security/libgcrypt: Make static an option

Static linked binaries, due to the fact that they're statically linked,
can pose a security risk should a library be updated and depending
software not be recompiled and linked. This was a hot topic on BUGTRAQ
about 25 years ago.

The default is to build static libraries so as not to alter the package
avoiding a POLA violation.

PR:		255735
Submitted by:	Daniel Engberg <daniel.engberg.lists@pyret.net> (mostly)
Reported by:	Daniel Engberg <daniel.engberg.lists@pyret.net>
Reviewed by:	cy
Tested by:	cy
MFH:		2021Q2

2 files changed, 7 insertions, 3 deletions

diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile
index 50bdb9691697..6e3635f6977e 100644
--- a/security/libgcrypt/Makefile
+++ b/security/libgcrypt/Makefile
@@ -17,7 +17,7 @@ USES=		cpe libtool makeinfo tar:bzip2
 CPE_VENDOR=	gnupg
 USE_CSTD=	gnu89
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--disable-drng-support --enable-static=yes
+CONFIGURE_ARGS=	--disable-drng-support
 CONFIGURE_ENV=	MAKEINFO="${MAKEINFO} --no-split"
 CONFIGURE_TARGET=${ARCH:S/amd64/x86_64/}-portbld-${OPSYS:tl}${OSREL}
 USE_LDCONFIG=	yes
@@ -28,7 +28,11 @@ DOCS=		AUTHORS ChangeLog ChangeLog-2011 INSTALL NEWS THANKS TODO \
 INFO=		gcrypt
 PORTDOCS=	*
 
-OPTIONS_DEFINE=	DOCS
+OPTIONS_DEFINE=		DOCS STATIC
+OPTIONS_DEFAULT=	DOCS STATIC
+OPTIONS_SUB=	yes
+
+STATIC_CONFIGURE_ENABLE=	static
 
 .include <bsd.port.options.mk>
 
diff --git a/security/libgcrypt/pkg-plist b/security/libgcrypt/pkg-plist
index b09d7fdf9bf5..00796bc75bb1 100644
--- a/security/libgcrypt/pkg-plist
+++ b/security/libgcrypt/pkg-plist
@@ -3,7 +3,7 @@ bin/dumpsexp
 bin/hmac256
 bin/libgcrypt-config
 include/gcrypt.h
-lib/libgcrypt.a
+%%STATIC%%lib/libgcrypt.a
 lib/libgcrypt.so
 lib/libgcrypt.so.20
 lib/libgcrypt.so.20.3.3