# Remove dependency on security/openssl on install ports with portmaster



## Oclair (Feb 26, 2021)

Hi there,
I've upgraded freebsd on a system from 11.x to 12.2 and would like to remove the security/openssl port and redefine dependencies to the base version included with 12.2.  I commented out DEFAULT_VERSIONS+= ssl=openssl in /etc/make.conf but noticed when running portmaster -af security/openssl remains a dependency with other ports.  I've been working with portmaster and prefer suggestions related to portmaster. 
Thanks in advance and have a great day!
Oclair

update: running a simple pkg delete openssl returns the following

```
Installed packages to be REMOVED:
        ImageMagick6-nox11: 6.9.11.6_2,1
        acme.sh: 2.8.8
        apr: 1.7.0.1.6.1_1
        asciidoc: 9.0.5
        bind-tools: 9.16.11
        cairo: 1.16.0_1,3
        clamav: 0.103.1,1
        cmake: 3.19.4_1
        curl: 7.75.0
        cyrus-sasl: 2.1.27_1
        dovecot: 2.3.13
        dovecot-pigeonhole: 0.5.13
        doxygen: 1.9.0,2
        ffmpeg: 4.3.1_10,1
        freetds: 1.2.18,1
        frei0r: 1.7.0.18
        galera: 25.3.32
        gamin: 0.1.10_10
        gdb: 10.1_1
        git: 2.30.1
        glib: 2.66.4_1,1
        gnupg1: 1.4.23_2
        gnutls: 3.6.15
        gobject-introspection: 1.66.1,1
        graphviz: 2.44.1_7
        gtk-doc: 1.33.2
        harfbuzz: 2.7.4
        harfbuzz-icu: 2.7.4_1
        htdig: 3.2.0.b6_6
        itstool: 2.0.6
        ldns: 1.7.1_2
        lftp: 4.9.2
        libarchive: 3.4.3_1,1
        libass: 0.15.0
        libgphoto2: 2.5.26
        liblqr-1: 0.4.2
        libmemcached: 1.0.18_7
        libraqm: 0.6.0
        libssh2: 1.9.0_3,3
        libzip: 1.7.3
        llvm10: 10.0.1_5
        llvm80: 8.0.1_4
        maia: 1.0.4_5
        mailgraph: 1.14_10
        mariadb103-client: 10.3.27_1
        mariadb103-server: 10.3.27
        mc-nox11: 4.8.26
        meson: 0.56.2
        mysqlbackup: 2.8
        net-snmp: 5.9_1,1
        nextcloud-php73: 20.0.7
        nginx: 1.18.0_46,2
        ninja: 1.10.2,2
        nmap: 7.91
        opencv: 4.5.1
        opendkim: 2.10.3_11
        openldap-client: 2.4.57
        openssl: 1.1.1i_1,1
        p11-kit: 0.23.22
        p5-Crypt-OpenSSL-Bignum: 0.09
        p5-Crypt-OpenSSL-RSA: 0.31
        p5-Crypt-OpenSSL-Random: 0.15
        p5-Crypt-SSLeay: 0.72_3
        p5-DBD-mysql: 4.050
        p5-FuzzyOcr-devel: 3.6.0_6
        p5-GeoIP2: 2.006002
        p5-IO-All-LWP: 0.14_2
        p5-IO-Socket-SSL: 2.069
        p5-LWP-Protocol-https: 6.10
        p5-Mail-DKIM: 0.58
        p5-Mail-DomainKeys: 1.0_2
        p5-Net-HTTP: 6.20
        p5-Net-SSLeay: 1.88
        p5-libwww: 6.52
        p5-subversion: 1.14.1
        panda-cclient: 20130621_1
        pango: 1.42.4_5
        php73-curl: 7.3.27
        php73-extensions: 1.0
        php73-ftp: 7.3.27
        php73-imap: 7.3.27
        php73-ldap: 7.3.27
        php73-openssl: 7.3.27
        php73-pecl-imagick: 3.4.4_2
        php73-zip: 7.3.27
        phpMyAdmin-php73: 4.9.7
        poppler: 21.02.0
        postfix: 3.5.9,1
        postfixadmin: 3.2.4
        py37-Babel: 2.9.0
        py37-CommonMark: 0.9.1
        py37-Jinja2: 2.11.2_1
        py37-acme: 1.11.0,1
        py37-alabaster: 0.7.6
        py37-appdirs: 1.4.4
        py37-arrow: 0.17.0
        py37-asn1crypto: 1.4.0
        py37-b2sdk: 1.1.4
        py37-bcrypt: 3.2.0
        py37-beaker: 1.11.0
        py37-boto: 2.49.0_1
        py37-boto3: 1.16.56
        py37-botocore: 1.19.56
        py37-certbot: 1.11.0,1
        py37-certbot-nginx: 1.11.0
        py37-certifi: 2020.12.5
        py37-cffi: 1.14.4
        py37-chardet: 3.0.4_3
        py37-configargparse: 1.2.3
        py37-configobj: 5.0.6_1
        py37-country: 18.5.26
        py37-cryptography: 2.9.2
        py37-cython: 0.29.21
        py37-dateutil: 2.8.1
        py37-distro: 1.5.0
        py37-docutils: 0.16
        py37-fasteners: 0.16
        py37-funcsigs: 1.0.2
        py37-future: 0.18.2
        py37-google-i18n-address: 2.3.5
        py37-html5lib: 1.0.1
        py37-idna: 2.10
        py37-imagesize: 1.1.0
        py37-intervaltree: 3.0.2
        py37-jmespath: 0.10.0
        py37-josepy: 1.5.0
        py37-kitchen: 1.2.6
        py37-libcloud: 3.3.1
        py37-libxml2: 2.9.10_2
        py37-logfury: 0.1.2
        py37-lxml: 4.6.2
        py37-mako: 1.0.14_1
        py37-markupsafe: 1.1.1_1
        py37-mock: 3.0.5
        py37-monotonic: 1.5
        py37-msgpack: 1.0.2
        py37-numpy: 1.16.6,1
        py37-openssl: 19.1.0
        py37-packaging: 20.9
        py37-paramiko: 2.7.1
        py37-parsedatetime: 2.6
        py37-pexpect: 4.8.0
        py37-ply: 3.11
        py37-progressbar: 2.5
        py37-psutil: 5.8.0
        py37-ptyprocess: 0.6.0
        py37-pyasn1: 0.4.7
        py37-pycparser: 2.20
        py37-pycrypto: 2.6.1_3
        py37-pyflakes: 2.2.0
        py37-pygments: 2.7.2
        py37-pyinotify: 0.9.6
        py37-pynacl: 1.4.0
        py37-pyparsing: 2.4.7
        py37-pyrfc3339: 1.1
        py37-pysocks: 1.7.1
        py37-pystemmer: 2.0.0.1
        py37-pytest-runner: 2.11.1
        py37-pytz: 2020.5,1
        py37-pyzmq: 22.0.2
        py37-recommonmark: 0.5.0_2
        py37-repoze.sphinx.autointerface: 0.8
        py37-requests: 2.22.0_2
        py37-requests-toolbelt: 0.9.1
        py37-s3transfer: 0.3.4
        py37-salt: 3002.2_1
        py37-setuptools: 44.0.0
        py37-setuptools_scm: 4.1.2_1
        py37-six: 1.15.0
        py37-snowballstemmer: 1.2.1
        py37-sortedcontainers: 2.3.0
        py37-sphinx: 3.4.3,1
        py37-sphinx_rtd_theme: 0.4.3
        py37-sphinxcontrib-applehelp: 1.0.2
        py37-sphinxcontrib-devhelp: 1.0.2
        py37-sphinxcontrib-htmlhelp: 1.0.3
        py37-sphinxcontrib-jsmath: 1.0.1
        py37-sphinxcontrib-qthelp: 1.0.3
        py37-sphinxcontrib-serializinghtml: 1.1.4
        py37-sphinxcontrib-websupport: 1.2.4
        py37-sqlite3: 3.7.9_7
        py37-toml: 0.10.2
        py37-tornado4: 4.5.3
        py37-tqdm: 4.56.0
        py37-urllib3: 1.25.11,1
        py37-webencodings: 0.5.1
        py37-wheel: 0.30.0_1
        py37-yaml: 5.3.1_1
        py37-zope.component: 4.2.2
        py37-zope.event: 4.1.0
        py37-zope.interface: 4.6.0
        python36: 3.6.12_2
        python37: 3.7.9_1
        rainloop-community-php73: 1.15.0
        rarian: 0.8.1_6
        rkhunter: 1.4.6
        roundcube-php73: 1.4.11,1
        rrdtool: 1.7.2_4
        rsync: 3.2.3
        ruby: 2.6.6_2,1
        ruby26-gems: 3.0.8
        rubygem-asciidoctor: 2.0.10
        scons-py37: 3.1.2
        serf: 1.3.9_6
        spamassassin: 3.4.4
        subversion: 1.14.1
        talloc: 2.3.1
        tarsnap: 1.0.39
        tarsnap-periodic: 1.0.20170413
        tdb: 1.4.3,1
        tesseract: 4.1.1_3
        tevent: 0.10.2_1
        tex-basic-engines: 20150521
        tex-dvipsk: 5.995_2
        tex-formats: 20150521_2
        tex-web2c: 20150521_3
        texlive-base: 20150521_62
        texlive-texmf: 20150523_4
        trousers: 0.3.14_3
        unbound: 1.13.1
        unrar: 6.00,6
        w3m: 0.5.3.20210206
        webmin: 1.970
        wget: 1.21
        wordpress: 5.5.3,1
        xcb-proto: 1.14.1
        xml2rfc: 3.3.0
        xmlto: 0.0.28
        znc: 1.8.2_1

Number of packages to be removed: 229

The operation will free 5 GiB.
```


----------



## SirDice (Feb 26, 2021)

Some ports have specific settings for it. Which ports in particular are you having problems with?


----------



## ShelLuser (Feb 26, 2021)

You should check /usr/ports/Mk/bsd.default-versions.mk more carefully. If you remove the preference setting, then this will happen:


```
#       If no preference was set, check for an installed base version
#       but give an installed port preference over it.
```
Ergo I'm somewhat convinced that what you're experiencing is simply by design. So I'd try changing the value to base instead of removing it, then see what happens next.


----------



## SirDice (Feb 26, 2021)

Good point. I always forget that. `pkg delete -f openssl` (this should only delete openssl, not everything depending on it), then rebuild everything.


----------



## Oclair (Feb 26, 2021)

ShelLuser said:


> You should check /usr/ports/Mk/bsd.default-versions.mk more carefully. If you remove the preference setting, then this will happen:
> 
> 
> ```
> ...


Thank you 



SirDice said:


> Good point. I always forget that. `pkg delete -f openssl` (this should only delete openssl, not everything depending on it), then rebuild everything.


Wow very grateful thanks guys!
Now I'm a bit more comfortable moving on this!


----------



## Oclair (Feb 26, 2021)

Would the following in /etc/make.conf be the right way to go?
DEFAULT_VERSIONS+= ssl=base


----------



## Oclair (Feb 26, 2021)

Ok so I needed to use a ginea pig like mariadb103-client to sus out the dependencies
running  #make reinstall -C /usr/ports/databases/mariadb103-client
returned errors such as

EXAMPLE
ld-elf.so.1: Shared object "libssl.so.11" not found, required by "libcurl.so.4"

Then I would run 
#locate libcurl.so.4
#pkg which /usr/local/lib/libcurl.so.4
#make reinstall -C /usr/ports/ftp/curl

and then run again to see what's next....
 #make reinstall -C /usr/ports/databases/mariadb103-client


----------



## Oclair (Feb 26, 2021)

I have to say I prefer rebuilding breaking due to missing prereqs and hunting them critters down, instead of it automatically re-installing security/openssl again.


----------

