Re: nbdkit -> openssl-devel-engine build dependency

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 19 Jul 2024 at 15:21, Jonathan Wakely <jwakely@xxxxxxxxxx> wrote:
>
> On Fri, 19 Jul 2024 at 12:29, Zbigniew Jędrzejewski-Szmek
> <zbyszek@xxxxxxxxx> wrote:
> >
> > On Fri, Jul 19, 2024 at 12:06:21PM +0100, Richard W.M. Jones wrote:
> > > Zbigniew (correctly) added this patch to nbdkit:
> > >
> > >   https://src.fedoraproject.org/rpms/nbdkit/c/6b18b74749efbe1f618ea4bc010b56277157b0ac?branch=rawhide
> > >
> > > I was wondering what it was for because we don't use openssl at all.
> > > However when I rebuild nbdkit without the BuildRequires, it fails [see
> > > below].
> > >
> > > It seems the _real_ problem may be that either boost-devel or
> > > rb_libtorrent-devel should runtime Requires: openssl-devel-engine?
> > >
> > > However I'm not confident enough to say for sure if I should file a
> > > bug in those packages (or which one to open a bug against).  I also
> > > have no idea what openssl "engine" is.
> > >
> > > Can anyone help on this?
> > >
> > > Rich.
> > >
> > > Failed build:
> > > https://koji.fedoraproject.org/koji/taskinfo?taskID=120734527
> > >
> > > /bin/sh ../../libtool  --tag=CXX   --mode=compile g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../..  -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I.    -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2  -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer  -c -o nbdkit_torrent_plugin_la-torrent.lo `test -f 'torrent.cpp' || echo '../../../plugins/torrent/'`torrent.cpp
> > > libtool: compile:  g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../.. -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I. -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c ../../../plugins/torrent/torrent.cpp  -fPIC -DPIC -o .libs/nbdkit_torrent_plugin_la-torrent.o
> > > make[3]: Leaving directory '/builddir/build/BUILD/nbdkit-1.39.10-build/nbdkit-1.39.10/build_native/plugins/torrent'
> > > In file included from /usr/include/boost/asio/ssl/context_base.hpp:19,
> > >                  from /usr/include/boost/asio/ssl/context.hpp:23,
> > >                  from /usr/include/boost/asio/ssl.hpp:18,
> > >                  from /usr/include/libtorrent/ssl.hpp:67,
> > >                  from /usr/include/libtorrent/tracker_manager.hpp:69,
> > >                  from /usr/include/libtorrent/alert_types.hpp:69,
> > >                  from ../../../plugins/torrent/torrent.cpp:48:
> > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error: openssl/engine.h: No such file or directory
> > >    26 | # include <openssl/engine.h>
> > >       |           ^~~~~~~~~~~~~~~~~~
> > > compilation terminated.
> >
> > /usr/include/boost/asio/ssl/detail/openssl_types.hpp has
> >   #if !defined(OPENSSL_NO_ENGINE)
> >   # include <openssl/engine.h>
> >   #endif // !defined(OPENSSL_NO_ENGINE)
> > so it looks like boost-devel itself is fine with openssl-devel-engine
> > not being installed, so I don't think the package add the dependency.
> >
> > Similarly, it seems that rb_libtorrent does't specifically care about
> > openssl engines in any way, so I don't think the package add the
> > dependency.
> >
> > Thus, it seems that it's up to the "leaf" package including those
> > headers to decide whether to include with openssl engine headers
> > enabled. And to "decide", each package must either opt-in by pulling
> > in openssl-devel-engine or define OPENSSL_NO_ENGINE.
>
>
> Agreed. Boost Asio will use openssl engine if the user wants it to,
> and it will not use it if the user doesn't want it to. So Boost Asio
> does *not* depend on openssl-engine. It leaves the decision up to the
> users of asio headers.
>
> We should not force all users of boost-devel to install a deprecated package.

It seems like the problem is that openssl assumes you want to use
engines *unless* you explicitly define OPENSSL_NO_ENGINE. But the
default is to assume you want them. Which is a problem when the
headers and libs aren't installed by default.

We can patch Boost.Asio like so:

--- /usr/include/boost/asio/ssl/detail/openssl_types.hpp
2024-06-07 01:00:00.000000000 +0100
+++ /tmp/openssl_types.hpp      2024-07-19 15:25:40.110115742 +0100
@@ -22,7 +22,7 @@
#endif // defined(BOOST_ASIO_USE_WOLFSSL)
#include <openssl/conf.h>
#include <openssl/ssl.h>
-#if !defined(OPENSSL_NO_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE) && __has_include(<openssl/engine.h>)
# include <openssl/engine.h>
#endif // !defined(OPENSSL_NO_ENGINE)
#include <openssl/dh.h>

(and similarly in the other Asio ehaders that check OPENSSL_NO_ENGINE)

This would mean that you can define OPENSSL_NO_ENGINE to disable
engines, but they're automatically disabled if you don't have the
header installed.

Even better would be for openssl/conf.h to do it:

--- /usr/include/openssl/conf.h 2023-08-31 01:00:00.000000000 +0100
+++ /tmp/conf.h 2024-07-19 15:27:57.513979007 +0100
@@ -31,6 +31,10 @@
#  include <stdio.h>
# endif

+#if ! __has_include(<openssl/engine.h>)
+#  define OPENSSL_NO_ENGINE
+#endif
+
#ifdef  __cplusplus
extern "C" {
#endif

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux