On Mon, Apr 04, 2022 at 10:59:54PM -0400, rsbecker@xxxxxxxxxxxxx wrote: > On April 4, 2022 8:54 PM, Carlo Marcelo Arenas Belón wrote: > >On Mon, Apr 04, 2022 at 05:26:10PM -0700, Carlo Marcelo Arenas Belón wrote: > >> On Mon, Apr 04, 2022 at 06:40:35PM -0400, rsbecker@xxxxxxxxxxxxx wrote: > >> > On April 4, 2022 6:33 PM, Junio C Hamano wrote: > >> > >To: Randall S. Becker <rsbecker@xxxxxxxxxxxxx> > >> > >Cc: Git Mailing List <git@xxxxxxxxxxxxxxx>; > >> > >git-packagers@xxxxxxxxxxxxxxxx > >> > >Subject: Re: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops > >> > > > >> > >CSPRNG_METHOD? > >> > > >> > We already have > >> > > >> > CSPRNG_METHOD = openssl > >> > > >> > In the config for NonStop. Should that not have worked? > >> > >> only if you are not telling your openssl to hide that function[1] > >> > >> Carlo > >> > >> [1] https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html > > > >nevermind, it seems we forgot to track this header somehow, so will need > >something like (untested and likely to need changes to support NO_OPENSSL) > > > >Carlo > >--- >8 --- > >diff --git a/git-compat-util.h b/git-compat-util.h index 4d444dca274..68a9b9cd975 > >100644 > >--- a/git-compat-util.h > >+++ b/git-compat-util.h > >@@ -525,6 +525,10 @@ void warning_errno(const char *err, ...) > >__attribute__((format (printf, 1, 2))); #include <openssl/x509v3.h> #endif /* > >NO_OPENSSL */ > > > >+#ifdef HAVE_OPENSSL_CSPRNG > >+#include <openssl/rand.h> > >+#endif > >+ > > /* > > * Let callers be aware of the constant return value; this can help > > * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, > > I was able to make the build work, adding the above patch and libcrypto.so and libssl.so to our LDFLAGS. Adding libcrypto wasn't enough?; of course it will depend on your linker but when tested in Linux and macOS the only "U" symbol that got pulled was RAND_bytes and -lcrypto was all that was needed. Official patch including both libraries below, but it would be ideal to only pull one if possible. Carlo -- >8 -- Subject: [PATCH] git-compat-util: really support openssl as a source of entropy 05cd988dce5 (wrapper: add a helper to generate numbers from a CSPRNG, 2022-01-17), configure openssl as the source for entropy in NON-STOP but doesn't add the needed header or link options. Since the only system that is configured to use openssl as a source of entropy is NON-STOP, add the header unconditionally, and -lcrypto to the list of external libraries. An additional change is required to make sure a NO_OPENSSL=1 build will be able to work as well (tested on Linux with a modified value of CSPRNG_METHOD = openssl), and the more complex logic that allows for compatibility with APPLE_COMMON_CRYPTO or allowing for simpler ways to link (without libssl) has been punted for now. Reported-by: Randall Becker <rsbecker@xxxxxxxxxxxxx> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> --- Makefile | 1 + git-compat-util.h | 4 ++++ imap-send.c | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 91738485626..f8bccfab5e9 100644 --- a/Makefile +++ b/Makefile @@ -1972,6 +1972,7 @@ endif ifneq ($(findstring openssl,$(CSPRNG_METHOD)),) BASIC_CFLAGS += -DHAVE_OPENSSL_CSPRNG + EXTLIBS += -lcrypto -lssl endif ifneq ($(PROCFS_EXECUTABLE_PATH),) diff --git a/git-compat-util.h b/git-compat-util.h index 4d444dca274..68a9b9cd975 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -525,6 +525,10 @@ void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); #include <openssl/x509v3.h> #endif /* NO_OPENSSL */ +#ifdef HAVE_OPENSSL_CSPRNG +#include <openssl/rand.h> +#endif + /* * Let callers be aware of the constant return value; this can help * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, diff --git a/imap-send.c b/imap-send.c index 5ac6fa9c664..a50af56b827 100644 --- a/imap-send.c +++ b/imap-send.c @@ -27,7 +27,7 @@ #include "exec-cmd.h" #include "run-command.h" #include "parse-options.h" -#ifdef NO_OPENSSL +#if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG) typedef void *SSL; #endif #ifdef USE_CURL_FOR_IMAP_SEND -- 2.35.1.505.g27486cd1b2d
