_BACKENDS="+gcrypt kernel nettle openssl" 2.1.0: CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" I'm not wrong, OpenSSL can't be new if it was there before.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22d3fbf7721ec935ea503c9eb10c775a22f96e84 commit 22d3fbf7721ec935ea503c9eb10c775a22f96e84 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-05-13 15:14:43 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-05-13 15:15:13 +0000 sys-fs/cryptsetup: Respect libressl USE flag Closes: https://bugs.gentoo.org/678200 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-fs/cryptsetup/cryptsetup-2.1.0.ebuild | 11 +++++++++-- sys-fs/cryptsetup/cryptsetup-2.2.0_rc0.ebuild | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-)
