During compile, it lists in configure (from build.log): checking for OpenSSL >= 0.9.7 in standard locations... found; but not usable configure: WARNING: No (usable) OpenSSL found, skipping ssl, ssh and crypto applications checking for gd library... no; found but not usable and later... ********************************************************************* ********************** APPLICATIONS DISABLED ********************** ********************************************************************* crypto : No usable OpenSSL found odbc : No odbc library found percept : libgd not working ssh : No usable OpenSSL found ssl : No usable OpenSSL found ********************************************************************* Reproducible: Always $ emerge --info Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.2.2, glibc-2.6.1-r0, 2.6.23-hrt3 x86_64) ================================================================= System uname: 2.6.23-hrt3 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz Timestamp of tree: Sun, 23 Dec 2007 12:00:01 +0000 app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.1.3 dev-lang/python: 2.4.4-r7, 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe -ftree-vectorize" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -O2 -pipe -ftree-vectorize" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="es_ES.UTF-8" LINGUAS="es es_ES en" MAKEOPTS="" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/voip /usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aac acl acpi aiglx alsa amd64 apache2 arts avahi avi bash-completion berkdb bitmap-fonts bluetooth bonjour cairo cdr cli cracklib crypt cups curl dbus dlloader dri dvd dvdr dvdread eds emboss encode esd evdev evo fam firefox fortran galago gdbm gif gnome gpm gstreamer gtk gtk2 hal iconv icu iproute2 ipv6 isdnlog java jpeg kde kdehiddenvisibility kerberos lcms ldap libg++ libnotify logrotate lucene mad midi mikmod mmx mono mouse mp3 mpeg mudflap ncurses nls nptl nptlonly nsplugin obex ogg opengl openmp oss pam pcre pdf pdflib perl png ppds pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl sse sse2 ssl svg tcpd theora threads tiff truetype truetype-fonts type1-fonts udev unicode v4l v4l2 vorbis xinerama xml xorg xrandr xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" DVB_CARDS="usb-wt220u" ELIBC="glibc" INPUT_DEVICES="synaptics mouse evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="es es_ES en" USERLAND="GNU" VIDEO_CARDS="vesa i810 intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
We need the full config.log attached; thanks.
Actually, on further inspection, I found the failure was closed by broken autotools interacting with --as-needed: linking of the test for openSSL is putting the .o last, which makes it get no libraries linked with it when --as-needed is specified. Removing --as-needed made it build with crypto and ssl support, and it is fully functional. I was scared on the initial failure as it had the same symptoms as bug #184419, which made me spend a lot of time. Sorry for the noise.
(In reply to comment #2) > Sorry for the noise. Erm, that's still a bug. ;)
Ok, we run into problems here...because of some bugs we don't use Erlang's internal SSL, which is a workaround in upstream's eyes and not supported by them. Plus I am not willing to dig too deep into the code of Erlang (I only maintain it because noone else does)...what I could do is strip off the openssl check (because we can rely on its existence on a Gentoo system anyway) or find a patch somewhere in the net. Next week I will start searching probably, maybe a bit earlier.
I wouldn't care too much. As I said, omitting --as-needed makes the configure test pass, and thus the openssl extension gets built. Solving this would entail changes in the configure.in (or whatever is the master) script that tests for openSSL, one which puts the object to be linked last (after the libraries) which makes --as-needed miss the libraries. I'm no expert at all in auto* magics, and this looks really difficult to fix for me. Re: using external openSSL being a workaround, I would consider bundling a base library like openSSL as a severe bug, and report it as a potential security problem. This would leave users patching future problems in openSSL with a false sense of security and at the mercy of the erlang maintainers' patching policies.
(In reply to comment #5) > I wouldn't care too much. As I said, omitting --as-needed makes the configure > test pass, and thus the openssl extension gets built. I consider --as-needed problems as fixworthy...but not if it eats my time. :) > Re: using external openSSL being a workaround, I would consider bundling a base > library like openSSL as a severe bug, and report it as a potential security > problem. This would leave users patching future problems in openSSL with a > false sense of security and at the mercy of the erlang maintainers' patching > policies. See bug 178996 (bundled zlib). Upstream did not understand my request to rely on external libs at first. When I mentioned security problems with bundled libs, they got the clue and promised me to do something about it (their zlib is heavily patched), but in R12 the problem is still the same. Yes, I disagree with this development policy, but because of backwards compatability some changes are not possible for upstream (Ericsson actually)...at least they react fast and friendly. Enough ranting, maybe our --as-needed god Diego has some quick fix at hand.
(In reply to comment #5) > I wouldn't care too much. As I said, omitting --as-needed makes the configure > test pass, and thus the openssl extension gets built. Ok, I will filter --as-needed for now and report upstream.
Remove filtering of --as-needed: if a package fails with --as-needed, the package is simply broken. Leave the bug open and avoid filtering rather than hiding a bug.
Why removing it? For now i would filter it. Most Packages are doing this, where it is needed? So why not here?
FWIW this seems to be fixed in 12.2.1, see #209271
Conrad, Santiago could you please check if it is really fixed with 12.2.1?
Hi! In 12.2.1 the Bug is still there. With --as-needed, ssl is missing.
It is still there. Actually it is a buglet in the configure/autoconf/whatever definitions, where if --as-needed is in the options nothing is linked, as the .o containing the references is last in the command line. On the other hand, their scripts are not adding extra libs to the command lines, what means that using --as-needed or not would make no difference or barely: $ equery files erlang | grep \\.so | xargs ldd -u -r 2>/dev/null /usr/lib64/erlang/lib/asn1-1.5/priv/lib/asn1_erl_drv.so: Unused direct dependencies: /lib/libutil.so.1 /lib/libdl.so.2 /usr/lib64/erlang/lib/common_test-1.3.1/priv/lib/erl_rx_driver.so: Unused direct dependencies: /usr/lib64/erlang/lib/crypto-1.5.1.1/priv/lib/crypto_drv.so: Unused direct dependencies: /usr/lib64/erlang/lib/megaco-3.7.1/priv/lib/megaco_flex_scanner_drv.so: Unused direct dependencies: /usr/lib64/erlang/lib/megaco-3.7.1/priv/lib/megaco_flex_scanner_drv_mt.so: Unused direct dependencies: /usr/lib64/erlang/lib/percept-0.6.2/priv/lib/egd_drv.so: Unused direct dependencies: /lib/libutil.so.1 /lib/libdl.so.2 /usr/lib64/erlang/lib/runtime_tools-1.7.1/priv/lib/trace_file_drv.so: Unused direct dependencies: /lib/libutil.so.1 /lib/libdl.so.2 /usr/lib64/erlang/lib/runtime_tools-1.7.1/priv/lib/trace_ip_drv.so: Unused direct dependencies: /lib/libutil.so.1 /lib/libdl.so.2
Hi, I just stepped upon this and would heavily suggest not to leave it in it's current state, as this just hides bugs. My suggestion would be a big fat die if it detects ldflags --as-needed, explaining the user what it is, how he can workaround (LDFLAGS="" emerge foo). This would be still a lot better than silently not building ssl support.
I agree that this is a good solution, specially given that the ebuild takes care to not link unneeded libraries. Don't forget to add -Wl,--as-needed in CFLAGS in the checks, as this is the form that is needed for a lot of libtool ebuilds which invoke the linker through CC.
I added a check in 12.2.1
Created attachment 150861 [details, diff] erlang-12.2.1--as-needed.patch This patch fixes the issue here. BTW, the check for --as-needed in ebuild was completely broken. is-ldflag should check for "-Wl,--as-needed" in other case... And to help desperate search attempts I'll record here problem with ~ejabberd-2.0.0 compilation I had, which was caused by this bug: checking for erl... /usr/bin/erl ./conftest.erl:6: can't find include lib "ssl/include/ssl_pkix.hrl" configure: error: could not compile sample program And that was caused by erlang not compiled with ssl.
Created attachment 150862 [details, diff] erlang-12.2.1.ebuild.patch
(In reply to comment #17) > Created an attachment (id=150861) [edit] > erlang-12.2.1--as-needed.patch > > This patch fixes the issue here. BTW, the check for --as-needed in ebuild was > completely broken. is-ldflag should check for "-Wl,--as-needed" in other > case... Thanks a lot. Could the rest please verify? I will add the patch then and report it upstream.
(In reply to comment #19) > Thanks a lot. Could the rest please verify? I will add the patch then and > report it upstream. I applied the patch to the 12.2.2 ebuild, rebuilt with --as-needed in my make.conf's LDFLAGS and voila: Eshell V5.6.2 (abort with ^G) 1> application:start(ssl). ok Inspecting loaded modules with ^C-l before and after shows that ssl is really being loaded. hope this helps?
Patch is applied and reported upstream. Thanks to everyone.
I think you missed the autotools inherit & eautoreconf call in the 12.2.2 ebuild, in src_unpack after the HIPE warning. Without it OpenSSL is still considered "not usable".
(In reply to comment #22) > I think you missed the autotools inherit & eautoreconf call in the 12.2.2 > ebuild, in src_unpack after the HIPE warning. Without it OpenSSL is still > considered "not usable". Correct. One should not fix bugs late at night shortly before going to bed.
For your information: "I've incorporated this patch. Planned to be released in R12B-3. Seems like the right way to do it anyway, regardless of --as-needed or any other linker flags. /Sverker, Erlang/OTP, Ericsson"
