Created attachment 464214 [details, diff] force aconfigure to honor --enable-ssl The ebuild for net-libs/pjproject-2.5.1 with "ssl" use flag will set "--enable-ssl" when calling the configure script. Unfortunately this will prevent the configure script to check for the openssl library and therefore compile an package without ssl support! In fact the configure script will bypass all ssl configure code when set. The configure prints will not have a single line touching on ssl and the needed variables are not set... There are two obvious fixes: 1) don't set the "--enable-ssl" when calling the configure script. In that case the default settings will enable ssl correctly 2) fix the configure script to do what it should I've attached an patch for the later. With the patch the exiting ebuild is working as it should for me, ssl can be enabled and disabled correctly. In the bigger picture this bug prevents asterisk 13 to work with pjsip: But this bug is only one out of two issues preventing net-misc/asterisk- 13.13.1 to work with pjsip. The symptoms for both bugs are looking nearly identical, both are causing unresolved symbols error messages when trying to load asterisk pj modules. res_pjsip.so failes to load do to this bug, causing other modules to also have missing symbols and thus hiding the relevant line, which is: WARNING[19256] loader.c: Error loading module 'res_pjsip.so': /usr/lib64/asterisk/modules/res_pjsip.so: undefined symbol: pj_ssl_cipher_name Applying the fix restore_multihomed_module.patch from https://issues.asterisk.org/jira/browse/ASTERISK-26518 and this fix here finally allows me to load the pjmodules in asterisk. (I'll open a second bug for the upstream issue.)
I had hoped this got picked up for the 2.6.0 release but it wasn't to be.
Created attachment 496074 [details] build log hardened-patched I've tried to find out why the pjproject library is working on my non-hardened, ~amd64 with systemd system, but not on my hardened amd64 with openrc. But I don't get it... I'll upload some build logs in the hope someone else can make sense of that. It's plain obvious from these logs that only the patched version setups pjproject correctly to support ssl and links the crypto libraries. The unpatched build always omits "-lssl -lcrypto" when linking, regardless if I compile it on gentoo hardened or a "normal" gentto ~amd64. I would expect it to be broken in both cases, but for my ~amd64 it works?!? To make things even more confusing, I find "pj_ssl_cipher_name" in the broken and the working library /usr/lib64/asterisk/modules/res_pjsip.so with "nm -D /usr/lib64/asterisk/modules/res_pjsip.so | grep pj_ssl_cipher_name": U pj_ssl_cipher_name
Created attachment 496076 [details] build log hardened-unpatched
Created attachment 496078 [details] build log normal-unpatched
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=647c7328cecb9d4296f5e7b346152cacb32fc615 commit 647c7328cecb9d4296f5e7b346152cacb32fc615 Author: Tony Vroon <chainsaw@gentoo.org> AuthorDate: 2018-02-06 13:59:14 +0000 Commit: Tony Vroon <chainsaw@gentoo.org> CommitDate: 2018-02-06 13:59:26 +0000 net-libs/pjproject: Add 2.7.1 release As pointed out by Alexander Wetzel, the --enable-ssl vs --disable-ssl logic in the upstream configure script leaves to be desired. If we delete the silly wrapper and move some files, we can even use eautoreconf. Closes: https://bugs.gentoo.org/609702 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-libs/pjproject/Manifest | 1 + .../files/pjproject-2.7.1-ssl-flipflop.patch | 103 +++++++++++++++++++ net-libs/pjproject/pjproject-2.7.1.ebuild | 110 +++++++++++++++++++++ 3 files changed, 214 insertions(+)
I have sent my patch upstream, in the hope they find it useful. With full credit to you of course. Thank you.
I'm just re-opening because it doesn't look like this is actually solved. To merge now to at least proceed I manually ran ./configure as per config.log but without --enable-ssl (which most certainly does nothing other than setting ac_no_ssl=1, which disables ssl).
I can confirm I still have TLS issues even with this enabled. May 10 17:06:40 arthur wrapper[22342]: asterisk: /usr/sbin/asterisk: symbol lookup error: /usr/lib64/asterisk/modules/res_pjsip.so: undefined symbol: pjsip_tls_transport_start2 This was after merge "as is" with USE="ipv6 ssl" (all other pjproject USE flags disabled). After: # ebuild $(equery which pjproject) configure # cd /var/tmp/portage/net-libs/pjproject-2.7.1/work/pjproject-2.7.1 # ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --docdir=/usr/share/doc/pjproject-2.7.1 --htmldir=/usr/share/doc/pjproject-2.7.1/html --libdir=/usr/lib64 --enable-shared --with-external-srtp --disable-video --disable-epoll --without-external-gsm --without-external-speex --disable-speex-aec --disable-resample --disable-libsamplerate --disable-resample-dll --disable-sound --disable-oss --without-external-pa --disable-ext-sound --disable-opencore-amr --disable-silk --disable-opus --disable-libwebrtc --disable-g711-codec --disable-g722-codec --disable-g7221-codec --disable-gsm-codec --disable-ilbc-codec --disable-speex-codec --disable-l16-codec --disable-sdl --disable-ffmpeg --disable-v4l2 --disable-openh264 --disable-libyuv (original ./configure as per config.log, minus --enable-ssl) # ebuild $(equery which pjproject) merge After this, asterisk starts happily again.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=062697027374733e80e6bab2d5fa7789e61cd994 commit 062697027374733e80e6bab2d5fa7789e61cd994 Author: Tony Vroon <chainsaw@gentoo.org> AuthorDate: 2018-08-31 17:12:55 +0000 Commit: Tony Vroon <chainsaw@gentoo.org> CommitDate: 2018-08-31 17:13:25 +0000 net-libs/pjproject: Block media-plugins/mediastreamer-bcg729 This breaks the build process in a way that is not yet fully understood. Annoying, but better to flag it up than to explode without warning. Suggested-by: Jaco Kroon <jaco@uls.co.za> Acked-by: Mart Raudsepp <leio@gentoo.org> Fixes: https://bugs.gentoo.org/609702 Package-Manager: Portage-2.3.40, Repoman-2.3.9 net-libs/pjproject/pjproject-2.7.2.ebuild | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Tony - re-opening and re-assigning to myself to attempt option 1 when I get time in order to eliminate the blocker. Trust this is in order.
ssl-flip-flop for 2.7.2 works, 2.7.1 does not. Can we either use the same patch for 2.7.1 as for 2.7.2 (it should apply without change) or can we stable 2.7.2?
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90d194bc8a80a478c91f5196da9eac770a755ca2 commit 90d194bc8a80a478c91f5196da9eac770a755ca2 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2019-11-18 09:45:56 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-11-30 07:48:56 +0000 net-libs/pjproject: Bump to 2.9. Drop libressl patches (upstream). Rebase configure for --enable-ssl. Pull in asterisk config_site.h file. Remove blocked on mediastreamer-bcg729 (bcg729 and mediastreamer-bcg729 are the actual blockers and marked as such already). Use ${ED} instead of ${D} on install Correctly rm static libs if USE=-static-libs Set the PJMEDIA_HAS_VIDEO #define as per https://bugs.gentoo.org/652196 Update package.use.mask for ppc to mask g729 for pjproject since net-libs/bcg729 isn't available (yet) on ppc. Closes: https://bugs.gentoo.org/609702 Closes: https://bugs.gentoo.org/618352 Closes: https://bugs.gentoo.org/652196 Closes: https://bugs.gentoo.org/650312 Closes: https://bugs.gentoo.org/653482 Closes: https://bugs.gentoo.org/657014 Closes: https://bugs.gentoo.org/686796 Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/13712 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-libs/pjproject/Manifest | 1 + .../pjproject/files/pjproject-2.9-config_site.h | 74 +++++++++++++ .../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 +++++++++++++++++ net-libs/pjproject/metadata.xml | 3 +- net-libs/pjproject/pjproject-2.9.ebuild | 120 +++++++++++++++++++++ .../linux/powerpc/ppc32/17.0/package.use.mask | 3 + .../ppc64/17.0/32bit-userland/package.use.mask | 3 + 7 files changed, 303 insertions(+), 1 deletion(-)