Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 663648 - <app-crypt/sbsigntools-0.9.1-r1 hard dependency on dev-libs/openssl
Summary: <app-crypt/sbsigntools-0.9.1-r1 hard dependency on dev-libs/openssl
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Matthias Maier
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: libressl-support
  Show dependency tree
 
Reported: 2018-08-14 23:32 UTC by Erik
Modified: 2021-04-30 21:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Fix (libressl.patch,705 bytes, patch)
2018-09-28 14:03 UTC, TSM
Details | Diff
Simpler patch that doesn't touch existing defines (file_663648.txt,361 bytes, patch)
2019-10-06 06:53 UTC, Kyle Elbert
Details | Diff
Simpler patch that doesn't touch existing defines (libressl.patch,347 bytes, patch)
2019-10-06 07:03 UTC, Kyle Elbert
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Erik 2018-08-14 23:32:40 UTC
so, I've masked version 0.9.1-r1 as it didn't compile for me either way.

with that said, sbsigntools-0.6-r2 with the RDEPENDS set to

RDEPEND="
        || ( dev-libs/openssl:0= dev-libs/libressl:0= )
        sys-apps/util-linux"

doesn't seem to complain. Is there a reason why it hard depends on openssl?

I'm not really using this thing just yet, but today's problem is convincing my @world to not hard depend on openssl & this was one of the last pieces of the puzzle.
Comment 1 Andreas Sturmlechner gentoo-dev 2018-08-15 10:15:39 UTC
(In reply to Erik from comment #0)
> so, I've masked version 0.9.1-r1 as it didn't compile for me either way.
Please submit a bug for this, or use this one.
Comment 2 TSM 2018-08-29 17:27:52 UTC
Should we add it to https://bugs.gentoo.org/561854 as a dependency?
Comment 3 TSM 2018-09-28 14:03:01 UTC
Created attachment 548112 [details, diff]
Fix

I've edited ebuild to depend on libressl instead of openssl and to use only this patch, added it to local overlay, merged the package and tried to sign kernel with it and boot it. Everything went flawlessly... except for a few warnings during the signing process, but I don't think they are relevant: https://askubuntu.com/questions/717339/should-i-be-worried-about-warning-checksum-areas-are-greater-than-image-size
Comment 4 Matthias Maier gentoo-dev 2019-06-30 15:49:52 UTC
The attached patch will break regular openssl support. Would you mind guarding the defines in a compatible manner?
Comment 5 Kyle Elbert 2019-10-06 06:52:17 UTC
Libressl 2.9.2 (current stable) and 3.0.0 (current ~amd64) already have most of the defines the fix adds. A smaller patch can do the job and still seems to run just fine. 

the only compile time warnings are a couple of unused things
 sbvarsign.c:108:23: warning: ‘default_guid’ defined but not used [-Wunused-const-variable=]
  108 | static const EFI_GUID default_guid = EFI_GLOBAL_VARIABLE;
      |                       ^~~~~~~~~~~~

sbverify.c:152:13: warning: ‘print_certificate_store_certs’ defined but not used [-Wunused-function]
  152 | static void print_certificate_store_certs(X509_STORE *certs)
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment 6 Kyle Elbert 2019-10-06 06:53:32 UTC
Created attachment 591938 [details, diff]
Simpler patch that doesn't touch existing defines
Comment 7 Kyle Elbert 2019-10-06 07:03:56 UTC
Created attachment 591944 [details, diff]
Simpler patch that doesn't touch existing defines