Can't build libarchive. Very similar to 594998. I believe it's issue with libressl.
Created attachment 468908 [details] build.log.gz
Created attachment 468910 [details] emerge --info
Created attachment 468912 [details] build.log.gz
Looks like we should report it to upstream and provide some patch like this one https://github.com/libssh2/libssh2/pull/81/files
Found appropriate patch http://lists.infradead.org/pipermail/lede-commits/2016-December/001623.html
After patch applying I get a similar error. But it provides an idea.
One more patch http://lists.infradead.org/pipermail/lede-commits/2017-January/002038.html
Most useful link. https://git.lede-project.org/?p=source.git;a=commitdiff;h=8160beb014baf55cd917cec50c416b69519c6a4d
This is just exactly we need. https://git.lede-project.org/?p=source.git;a=blob_plain;f=tools/cmake/patches/130-libarchive-fix-libressl-compat.patch;h=a56ac2ed0c96dd90707e582e83320fd408f90dab;hb=8160beb014baf55cd917cec50c416b69519c6a4d
Created attachment 468916 [details] libarchive-3.3.1-r1.ebuild
Created attachment 468918 [details, diff] 130-libarchive-fix-libressl-compat.patch
Managed to build with 130-libarchive-fix-libressl-compat.patch
(In reply to hexum from comment #12) Here I had to shrink the path prefix "Utilities/cmlibarchive" b/c epatch() doesn't try -p3 (any longer) - otherwise it works at a stable hardened libressl'ed server
Can confirm that the attached ebuild and patch work as advertised (64-bit multilib).
https://www.linux-ipv6.be/130-libarchive-fix-libressl-compat.patch works for me(libressl build > http://packages.vpslab.org/amd64.glibc/intel.nehalem/conf/)
Fixed https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2cfff62965a2d82ceb0e34eaf1d5cb65548af3c
Where is the upstream submission for this patch?
(In reply to Michał Górny from comment #17) > Where is the upstream submission for this patch? https://github.com/libarchive/libarchive/pull/902 It's missing the alteration to archive_openssl_evp_private.h, however.
...which only proves that the patch would be merged promptly if anyone bothered submitting it rather than patching it locally throughout half a dozen random distributions and sending the patches everywhere except where they should go.
I've got this patch on the internet. And do not sure it doesn't bring up new problems. I'm not the author of it. So, I've brought it here for staging and review. And from my point of view, this patch is a workaround, not the right solution. The right solution is to make libressl a drop-in replacement for libressl. And even more better solution - to invent universal extendable crypto lib API, describe it in RFC and force applications to use dlopen instead compile time linking. It's the way PKCS11 libs work. You can change PKCS11 lib is being used be ssh by changing it's config.
Please test with 3.3.2 and reopen if there are any problems left.
