Summary: | =app-arch/libarchive-3.3.1: undefined reference to `HMAC_CTX_new' (libressl) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | hexum <hexumg> |
Component: | Current packages | Assignee: | Gentoo/BSD Team <bsd+disabled> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | normal | CC: | cased123, cedk, kfm, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 561854 | ||
Attachments: |
build.log.gz
emerge --info build.log.gz libarchive-3.3.1-r1.ebuild 130-libarchive-fix-libressl-compat.patch |
Description
hexum
2017-04-01 22:37:57 UTC
Created attachment 468908 [details]
build.log.gz
Created attachment 468910 [details]
emerge --info
Created attachment 468912 [details]
build.log.gz
Looks like we should report it to upstream and provide some patch like this one https://github.com/libssh2/libssh2/pull/81/files Found appropriate patch http://lists.infradead.org/pipermail/lede-commits/2016-December/001623.html After patch applying I get a similar error. But it provides an idea. Most useful link. https://git.lede-project.org/?p=source.git;a=commitdiff;h=8160beb014baf55cd917cec50c416b69519c6a4d This is just exactly we need. https://git.lede-project.org/?p=source.git;a=blob_plain;f=tools/cmake/patches/130-libarchive-fix-libressl-compat.patch;h=a56ac2ed0c96dd90707e582e83320fd408f90dab;hb=8160beb014baf55cd917cec50c416b69519c6a4d Created attachment 468916 [details]
libarchive-3.3.1-r1.ebuild
Created attachment 468918 [details, diff]
130-libarchive-fix-libressl-compat.patch
Managed to build with 130-libarchive-fix-libressl-compat.patch (In reply to hexum from comment #12) Here I had to shrink the path prefix "Utilities/cmlibarchive" b/c epatch() doesn't try -p3 (any longer) - otherwise it works at a stable hardened libressl'ed server Can confirm that the attached ebuild and patch work as advertised (64-bit multilib). https://www.linux-ipv6.be/130-libarchive-fix-libressl-compat.patch works for me(libressl build > http://packages.vpslab.org/amd64.glibc/intel.nehalem/conf/) Where is the upstream submission for this patch? (In reply to Michał Górny from comment #17) > Where is the upstream submission for this patch? https://github.com/libarchive/libarchive/pull/902 It's missing the alteration to archive_openssl_evp_private.h, however. ...which only proves that the patch would be merged promptly if anyone bothered submitting it rather than patching it locally throughout half a dozen random distributions and sending the patches everywhere except where they should go. I've got this patch on the internet. And do not sure it doesn't bring up new problems. I'm not the author of it. So, I've brought it here for staging and review. And from my point of view, this patch is a workaround, not the right solution. The right solution is to make libressl a drop-in replacement for libressl. And even more better solution - to invent universal extendable crypto lib API, describe it in RFC and force applications to use dlopen instead compile time linking. It's the way PKCS11 libs work. You can change PKCS11 lib is being used be ssh by changing it's config. Please test with 3.3.2 and reopen if there are any problems left. |