security/libgcrypt: Make static an option

Static linked binaries, due to the fact that they're statically linked, can pose a security risk should a library be updated and depending software not be recompiled and linked. This was a hot topic on BUGTRAQ about 25 years ago. The default is to build static libraries so as not to alter the package avoiding a POLA violation. PR: 255735 Submitted by: Daniel Engberg <daniel.engberg.lists@pyret.net> (mostly) Reported by: Daniel Engberg <daniel.engberg.lists@pyret.net> Reviewed by: cy Tested by: cy MFH: 2021Q2
2021-05-22 20:36:23 -07:00 · 2021-05-22 20:36:23 -07:00 · 527821a60c
commit 527821a60c
parent 865a2a94e8
2 changed files with 7 additions and 3 deletions
--- a/security/libgcrypt/Makefile
+++ b/security/libgcrypt/Makefile
@ -17,7 +17,7 @@ USES=		cpe libtool makeinfo tar:bzip2
 CPE_VENDOR=	gnupg
 USE_CSTD=	gnu89
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--disable-drng-support --enable-static=yes
+CONFIGURE_ARGS=	--disable-drng-support
 CONFIGURE_ENV=	MAKEINFO="${MAKEINFO} --no-split"
 CONFIGURE_TARGET=${ARCH:S/amd64/x86_64/}-portbld-${OPSYS:tl}${OSREL}
 USE_LDCONFIG=	yes
@ -28,7 +28,11 @@ DOCS=		AUTHORS ChangeLog ChangeLog-2011 INSTALL NEWS THANKS TODO \
 INFO=		gcrypt
 PORTDOCS=	*

-OPTIONS_DEFINE=	DOCS
+OPTIONS_DEFINE=		DOCS STATIC
+OPTIONS_DEFAULT=	DOCS STATIC
+OPTIONS_SUB=	yes
+
+STATIC_CONFIGURE_ENABLE=	static

 .include <bsd.port.options.mk>

--- a/security/libgcrypt/pkg-plist
+++ b/security/libgcrypt/pkg-plist
@ -3,7 +3,7 @@ bin/dumpsexp
 bin/hmac256
 bin/libgcrypt-config
 include/gcrypt.h
-lib/libgcrypt.a
+%%STATIC%%lib/libgcrypt.a
 lib/libgcrypt.so
 lib/libgcrypt.so.20
 lib/libgcrypt.so.20.3.3