On an AMD64 system with dev-libs/openssl-1.0.2u (stable amd64), gcc-9.3.0 and glibc-2.33, the recently stabilized dev-lang/python-3.8.10_p2 fails to compile. The previous dev-lang/python-3.8.9_p2 can still be (re)built successfully. Relevant packages and flags: [ebuild R ] dev-libs/openssl-1.0.2u::gentoo USE="asm test tls-heartbeat zlib -bindist -gmp -kerberos -rfc3779 -sctp -sslv2 -sslv3* -static-libs -vanilla" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" 0 KiB [ebuild U ] dev-lang/python-3.8.10_p2:3.8::gentoo [3.8.9_p2:3.8::gentoo] USE="gdbm ipv6 ncurses readline sqlite ssl test xml -bluetooth -build -examples -hardened -tk -verify-sig -wininst" 0 KiB Error message during Python compile: x86_64-pc-linux-gnu-gcc -pthread -fPIC -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -pipe -march=atom -fomit-frame-pointer -fwrapv -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -I./Include/internal -I./Include -I. -I/usr/include/ncursesw -I/tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10/Include -I/tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10 -c /tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10/Modules/md5module.c -o build/temp.linux-x86_64-3.8/tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10/Modules/md5module.o /tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10/Modules/_ssl.c: In function '_ssl__SSLContext_impl': /tmp/portage/portage/dev-lang/python-3.8.10_p2/work/Python-3.8.10/Modules/_ssl.c:3271:18: error: implicit declaration of function 'SSL_CTX_set_min_proto_version'; did you mean 'SSL_CTX_set_ssl_version'? [-Werror=implicit-function-declaration] 3271 | result = SSL_CTX_set_min_proto_version(ctx, PY_SSL_MIN_PROTOCOL); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | SSL_CTX_set_ssl_version [...] Python build finished successfully! The necessary bits to build these optional modules were not found: _tkinter To find the necessary bits, look in setup.py in detect_modules() for the module's name. The following modules found by detect_modules() in setup.py, have been built by the Makefile instead, as configured by the Setup files: _abc atexit pwd time Failed to build these modules: _ssl Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381 Reproducible: Always Steps to Reproduce: 1. try to upgrade python:3.8 from 3.8.9_p2 to 3.8.10_p2 Actual Results: fails compile Expected Results: passes compile
(I also tried with USE=sslv3 , just in case... but that didn't help)
emerge --info please but slightly horrified you're on 1.0.2u. Why?
Interoperability :( This box needs to connect to an rsync/ssh service which, last I checked, still refuses to cooperate when I am using openssl-1.1 on the client side. It's bothering me as well, but openssl-1.0.2u is technically still stable and listed as (supposedly) supported by the python:3.8 package. emerge --info below: Portage 3.0.18 (python 3.8.9-final-0, default/linux/amd64/17.0, gcc-9.3.0, glibc-2.33, 3.12.21-gentoo-r1 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.12.21-gentoo-r1-x86_64-Intel-R-_Atom-TM-_CPU_C2758_@_2.40GHz-with-glibc2.2.5 KiB Mem: 32924264 total, 26249916 free KiB Swap: 917500 total, 917500 free Timestamp of repository gentoo: Mon, 14 Jun 2021 23:30:01 +0000 Head commit of repository gentoo: 449d7802c1c41097291ff82f28518ae7afffec3e sh bash 5.1_p8 ld GNU ld (Gentoo 2.35.2 p1) 2.35.2 app-shells/bash: 5.1_p8::gentoo dev-lang/perl: 5.32.1::gentoo dev-lang/python: 2.7.18_p10::gentoo, 3.8.9_p2::gentoo dev-util/cmake: 3.18.5::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/openrc: 0.42.1-r1::gentoo sys-apps/sandbox: 2.24::gentoo sys-devel/autoconf: 2.69-r5::gentoo sys-devel/automake: 1.16.3-r1::gentoo sys-devel/binutils: 2.35.2::gentoo sys-devel/gcc: 4.7.3-r1::gentoo, 9.3.0-r2::gentoo sys-devel/gcc-config: 2.4::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers) sys-libs/glibc: 2.33::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-max-age: 24 sync-rsync-verify-jobs: 1 sync-rsync-extra-opts: local-overlay location: /usr/portage/local/local-overlay masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=atom -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/angband/gamedata/ /etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=atom -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="(redacted)" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_GB de ja" MAKEOPTS="-j8 -l10" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp/portage" USE="a52 aac acl acpi amd64 bash-completion berkdb bzip2 bzlib cjk cli crypt cscope curl dga dhcp dri elogind encode exif fam flac fortran ftp fuse gdbm gif hddtemp iconv icq idn imap ipv6 jabber jpeg jpeg2k kpathsea lapack lcms libglvnd libtirpc libwww lm_sensors loop-aes luks1_default lzo mbox mime mmx mmxext mozilla msn multilib ncurses nls nocd nptl numpy offensive openmp pam pcre pdf pic png posix postgres python rdesktop readline recode samba sasl seccomp slang sockets socks5 sox spell split-usr sse sse2 ssl ssse3 tcpd test tiff unicode vhosts vim-syntax vnc xattr xml zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="multiboot efi-64 pc" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres11" PYTHON_SINGLE_TARGET="python3_8" PYTHON_TARGETS="python3_8" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
(In reply to ahudson.news from comment #3) > Interoperability :( > > This box needs to connect to an rsync/ssh service which, last I checked, > still refuses to cooperate when I am using openssl-1.1 on the client side. > It's bothering me as well, but openssl-1.0.2u is technically still stable > and listed as (supposedly) supported by the python:3.8 package. > Honestly, I'm worried there's not too much we can do for you. OpenSSL 1.0.2* came out in 2016. It's possible there are some patches out there but this really feels like a stretch. I'm worried about the security of your system too. Let's see what python@ says but I'm not optimistic (sorry). > > emerge --info below: > > Portage 3.0.18 (python 3.8.9-final-0, default/linux/amd64/17.0, gcc-9.3.0, > glibc-2.33, 3.12.21-gentoo-r1 x86_64) > ================================================================= > System Settings > ================================================================= > System uname: > Linux-3.12.21-gentoo-r1-x86_64-Intel-R-_Atom-TM-_CPU_C2758_@_2.40GHz-with- > glibc2.2.5 > KiB Mem: 32924264 total, 26249916 free > KiB Swap: 917500 total, 917500 free > Timestamp of repository gentoo: Mon, 14 Jun 2021 23:30:01 +0000 > Head commit of repository gentoo: 449d7802c1c41097291ff82f28518ae7afffec3e > sh bash 5.1_p8 > ld GNU ld (Gentoo 2.35.2 p1) 2.35.2 > app-shells/bash: 5.1_p8::gentoo > dev-lang/perl: 5.32.1::gentoo > dev-lang/python: 2.7.18_p10::gentoo, 3.8.9_p2::gentoo > dev-util/cmake: 3.18.5::gentoo > dev-util/pkgconfig: 0.29.2::gentoo > sys-apps/baselayout: 2.7::gentoo > sys-apps/openrc: 0.42.1-r1::gentoo > sys-apps/sandbox: 2.24::gentoo > sys-devel/autoconf: 2.69-r5::gentoo > sys-devel/automake: 1.16.3-r1::gentoo > sys-devel/binutils: 2.35.2::gentoo > sys-devel/gcc: 4.7.3-r1::gentoo, 9.3.0-r2::gentoo > sys-devel/gcc-config: 2.4::gentoo > sys-devel/libtool: 2.4.6-r6::gentoo > sys-devel/make: 4.3::gentoo > sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers) > sys-libs/glibc: 2.33::gentoo > Repositories: > > gentoo > location: /usr/portage > sync-type: rsync > sync-uri: rsync://rsync.gentoo.org/gentoo-portage > priority: -1000 > sync-rsync-verify-metamanifest: yes > sync-rsync-verify-max-age: 24 > sync-rsync-verify-jobs: 1 > sync-rsync-extra-opts: > > local-overlay > location: /usr/portage/local/local-overlay > masters: gentoo > priority: 0 > > ACCEPT_KEYWORDS="amd64" > ACCEPT_LICENSE="@FREE" > CBUILD="x86_64-pc-linux-gnu" > CFLAGS="-O2 -pipe -march=atom -fomit-frame-pointer" > CHOST="x86_64-pc-linux-gnu" > CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind" > CONFIG_PROTECT_MASK="/etc/angband/gamedata/ /etc/ca-certificates.conf > /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release > /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" > CXXFLAGS="-O2 -pipe -march=atom -fomit-frame-pointer" > DISTDIR="/usr/portage/distfiles" > ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB > PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY > XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" > FCFLAGS="-O2 -pipe" > FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs > config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox > merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox > preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict > test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv > usersandbox usersync xattr" > FFLAGS="-O2 -pipe" > GENTOO_MIRRORS="(redacted)" > LANG="en_US.UTF-8" > LDFLAGS="-Wl,-O1 -Wl,--as-needed" > LINGUAS="en en_GB de ja" > MAKEOPTS="-j8 -l10" > PKGDIR="/usr/portage/packages" > PORTAGE_CONFIGROOT="/" > PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times > --omit-dir-times --compress --force --whole-file --delete --stats > --human-readable --timeout=180 --exclude=/distfiles --exclude=/local > --exclude=/packages --exclude=/.git" > PORTAGE_TMPDIR="/tmp/portage" > USE="a52 aac acl acpi amd64 bash-completion berkdb bzip2 bzlib cjk cli crypt > cscope curl dga dhcp dri elogind encode exif fam flac fortran ftp fuse gdbm > gif hddtemp iconv icq idn imap ipv6 jabber jpeg jpeg2k kpathsea lapack lcms > libglvnd libtirpc libwww lm_sensors loop-aes luks1_default lzo mbox mime mmx > mmxext mozilla msn multilib ncurses nls nocd nptl numpy offensive openmp pam > pcre pdf pic png posix postgres python rdesktop readline recode samba sasl > seccomp slang sockets socks5 sox spell split-usr sse sse2 ssl ssse3 tcpd > test tiff unicode vhosts vim-syntax vnc xattr xml zlib" ABI_X86="64" > ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x > ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel > intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" > APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd > authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile > authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd > deflate dir disk_cache env expires ext_filter file_cache filter headers > ident imagemap include info log_config logio mem_cache mime mime_magic > negotiation rewrite setenvif so speling status unique_id userdir usertrack > vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df > interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse > sse2" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm > earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 > nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf > skytraq superstar2 timing tsip tripmate tnt ublox ubx" > GRUB_PLATFORMS="multiboot efi-64 pc" INPUT_DEVICES="libinput" KERNEL="linux" > L10N="en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 > mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console > presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" > OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" > POSTGRES_TARGETS="postgres11" PYTHON_SINGLE_TARGET="python3_8" > PYTHON_TARGETS="python3_8" RUBY_TARGETS="ruby26" USERLAND="GNU" > VIDEO_CARDS="dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 > ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto > steal rawnat logmark ipmark dhcpmac delude chaos account" > Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, > LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, > PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
(In reply to ahudson.news from comment #3) > Interoperability :( > > This box needs to connect to an rsync/ssh service which, last I checked, > still refuses to cooperate when I am using openssl-1.1 on the client side. > It's bothering me as well, but openssl-1.0.2u is technically still stable > and listed as (supposedly) supported by the python:3.8 package. > Honestly, I'm worried there's not too much we can do for you. OpenSSL 1.0.2* came out in 2016. It's possible there are some patches out there but this really feels like a stretch. I'm worried about the security of your system too. Let's see what python@ says but I'm not optimistic (sorry).
I agree it's a stretch, and if it doesn't have a reasonable solution and upstream also can not be expected to fix it, then the result might just be that we have to flag 1.0.2 as no longer supported in the ebuild. I was just surprised that it suddenly broke during a minor update.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=045920ca3310f9ac84e407eb826ee425dadd1968 commit 045920ca3310f9ac84e407eb826ee425dadd1968 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-07-11 00:57:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-07-11 00:57:37 +0000 dev-lang/python: depend on newer OpenSSL (>= 1.1.1) Upstream dropped compatibility and we don't have the capacity to maintain backports to an unsupported version of OpenSSL. The last version to work is ~3.8.6. No revision bump required given this is a build-time failure and we already depend on OpenSSL with a subslot operator (which handles upgrades/downgrades correctly). Bug: https://bugs.python.org/issue43669 Closes: https://bugs.gentoo.org/796374 Signed-off-by: Sam James <sam@gentoo.org> dev-lang/python/python-3.10.0_beta2.ebuild | 2 +- dev-lang/python/python-3.10.0_beta3.ebuild | 2 +- dev-lang/python/python-3.10.0_beta4.ebuild | 2 +- dev-lang/python/python-3.7.10_p6.ebuild | 2 +- dev-lang/python/python-3.7.11.ebuild | 2 +- dev-lang/python/python-3.8.10_p2.ebuild | 2 +- dev-lang/python/python-3.8.11.ebuild | 2 +- dev-lang/python/python-3.9.5_p2.ebuild | 2 +- dev-lang/python/python-3.9.6.ebuild | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-)
