On Fri, 19 Jul 2024 at 15:31, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > On Fri, Jul 19, 2024 at 03:28:20PM +0100, Jonathan Wakely wrote: > > On Fri, 19 Jul 2024 at 15:21, Jonathan Wakely <jwakely@xxxxxxxxxx> wrote: > > > > > > On Fri, 19 Jul 2024 at 12:29, Zbigniew Jędrzejewski-Szmek > > > <zbyszek@xxxxxxxxx> wrote: > > > > > > > > On Fri, Jul 19, 2024 at 12:06:21PM +0100, Richard W.M. Jones wrote: > > > > > Zbigniew (correctly) added this patch to nbdkit: > > > > > > > > > > https://src.fedoraproject.org/rpms/nbdkit/c/6b18b74749efbe1f618ea4bc010b56277157b0ac?branch=rawhide > > > > > > > > > > I was wondering what it was for because we don't use openssl at all. > > > > > However when I rebuild nbdkit without the BuildRequires, it fails [see > > > > > below]. > > > > > > > > > > It seems the _real_ problem may be that either boost-devel or > > > > > rb_libtorrent-devel should runtime Requires: openssl-devel-engine? > > > > > > > > > > However I'm not confident enough to say for sure if I should file a > > > > > bug in those packages (or which one to open a bug against). I also > > > > > have no idea what openssl "engine" is. > > > > > > > > > > Can anyone help on this? > > > > > > > > > > Rich. > > > > > > > > > > Failed build: > > > > > https://koji.fedoraproject.org/koji/taskinfo?taskID=120734527 > > > > > > > > > > /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../.. -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I. -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c -o nbdkit_torrent_plugin_la-torrent.lo `test -f 'torrent.cpp' || echo '../../../plugins/torrent/'`torrent.cpp > > > > > libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent -I../.. -I../../../include -I../../include -I../../../common/include -I../../../common/utils -I. -pthread -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -c ../../../plugins/torrent/torrent.cpp -fPIC -DPIC -o .libs/nbdkit_torrent_plugin_la-torrent.o > > > > > make[3]: Leaving directory '/builddir/build/BUILD/nbdkit-1.39.10-build/nbdkit-1.39.10/build_native/plugins/torrent' > > > > > In file included from /usr/include/boost/asio/ssl/context_base.hpp:19, > > > > > from /usr/include/boost/asio/ssl/context.hpp:23, > > > > > from /usr/include/boost/asio/ssl.hpp:18, > > > > > from /usr/include/libtorrent/ssl.hpp:67, > > > > > from /usr/include/libtorrent/tracker_manager.hpp:69, > > > > > from /usr/include/libtorrent/alert_types.hpp:69, > > > > > from ../../../plugins/torrent/torrent.cpp:48: > > > > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error: openssl/engine.h: No such file or directory > > > > > 26 | # include <openssl/engine.h> > > > > > | ^~~~~~~~~~~~~~~~~~ > > > > > compilation terminated. > > > > > > > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp has > > > > #if !defined(OPENSSL_NO_ENGINE) > > > > # include <openssl/engine.h> > > > > #endif // !defined(OPENSSL_NO_ENGINE) > > > > so it looks like boost-devel itself is fine with openssl-devel-engine > > > > not being installed, so I don't think the package add the dependency. > > > > > > > > Similarly, it seems that rb_libtorrent does't specifically care about > > > > openssl engines in any way, so I don't think the package add the > > > > dependency. > > > > > > > > Thus, it seems that it's up to the "leaf" package including those > > > > headers to decide whether to include with openssl engine headers > > > > enabled. And to "decide", each package must either opt-in by pulling > > > > in openssl-devel-engine or define OPENSSL_NO_ENGINE. > > > > > > > > > Agreed. Boost Asio will use openssl engine if the user wants it to, > > > and it will not use it if the user doesn't want it to. So Boost Asio > > > does *not* depend on openssl-engine. It leaves the decision up to the > > > users of asio headers. > > > > > > We should not force all users of boost-devel to install a deprecated package. > > > > It seems like the problem is that openssl assumes you want to use > > engines *unless* you explicitly define OPENSSL_NO_ENGINE. But the > > default is to assume you want them. Which is a problem when the > > headers and libs aren't installed by default. > > > > We can patch Boost.Asio like so: > > > > --- /usr/include/boost/asio/ssl/detail/openssl_types.hpp > > 2024-06-07 01:00:00.000000000 +0100 > > +++ /tmp/openssl_types.hpp 2024-07-19 15:25:40.110115742 +0100 > > @@ -22,7 +22,7 @@ > > #endif // defined(BOOST_ASIO_USE_WOLFSSL) > > #include <openssl/conf.h> > > #include <openssl/ssl.h> > > -#if !defined(OPENSSL_NO_ENGINE) > > +#if !defined(OPENSSL_NO_ENGINE) && __has_include(<openssl/engine.h>) > > Wouldn't it be better as a ./configure-time test, assuming Boost has > such a mechanism? No, because it isn't a build time decision. Every package that uses Asio headers can decide to use Asio with openssl, or Asio without openssl. And if they use it with openssl, they can use it with or without engines. Deciding up front when Boost is built would remove that choice from consumers of the Asio headers. > > Anyway I suggested a different approach, patching rb_libtorrent, on > the bug. > > Personally I have no preference which way it is fixed. It should be fixed once in openssl, not in every downstream package that *doesn't* want to use engines. > > Rich. > > > # include <openssl/engine.h> > > #endif // !defined(OPENSSL_NO_ENGINE) > > #include <openssl/dh.h> > > > > (and similarly in the other Asio ehaders that check OPENSSL_NO_ENGINE) > > > > This would mean that you can define OPENSSL_NO_ENGINE to disable > > engines, but they're automatically disabled if you don't have the > > header installed. > > > > Even better would be for openssl/conf.h to do it: > > > > --- /usr/include/openssl/conf.h 2023-08-31 01:00:00.000000000 +0100 > > +++ /tmp/conf.h 2024-07-19 15:27:57.513979007 +0100 > > @@ -31,6 +31,10 @@ > > # include <stdio.h> > > # endif > > > > +#if ! __has_include(<openssl/engine.h>) > > +# define OPENSSL_NO_ENGINE > > +#endif > > + > > #ifdef __cplusplus > > extern "C" { > > #endif > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > Fedora Windows cross-compiler. Compile Windows programs, test, and > build Windows installers. Over 100 libraries supported. > http://fedoraproject.org/wiki/MinGW > -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
