On Fri, 19 Jul 2024 at 15:21, Jonathan Wakely <jwakely@xxxxxxxxxx> wrote: > > On Fri, 19 Jul 2024 at 12:29, Zbigniew Jędrzejewski-Szmek > <zbyszek@xxxxxxxxx> wrote: > > > > On Fri, Jul 19, 2024 at 12:06:21PM +0100, Richard W.M. Jones wrote: > > > Zbigniew (correctly) added this patch to nbdkit: > > > > > > https://src.fedoraproject.org/rpms/nbdkit/c/6b18b74749efbe1f618ea4bc010b56277157b0ac?branch=rawhide > > > > > > I was wondering what it was for because we don't use openssl at all. > > > However when I rebuild nbdkit without the BuildRequires, it fails [see > > > below]. > > > > > > It seems the _real_ problem may be that either boost-devel or > > > rb_libtorrent-devel should runtime Requires: openssl-devel-engine? > > > > > > However I'm not confident enough to say for sure if I should file a > > > bug in those packages (or which one to open a bug against). I also > > > have no idea what openssl "engine" is. > > > > > > Can anyone help on this? > > > > > > Rich. > > > > > > Failed build: > > > https://koji.fedoraproject.org/koji/taskinfo?taskID=120734527 > > > > > > /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../.. -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I. -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c -o nbdkit_torrent_plugin_la-torrent.lo `test -f 'torrent.cpp' || echo '../../../plugins/torrent/'`torrent.cpp > > > libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../.. -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I. -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c ../../../plugins/torrent/torrent.cpp -fPIC -DPIC -o .libs/nbdkit_torrent_plugin_la-torrent.o > > > make[3]: Leaving directory '/builddir/build/BUILD/nbdkit-1.39.10-build/nbdkit-1.39.10/build_native/plugins/torrent' > > > In file included from /usr/include/boost/asio/ssl/context_base.hpp:19, > > > from /usr/include/boost/asio/ssl/context.hpp:23, > > > from /usr/include/boost/asio/ssl.hpp:18, > > > from /usr/include/libtorrent/ssl.hpp:67, > > > from /usr/include/libtorrent/tracker_manager.hpp:69, > > > from /usr/include/libtorrent/alert_types.hpp:69, > > > from ../../../plugins/torrent/torrent.cpp:48: > > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error: openssl/engine.h: No such file or directory > > > 26 | # include <openssl/engine.h> > > > | ^~~~~~~~~~~~~~~~~~ > > > compilation terminated. > > > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp has > > #if !defined(OPENSSL_NO_ENGINE) > > # include <openssl/engine.h> > > #endif // !defined(OPENSSL_NO_ENGINE) > > so it looks like boost-devel itself is fine with openssl-devel-engine > > not being installed, so I don't think the package add the dependency. > > > > Similarly, it seems that rb_libtorrent does't specifically care about > > openssl engines in any way, so I don't think the package add the > > dependency. > > > > Thus, it seems that it's up to the "leaf" package including those > > headers to decide whether to include with openssl engine headers > > enabled. And to "decide", each package must either opt-in by pulling > > in openssl-devel-engine or define OPENSSL_NO_ENGINE. > > > Agreed. Boost Asio will use openssl engine if the user wants it to, > and it will not use it if the user doesn't want it to. So Boost Asio > does *not* depend on openssl-engine. It leaves the decision up to the > users of asio headers. > > We should not force all users of boost-devel to install a deprecated package. It seems like the problem is that openssl assumes you want to use engines *unless* you explicitly define OPENSSL_NO_ENGINE. But the default is to assume you want them. Which is a problem when the headers and libs aren't installed by default. We can patch Boost.Asio like so: --- /usr/include/boost/asio/ssl/detail/openssl_types.hpp 2024-06-07 01:00:00.000000000 +0100 +++ /tmp/openssl_types.hpp 2024-07-19 15:25:40.110115742 +0100 @@ -22,7 +22,7 @@ #endif // defined(BOOST_ASIO_USE_WOLFSSL) #include <openssl/conf.h> #include <openssl/ssl.h> -#if !defined(OPENSSL_NO_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) && __has_include(<openssl/engine.h>) # include <openssl/engine.h> #endif // !defined(OPENSSL_NO_ENGINE) #include <openssl/dh.h> (and similarly in the other Asio ehaders that check OPENSSL_NO_ENGINE) This would mean that you can define OPENSSL_NO_ENGINE to disable engines, but they're automatically disabled if you don't have the header installed. Even better would be for openssl/conf.h to do it: --- /usr/include/openssl/conf.h 2023-08-31 01:00:00.000000000 +0100 +++ /tmp/conf.h 2024-07-19 15:27:57.513979007 +0100 @@ -31,6 +31,10 @@ # include <stdio.h> # endif +#if ! __has_include(<openssl/engine.h>) +# define OPENSSL_NO_ENGINE +#endif + #ifdef __cplusplus extern "C" { #endif -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
