^ /var/tmp/portage/app-crypt/mit-krb5-1.15/work/krb5-1.15/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: At top level: /var/tmp/portage/app-crypt/mit-krb5-1.15/work/krb5-1.15/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3088:3: error: expected ‘,’ or ‘;’ before ‘static_ASN1_SEQUENCE_END_name’ } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) ^ $ cat emerge-info.txt ----------------------------------------------------------------- This is an unstable amd64 chroot image (named amd64-13.0-no-multilib-libressl-unstable_20161212-095903) at a hardened host acting as a tinderbox. ----------------------------------------------------------------- USE flags in make.conf: USE=" -openssl -gnutls libressl pax_kernel xtpax -cdinstall -oci8 -bindist ssp aes-ni cups dec_av2 drmkms ffmpeg -fortran fpm git glamor isag jadetex minizip mono -mta ois opus -plotutils png -scrypt -semantic-desktop sourceview -sqlite ssh truetype usb v4l2 wayland -wxwidgets -xa" ----------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-5.4.0 * llvm-config --version: 3.9.0 Available Python interpreters, in order of preference: [1] python3.4 [2] python2.7 (fallback) java-config: ----------------------------------------------------------------- Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0/no-multilib, gcc-5.4.0, glibc-2.23-r3, 4.8.13-hardened x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.8.13-hardened-x86_64-Intel-R-_Core-TM-_i7-3930K_CPU_@_3.20GHz-with-gentoo-2.3 KiB Mem: 65285560 total, 2213524 free KiB Swap: 67108860 total, 67104056 free Timestamp of repository gentoo: Tue, 13 Dec 2016 11:22:25 +0000 sh bash 4.4_p5-r1 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.4_p5-r1::gentoo dev-lang/perl: 5.24.1_rc4::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/cmake: 3.7.1::gentoo dev-util/pkgconfig: 0.29.1::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.22.4::gentoo sys-apps/sandbox: 2.10-r2::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r2::gentoo sys-devel/automake: 1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.25.1-r1::gentoo, 2.27::gentoo sys-devel/gcc: 5.4.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.8::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r3::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: 1 tinderbox location: /tmp/tb/data/portage masters: gentoo priority: 2 local location: /usr/local/portage masters: gentoo priority: 99 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/tmp/distfiles" EMERGE_DEFAULT_OPTS="--verbose --verbose-conflicts --color=n --nospinner --tree --quiet-build" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox parallel-fetch preserve-libs protect-owned sandbox sfperms strict test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo rsync://mirror.netcologne.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gor.bytemark.co.uk/gentoo/ rsync://ftp.snt.utwente.nl/gentoo" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl aes-ni amd64 berkdb bzip2 cli cracklib crypt cups cxx dec_av2 dri drmkms ffmpeg fpm gdbm git glamor iconv ipv6 isag jadetex libressl minizip mmx mmxext modules mono ncurses nls nptl ois openmp opus pam pax_kernel pcre png readline seccomp session sourceview sse sse2 ssh ssl ssp tcpd truetype unicode usb v4l2 wayland xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="libressl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="sr-ME" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Created attachment 456074 [details] app-crypt:mit-krb5-1.15:20161213-123726.log
Created attachment 456076 [details] emerge-history.txt
Created attachment 456078 [details] environment
Created attachment 456080 [details] etc.portage.tbz2
DH_get0_pqg() call is not implemented by libressl. I'm investigating for an alternative version. ciao luigi
(In reply to Luigi 'Comio' Mantellini from comment #5) > DH_get0_pqg() call is not implemented by libressl. > > I'm investigating for an alternative version. > > ciao > > luigi We should adapt this patch (from curl): #ifdef HAVE_OPAQUE_RSA_DSA_DH { BIGNUM *p; BIGNUM *q; BIGNUM *g; BIGNUM *priv_key; BIGNUM *pub_key; DH_get0_pqg(dh, &p, &q, &g); DH_get0_key(dh, &pub_key, &priv_key); print_pubkey_BN(dh, p, i); print_pubkey_BN(dh, q, i); print_pubkey_BN(dh, g, i); print_pubkey_BN(dh, priv_key, i); print_pubkey_BN(dh, pub_key, i); } #else print_pubkey_BN(dh, p, i); print_pubkey_BN(dh, g, i); print_pubkey_BN(dh, priv_key, i); print_pubkey_BN(dh, pub_key, i); #endif
ignore my previous comment...
Created attachment 456170 [details, diff] Proposed patch to enable libressl support. This patch should be applied on mit-krb5 sources. ciao luigi
Here my fixed(?) ebuild: https://github.com/comio/comio-overlay/tree/master/app-crypt/mit-krb5 ciao luigi
(In reply to Luigi 'Comio' Mantellini from comment #9) > Here my fixed(?) ebuild: > > https://github.com/comio/comio-overlay/tree/master/app-crypt/mit-krb5 > > ciao > > luigi The patch doesn't apply properly. I get a "No file to patch" message.
Created attachment 457318 [details, diff] Patch to fix compilation against libressl. I have tested this patch on my own system, and it works.
(In reply to Nick Wallingford from comment #11) > Created attachment 457318 [details, diff] [details, diff] > Patch to fix compilation against libressl. > > I have tested this patch on my own system, and it works. I can confirm , this patch lets app-crypt/mit-krb5-1.15 compile against dev-libs/libressl-2.5.0
*** Bug 603616 has been marked as a duplicate of this bug. ***
*** Bug 632249 has been marked as a duplicate of this bug. ***
app-crypt/mit-krb5-1.15 with Nick Wallingford's patch compiles with libressl 2.6.3
mit-krb5-1.18.2-r1 is the only version now in Gentoo tree and compiles against oldest libressl-2.9.2 and newest libressl-3.2.1 . Please set bug status to "obsolete".
