Bug 514376

Summary:	dev-libs/boringssl - the google fork of openssl
Product:	Gentoo Linux	Reporter:	Agostino Sarubbo <ago>
Component:	New packages	Assignee:	Default Assignee for New Packages <maintainer-wanted>
Status:	RESOLVED WONTFIX
Severity:	enhancement	CC:	beolach+gb, dschridde+gentoobugs, pacho, peter.volkov
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2014-06-22 08:14:13 UTC

http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/

https://boringssl.googlesource.com/boringssl/

Comment 1 Aric Belsito 2016-06-11 00:37:42 UTC

@Agostino

What's the status on this. Are we planning on supporting boringssl?

According to this page:
https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md

It doesn't look like it's a good idea.
> Note: BoringSSL does not have a stable API or ABI. It must be updated with its consumers. It is not suitable for, say, a system library in a traditional Linux distribution.

Should we close this?

I looked into building it at one point, and it onlyy creates static libraries (though I suppose we could patch it and then force it to work with all OpenSSL-dependent packages).

Comment 2 Aric Belsito 2017-01-18 22:52:28 UTC

Boringssl now has an option to build shared libraries. If we want this in the tree, we just need to fix the install phase.

I can write an ebuild..

Comment 3 Agostino Sarubbo gentoo-dev

2017-01-19 10:05:00 UTC

If you want to proxy-maintain it, it is fine.

Comment 4 pva 2017-06-07 18:45:23 UTC

Upstream still recommends to bundle specific boringssl version with program and depend on specific commit. So while may be it's possible to build shared library I don't see how we could use it at the moment. So I think until anything in tree depends on this library we don't need it. 

And hey, Aric, I found your overlay: https://github.com/lluixhi/gentoo-boringssl :) Was it really worth efforts? Currently I've played with grpcio, that depends on boringssl. As expected grpcio depends on specific commit and otherwise it won't work. Also grpcio needed sources not shared library, so I have not tried your ebuild.

Comment 5 Dennis Schridde 2020-02-03 22:18:12 UTC

Google is now more specific about the target audience:

> BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
> 
> Although BoringSSL is an open source project, it is not intended for general
> use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
> so is likely to be frustrating because there are no guarantees of API or ABI
> stability.

Source: https://boringssl.googlesource.com/boringssl/

Comment 6 Sam James archtester

2022-12-14 13:49:52 UTC

(In reply to Dennis Schridde from comment #5)
> Google is now more specific about the target audience:
> 
> > BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
> > 
> > Although BoringSSL is an open source project, it is not intended for general
> > use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
> > so is likely to be frustrating because there are no guarantees of API or ABI
> > stability.
> 
> Source: https://boringssl.googlesource.com/boringssl/

And hence WONTFIX. They're very clear about folks not using it nowadays.