Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 494638

Summary: sys-power/suspend-1.0 USE=crypt with dev-libs/libgcrypt-1.6.0 - load.c:393:2: error: unknown type name 'gcry_ac_handle_t'
Product: Gentoo Linux Reporter: Johannes Hirte <johannes.hirte>
Component: Current packagesAssignee: Michael Weber (RETIRED) <xmw>
Severity: normal CC: alex, bircoph, da_risk, navid.zamani, nshephard, russell, uzytkownik2
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 538488    
Attachments: emerge --info

Description Johannes Hirte 2013-12-18 11:22:51 UTC
sys-power/suspend-1.0 is not compatible with dev-libs/libgcrypt-1.6.0:

86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I.    -DS2RAM -D_LARGEFILE64_SOURCE       -O3 -march=amdfam10 -ftracer -fweb -pipe -c -o s2ram.o s2ram.c
load.c: In function 'decrypt_key':
load.c:393:2: error: unknown type name 'gcry_ac_handle_t'
  gcry_ac_handle_t rsa_hd;
load.c:394:2: error: unknown type name 'gcry_ac_data_t'
  gcry_ac_data_t rsa_data_set, key_set;
load.c:395:2: error: unknown type name 'gcry_ac_key_t'
  gcry_ac_key_t rsa_priv;
load.c:405:30: error: 'GCRY_AC_RSA' undeclared (first use in this function)
  ret = gcry_ac_open(&rsa_hd, GCRY_AC_RSA, 0);
load.c:405:30: note: each undeclared identifier is reported only once for each function it appears in
load.c:474:40: error: 'GCRY_AC_FLAG_COPY' undeclared (first use in this function)
   ret = gcry_ac_data_set(rsa_data_set, GCRY_AC_FLAG_COPY,
load.c:484:6: error: 'GCRY_AC_KEY_SECRET' undeclared (first use in this function)
      GCRY_AC_KEY_SECRET, rsa_data_set);
Makefile:854: recipe for target 'load.o' failed
make[2]: *** [load.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/var/tmp/portage/sys-power/suspend-1.0/work/suspend-utils-1.0'
Makefile:991: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/var/tmp/portage/sys-power/suspend-1.0/work/suspend-utils-1.0'
Makefile:620: recipe for target 'all' failed
make: *** [all] Error 2

Disabling crypt-useflag helps as workaround. 

Reproducible: Always
Comment 1 kleph 2013-12-18 13:50:14 UTC
Created attachment 365602 [details]
emerge --info

Reproduced on ~amd64.
See emerge --info in attachement
Comment 2 Maciej Piechotka 2013-12-20 00:57:49 UTC
Created attachment 365714 [details]

Build log and my emerge --info sys-power/suspend dev-libs/libgcrypt:

Portage 2.2.7 (default/linux/amd64/13.0/desktop/gnome, gcc-4.8.2, glibc-2.17, 3.12.3-gentoo x86_64)
                         System Settings
System uname: Linux-3.12.3-gentoo-x86_64-Intel-R-_Core-TM-_i7-3820QM_CPU_@_2.70GHz-with-gentoo-2.2
KiB Mem:    16069252 total,   5331400 free
KiB Swap:   16777212 total,  16777212 free
Timestamp of tree: Thu, 19 Dec 2013 17:45:01 +0000
ld GNU ld (Linux/GNU Binutils)
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0
dev-lang/python:          2.7.6, 3.3.3
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12.4
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.12.6, 1.14
sys-devel/gcc:            4.7.3-r1, 4.8.2
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           4.0-r1
sys-kernel/linux-headers: 3.12 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo crossdev gentoo-haskell vala steam-overlay bumblebee gnome x11 gnome-next local
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-O2 -march=native -pipe -ggdb -Wa,--compress-debug-sections"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.1/conf /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=native -pipe -ggdb -Wa,--compress-debug-sections"
EMERGE_DEFAULT_OPTS="-j8 --load-average=7"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms split-elog splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--add-needed -Wl,--hash-style=both -Wl,--sort-common -Wl,--no-keep-memory"
MAKEOPTS="-j4 -l7"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/local/portage-crossdev /var/lib/layman/haskell /var/lib/layman/vala /var/lib/layman/steam /var/lib/layman/bumblebee /var/lib/layman/gnome /var/lib/layman/x11 /var/lib/layman/heather-gnome /usr/local/portage"
USE="X a52 aac acl acpi alsa amd64 avx berkdb bluetooth branding bzip2 bzr c++0x cairo caps cdda cdr cli clutter colord cracklib crypt cryptsetup cups cxx dbus dconf debugger device-mapper doc dri dts dvd dvdr eds emacs emboss encode evo exif fam ffmpeg firefox flac flash fontconfig fortran fprint fuse g3dvl gbm gdbm gdm gif git gmp gnome gnome-keyring gnome-online-accounts gnuplot gnutls google gpm grilo gsettings gstreamer gtk gtk3 gtkstyle gui hoogle hscolour iconv inotify introspection iproute2 ipsec ipv6 ipython irc ithreads jabber jemalloc jit jpeg kerberos laptop latex lcms ldap libkms libnotify libproxy libsecret llvm lvm lzma mad map mercurial mmx mng modules mp3 mp4 mpeg mudflap multilib nautilus ncurses networking networkmanager nls nptl nsplugin ogg opencl opengl openmp oss pam pango parted pch pcre pdf perl pkcs11 plotutils png policykit ppds profiler pulseaudio python python3 qemu qt4 readline realtime rss samba sdl session sna socialweb spell spice sqlite sse sse2 sse4_1 sse4_2 ssl ssse3 startup-notification steamruntime subversion svg symlink systemd tcpd telepathy theora threads tiff tracker truetype udev udisks unicode upnp upower usb v4l vaapi vala vdpau virt-network virtfs vorbis vpx webkit wxwidgets x264 xattr xcb xcomposite xinerama xml xrandr xv xvid zeitgeist zlib zsh-completion" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DRACUT_MODULES="caps crypt lvm" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc efi-64" INPUT_DEVICES="evdev synaptics mouse mutouch" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en pl en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python3_3" PYTHON_TARGETS="python3_3 pypy2_0" QEMU_SOFTMMU_TARGETS="arm x86_64 i386" QEMU_USER_TARGETS="arm x86_64 i386" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="intel nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="3.3 2.7-pypy-2.0"

                        Package Settings

sys-power/suspend-1.0 was built with the following:
USE="crypt (multilib) threads -fbsplash" ABI_X86="64"

dev-libs/libgcrypt-1.6.0 was built with the following:
Comment 3 nictki 2014-01-08 11:39:04 UTC
same here
Comment 4 Ian Abbott 2014-01-08 14:53:03 UTC
Same here.  It's due to the removal of the long deprecated gcry_ac interface in Libgcrypt 1.6.0.  There was a message posted to the suspend-devel mailing list on 2013-12-26 about it, but no replies yet:

If not using encrpypted disks, one workaround is to build without the crypt USE flag, but that doesn't help folks who want to encrypted disks.

Probably not much can be done in Gentoo unless libgcrypt 1.5 can be slotted.
Comment 5 Michael Weber (RETIRED) gentoo-dev 2014-01-16 08:02:55 UTC
+  16 Jan 2014; Michael Weber <> suspend-0.8-r1.ebuild,
+  suspend-1.0.ebuild:
+  needs old libgcrypt (bug 494638)
Comment 6 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-02-02 17:32:41 UTC
To remove the block we could just depend on the 0/20 subslot of libgcrypt (or even better the 11/11 slot/subslot)
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-27 21:31:41 UTC
(In reply to Matthew Thode ( prometheanfire ) from comment #6)
> To remove the block we could just depend on the 0/20 subslot of libgcrypt
> (or even better the 11/11 slot/subslot)

Please note that this issue is now blocking security bug 541564
Comment 8 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-28 14:36:43 UTC
(In reply to Kristian Fiskerstrand from comment #7)
> (In reply to Matthew Thode ( prometheanfire ) from comment #6)
> > To remove the block we could just depend on the 0/20 subslot of libgcrypt
> > (or even better the 11/11 slot/subslot)
> Please note that this issue is now blocking security bug 541564

The use of the gcry_ac interface have produced compile time warnings since libgcrypt 1.5.0 was released in 2011, so upstream have had 4 years to fix this at least. As far as I can see there are no (R)DEPEND on this package. I suggest Lastrite unless it is otherwise fixed in a timely manner.
Comment 9 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-03-02 16:22:11 UTC
Ya, I say we get rid of it.  I think acpid is prefered nowadays anyway.
Comment 10 Navid Zamani 2015-03-02 19:18:04 UTC
(In reply to Matthew Thode ( prometheanfire ) from comment #9)
> Ya, I say we get rid of it.  I think acpid is prefered nowadays anyway.

Uuum, and how does one enter suspend mode from the command-line then?
pm-suspend? I though sys-power/suspend was needed for suspend to RAM…
Comment 11 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-03-17 22:32:33 UTC
Any update on this? Please note that libgcrypt < 1.6.0 does not utilize RFC6979 for deterministic DSA either, opening up key leakage possibilities for DSA keys with an improper source of randomness. This impact GnuPG 2.0 in addition to bug bug 541564
Comment 12 Andrew Savchenko gentoo-dev 2015-03-17 22:49:53 UTC
(In reply to Matthew Thode ( prometheanfire ) from comment #9)
> Ya, I say we get rid of it.  I think acpid is prefered nowadays anyway.

Since when acpid supports s2ram and s2disk actions?
This is completely orthogonal package.
Comment 13 Andrew Savchenko gentoo-dev 2015-03-17 22:54:49 UTC
(In reply to Navid Zamani from comment #10)
> Uuum, and how does one enter suspend mode from the command-line then?
> pm-suspend? I though sys-power/suspend was needed for suspend to RAM…

pm-suspend is not a replacement: it doesn't support image encryption at all.
Comment 14 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-04-14 16:27:25 UTC
In the event the API use of libgcrypt is not updated; can we remove this optionality from suspend to remove the blocker?
Comment 15 Andrew Savchenko gentoo-dev 2015-04-14 22:12:41 UTC
Just must this USE flag, but not remove.
Comment 16 Andrew Savchenko gentoo-dev 2015-04-14 22:13:08 UTC
(In reply to Andrew Savchenko from comment #15)
> Just must this USE flag, but not remove.

*Just mask this...
Comment 17 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-04-30 17:35:20 UTC
(In reply to Andrew Savchenko from comment #15)
> Just [mask] this USE flag, but not remove.

That works for me
Comment 18 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-06-12 21:48:11 UTC
ping... any update?
Comment 19 Andrew Savchenko gentoo-dev 2015-06-13 10:41:42 UTC
Yes, it is almost completed. One may monitor progress here:

Update was not easy as it seemed originally: all pubkey crypto was completely reworked in 1.6. While I commend changes made, it made me a lot of pain during porting. Right now I'm porting while keeping as close to original code as possible: the first goal is to just port it.

Afterwards I plan to extend functionality: arbitrary algorithms may be used for both asymmetric and symmetric encryption — it is easy to implement thanks to S-expression syntax in 1.6. However, these changes will require an incompatible format change of crypto headers, so I postpone them for future work. Also I'm not happy with some currently used approaches and want to strengthen crypto, e.g. using md5 for password-based key generation is no fun at all.

Likewise I plan to prepare and send patches upstream, if they will be interested in further development, I'll contribute there. Otherwise I'll have to fork (technically speaking my git tree is a fork already based on the latest suspend git).

I will notify you when patch is ready and tested.

Also, do you mind if I'll add myself to the list of suspend maintainers, since I'm working on the code anyway.
Comment 20 Andrew Savchenko gentoo-dev 2015-06-25 21:21:26 UTC

I updated the code and ebuild.

So I took the upstream git HEAD, applied all Gentoo patches, except for suspend-1.0-bzip2.patch, because the patch is wrong as shown in bug 416955 and bug 442826 (splashutils should be fixed instead). Some other changes are also made (perl fixes, libgcrypt autotools fixes and so on). Bug 548326 is fixed as well.

Crypto is ported to libgcrypt-1.6.3, this is the minimal version requirement (older 1.6 versions have numerous security, performance and compatibility issues). Suspend is kept compatible with RSA keys generated by earlier versions, so update should be effortless for users.

I prepared a snapshot ebuild (see attachment below). It depends on two sources: the snapshot of the upstream HEAD and the patch which is diff between my current HEAD and upstream HEAD. This way changes made are kept separately from the upstream code.

Ebuild contains the following changes aside from the suspend source update:
- bump to EAPI-5;
- USE="+lzo" is added to control optional memory compression;
- dependecies are updated and cleaned;
- useless license files are removed from the image.

Proposed code was tested on my systems and works fine for me.

Both live and snapshot ebuild are available at my dev overlay:

I have plans for future development as mentioned in my previous comment, so I plan to prepare patches for upstream and contact them for discussion in few days.
Comment 21 Andrew Savchenko gentoo-dev 2015-06-25 21:22:18 UTC
Created attachment 405754 [details, diff]
Comment 22 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-06-28 19:35:12 UTC
(In reply to Andrew Savchenko from comment #21)
> Created attachment 405754 [details, diff] [details, diff]
> suspend-1.0_p20150622.ebuild.patch

Thank you for this effort, much appreciated. Could you please have a look at this xmw, so that we can get this blocker for libgcrypt stabilization out of the way?
Comment 23 Andrew Savchenko gentoo-dev 2015-08-06 21:15:45 UTC
Any news here? Should we apply patch? Enough time had passed for a review.
Comment 24 Michael Weber (RETIRED) gentoo-dev 2015-08-06 21:55:13 UTC
+*suspend-1.0_p20150622 (06 Aug 2015)
+  06 Aug 2015; Michael Weber <> +suspend-1.0_p20150622.ebuild:
+  Version bump by bircoph and k_f (bug 494638).

Feel free to take over this package or just add yourself to maintainers.
Comment 25 Andrew Savchenko gentoo-dev 2015-08-07 09:50:36 UTC
(In reply to Michael Weber from comment #24)
> Feel free to take over this package or just add yourself to maintainers.

Ok, thanks. I added myself to maintainers.