Gentoo Full Text Bug Listing

Description:

Opened: 2007-12-23 18:02 0000

During compile, it lists in configure (from build.log):

checking for OpenSSL >= 0.9.7 in standard locations... found; but not usable
configure: WARNING: No (usable) OpenSSL found, skipping ssl, ssh and crypto
applications
checking for gd library... no; found but not usable


and later...

*********************************************************************
**********************  APPLICATIONS DISABLED  **********************
*********************************************************************

crypto         : No usable OpenSSL found
odbc           : No odbc library found
percept        : libgd not working
ssh            : No usable OpenSSL found
ssl            : No usable OpenSSL found

*********************************************************************


Reproducible: Always




$ emerge --info
Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.2.2,
glibc-2.6.1-r0, 2.6.23-hrt3 x86_64)
=================================================================
System uname: 2.6.23-hrt3 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Timestamp of tree: Sun, 23 Dec 2007 12:00:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.1.3
dev-lang/python:     2.4.4-r7, 2.5.1-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe -ftree-vectorize"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo
/etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=nocona -O2 -pipe -ftree-vectorize"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms strict
unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="es_ES.UTF-8"
LINGUAS="es es_ES en"
MAKEOPTS=""
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/voip
/usr/portage/local/layman/sunrise /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aac acl acpi aiglx alsa amd64 apache2 arts avahi avi bash-completion
berkdb bitmap-fonts bluetooth bonjour cairo cdr cli cracklib crypt cups curl
dbus dlloader dri dvd dvdr dvdread eds emboss encode esd evdev evo fam firefox
fortran galago gdbm gif gnome gpm gstreamer gtk gtk2 hal iconv icu iproute2
ipv6 isdnlog java jpeg kde kdehiddenvisibility kerberos lcms ldap libg++
libnotify logrotate lucene mad midi mikmod mmx mono mouse mp3 mpeg mudflap
ncurses nls nptl nptlonly nsplugin obex ogg opengl openmp oss pam pcre pdf
pdflib perl png ppds pppd python qt3 qt3support qt4 quicktime readline
reflection sdl session spell spl sse sse2 ssl svg tcpd theora threads tiff
truetype truetype-fonts type1-fonts udev unicode v4l v4l2 vorbis xinerama xml
xorg xrandr xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw
asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa
lfloat linear meter mulaw multi null plug rate route share shm softvol"
APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd
authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile
authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd
deflate dir disk_cache env expires ext_filter file_cache filter headers ident
imagemap include info log_config logio mem_cache mime mime_magic negotiation
proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so
speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker"
DVB_CARDS="usb-wt220u" ELIBC="glibc" INPUT_DEVICES="synaptics mouse evdev
keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216
lcdm001 mtxorb ncurses text" LINGUAS="es es_ES en" USERLAND="GNU"
VIDEO_CARDS="vesa i810 intel"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Actually, on further inspection, I found the failure was closed by broken autotools interacting with --as-needed: linking of the test for openSSL is putting the .o last, which makes it get no libraries linked with it when --as-needed is specified. Removing --as-needed made it build with crypto and ssl support, and it is fully functional. I was scared on the initial failure as it had the same symptoms as bug #184419, which made me spend a lot of time. Sorry for the noise.

Ok, we run into problems here...because of some bugs we don't use Erlang's internal SSL, which is a workaround in upstream's eyes and not supported by them. Plus I am not willing to dig too deep into the code of Erlang (I only maintain it because noone else does)...what I could do is strip off the openssl check (because we can rely on its existence on a Gentoo system anyway) or find a patch somewhere in the net. Next week I will start searching probably, maybe a bit earlier.

I wouldn't care too much. As I said, omitting --as-needed makes the configure test pass, and thus the openssl extension gets built. Solving this would entail changes in the configure.in (or whatever is the master) script that tests for openSSL, one which puts the object to be linked last (after the libraries) which makes --as-needed miss the libraries. I'm no expert at all in auto* magics, and this looks really difficult to fix for me. Re: using external openSSL being a workaround, I would consider bundling a base library like openSSL as a severe bug, and report it as a potential security problem. This would leave users patching future problems in openSSL with a false sense of security and at the mercy of the erlang maintainers' patching policies.

------- Comment #6 From Christian Faulhammer 2008-01-02 11:58:27 0000 -------

(In reply to comment #5)
> I wouldn't care too much. As I said, omitting --as-needed makes the configure
> test pass, and thus the openssl extension gets built.

 I consider --as-needed problems as fixworthy...but not if it eats my time. :)

> Re: using external openSSL being a workaround, I would consider bundling a base
> library like openSSL as a severe bug, and report it as a potential security
> problem. This would leave users patching future problems in openSSL with a
> false sense of security and at the mercy of the erlang maintainers' patching
> policies.

 See bug 178996 (bundled zlib).  Upstream did not understand my request to rely
on external libs at first. When I mentioned security problems with bundled
libs, they got the clue and promised me to do something about it (their zlib is
heavily patched), but in R12 the problem is still the same.  Yes, I disagree
with this development policy, but because of backwards compatability some
changes are not possible for upstream (Ericsson actually)...at least they react
fast and friendly.  Enough ranting, maybe our --as-needed god Diego has some
quick fix at hand.

(In reply to comment #5) > I wouldn't care too much. As I said, omitting --as-needed makes the configure > test pass, and thus the openssl extension gets built. Ok, I will filter --as-needed for now and report upstream.

------- Comment #13 From Santiago Gala 2008-02-12 20:35:58 0000 -------

It is still there.

Actually it is a buglet in the configure/autoconf/whatever definitions, where
if --as-needed is in the options nothing is linked, as the .o containing the
references is last in the command line.

On the other hand, their scripts are not adding extra libs to the command
lines, what means that using --as-needed or not would make no difference or
barely:

$ equery files erlang | grep \\.so | xargs ldd -u -r 2>/dev/null
/usr/lib64/erlang/lib/asn1-1.5/priv/lib/asn1_erl_drv.so:
Unused direct dependencies:

        /lib/libutil.so.1
        /lib/libdl.so.2
/usr/lib64/erlang/lib/common_test-1.3.1/priv/lib/erl_rx_driver.so:
Unused direct dependencies:

/usr/lib64/erlang/lib/crypto-1.5.1.1/priv/lib/crypto_drv.so:
Unused direct dependencies:

/usr/lib64/erlang/lib/megaco-3.7.1/priv/lib/megaco_flex_scanner_drv.so:
Unused direct dependencies:

/usr/lib64/erlang/lib/megaco-3.7.1/priv/lib/megaco_flex_scanner_drv_mt.so:
Unused direct dependencies:

/usr/lib64/erlang/lib/percept-0.6.2/priv/lib/egd_drv.so:
Unused direct dependencies:

        /lib/libutil.so.1
        /lib/libdl.so.2
/usr/lib64/erlang/lib/runtime_tools-1.7.1/priv/lib/trace_file_drv.so:
Unused direct dependencies:

        /lib/libutil.so.1
        /lib/libdl.so.2
/usr/lib64/erlang/lib/runtime_tools-1.7.1/priv/lib/trace_ip_drv.so:
Unused direct dependencies:

        /lib/libutil.so.1
        /lib/libdl.so.2

Hi, I just stepped upon this and would heavily suggest not to leave it in it's current state, as this just hides bugs. My suggestion would be a big fat die if it detects ldflags --as-needed, explaining the user what it is, how he can workaround (LDFLAGS="" emerge foo). This would be still a lot better than silently not building ssl support.

I agree that this is a good solution, specially given that the ebuild takes care to not link unneeded libraries. Don't forget to add -Wl,--as-needed in CFLAGS in the checks, as this is the form that is needed for a lot of libtool ebuilds which invoke the linker through CC.

Created an attachment (id=150861) [details] erlang-12.2.1--as-needed.patch This patch fixes the issue here. BTW, the check for --as-needed in ebuild was completely broken. is-ldflag should check for "-Wl,--as-needed" in other case... And to help desperate search attempts I'll record here problem with ~ejabberd-2.0.0 compilation I had, which was caused by this bug: checking for erl... /usr/bin/erl ./conftest.erl:6: can't find include lib "ssl/include/ssl_pkix.hrl" configure: error: could not compile sample program And that was caused by erlang not compiled with ssl.

(In reply to comment #17) > Created an attachment (id=150861) [edit] [details] > erlang-12.2.1--as-needed.patch > > This patch fixes the issue here. BTW, the check for --as-needed in ebuild was > completely broken. is-ldflag should check for "-Wl,--as-needed" in other > case... Thanks a lot. Could the rest please verify? I will add the patch then and report it upstream.

(In reply to comment #19) > Thanks a lot. Could the rest please verify? I will add the patch then and > report it upstream. I applied the patch to the 12.2.2 ebuild, rebuilt with --as-needed in my make.conf's LDFLAGS and voila: Eshell V5.6.2 (abort with ^G) 1> application:start(ssl). ok Inspecting loaded modules with ^C-l before and after shows that ssl is really being loaded. hope this helps?

(In reply to comment #22) > I think you missed the autotools inherit & eautoreconf call in the 12.2.2 > ebuild, in src_unpack after the HIPE warning. Without it OpenSSL is still > considered "not usable". Correct. One should not fix bugs late at night shortly before going to bed.

For your information: "I've incorporated this patch. Planned to be released in R12B-3. Seems like the right way to do it anyway, regardless of --as-needed or any other linker flags. /Sverker, Erlang/OTP, Ericsson"

Bug#: 203157	Product: Gentoo Linux	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: fauli@gentoo.org	Reported By: sgala@apache.org
Component: Ebuilds
URL:
Summary: dev-lang/erlang-12.2.0 does not build ssl support w/ --as-needed
Keywords:
Status Whiteboard:
Opened: 2007-12-23 18:02 0000