Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829944 - sys-apps/systemd-250[-gcrypt]: ld.lld: error: undefined symbol: EVP_sha1- automagic use of openssl symbols without linking libssl
Summary: sys-apps/systemd-250[-gcrypt]: ld.lld: error: undefined symbol: EVP_sha1- aut...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo systemd Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-25 01:11 UTC by Jan Psota
Modified: 2021-12-25 22:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Psota 2021-12-25 01:11:19 UTC 
While compiling systemd-resolved, parts of ./src/resolve/resolved-dns-dnssec.c 
are included depending on HAVE_OPENSSL_OR_GCRYPT. If it is set to 1, linking fails because of missing cryptographic functions - I don't need DNSSEC, so gcrypt I leave unset:
ld.lld: error: undefined symbol: EVP_sha1  
> > > > referenced by resolved-dns-dnssec.c
> > > >               resolved-dns-dnssec.c.o:
(dnssec_rrset_verify_sig) in archive src/resolve/libsystemd-resolve-core.a

It is regulated in line 1475 of meson.build:
        conf.set10('HAVE_OPENSSL_OR_GCRYPT',
                conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)

- if we have libgcrypt in system (I have - some programs needs it), systemd will compile using it even if we explicitly tell him not to do it.

Can someone propose elegant way to change that 1475 line of meson.build?
(to make setting of HAVE_OPENSSL_OR_GCRYPT related to our needs)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-25 01:13:35 UTC 
Mind including the full build.log and emerge --info too?
Comment 2 Jan Psota 2021-12-25 13:57:56 UTC 
(In reply to Sam James from comment #1)
> Mind including the full build.log and emerge --info too?

I did not want to bother you after problem was (partially, as I see now) investigated.

Problem resolved by inserting:
        -Dopenssl=false
in multilib_src_configure --> myconf=(...

because openssl is enabled by default while not needed - unless someone knows, what it is for.
Comment 3 Mike Gilbert gentoo-dev 2021-12-25 17:52:09 UTC 
This commit fixes the build failure with -Ddns-over-tls=false and -Dgrypt=false.

https://github.com/systemd/systemd/commit/9bcf483b117b23ae25bf4a5d39ddc3eade8659a6

I still need to work out how I am going to deal with the gcrypt/openssl deps.
Comment 4 Larry the Git Cow gentoo-dev 2021-12-25 18:20:21 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a73ceca960a687e8457fa24a382fa04ef4dc6f9

commit 9a73ceca960a687e8457fa24a382fa04ef4dc6f9
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2021-12-25 18:19:04 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2021-12-25 18:19:04 +0000

    sys-apps/systemd: backport build fix for USE="-dns-over-tls -gcrypt"
    
    Closes: https://bugs.gentoo.org/829944
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/files/250-fix-openssl.patch | 102 +++++++++++++++++++++++++++
 sys-apps/systemd/systemd-250.ebuild          |   1 +
 2 files changed, 103 insertions(+)
Comment 5 Jan Psota 2021-12-25 22:22:17 UTC 
You can call it "fixed", but why /lib/systemd/systemd-resolved is now linked with
libcrypto.so.1.1 while it does not need to? (with openssl=false part of source is skipped).

Maybe there should be openssl flag - just like gcrypt?
Comment 7 Jan Psota 2021-12-25 22:29:57 UTC 
(In reply to Mike Gilbert from comment #6)
How could I overlook this!? My fault.
Comment 8 Mike Gilbert gentoo-dev 2021-12-25 22:36:35 UTC 
No worries, I forgot to tag this bug in the commit message.