Bug 699648

Summary:	net-misc/curl-7.67.0[esni] fails to build against dev-libs/openssl-1.1.1d-r2
Product:	Gentoo Linux	Reporter:	Michał Bartoszkiewicz <mbartoszkiewicz>
Component:	Current packages	Assignee:	Anthony Basile <blueness>
Status:	RESOLVED FIXED
Severity:	normal	CC:	1i5t5.duncan, arfrever.fta, conikost, jstein, ua_gentoo_bugzilla
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Build log

Description Michał Bartoszkiewicz 2019-11-09 08:49:15 UTC

net-misc/curl-7.67.0 with esni USE-flag enabled fails to build against dev-libs/openssl-1.1.1d-r2:
[…]
checking whether ESNI support is available... checking for SSL_get_esni_status... no
configure: error: --enable-esni ignored: No ESNI support found
[…]
(full build log attached)

It appears it needs some support in openssl, which doesn't seem to be available in the version I have installed. There should probably be some dependency.

From reading the configure script, it also appears that esni is only available when building against openssl, so there probably should be some REQUIRED_USE constraints to enforce that in the ebuild.

Reproducible: Always

Steps to Reproduce:
USE=esni emerge curl



Portage 2.3.78 (python 3.7.5-final-0, default/linux/amd64/17.1/systemd, gcc-9.2.0, glibc-2.30-r2, 5.3.7 x86_64)
=================================================================
System uname: Linux-5.3.7-x86_64-Intel-R-_Core-TM-_i7-3612QE_CPU_@_2.10GHz-with-gentoo-2.6
KiB Mem:    16276900 total,  13407328 free
KiB Swap:   16777212 total,  16758524 free
Timestamp of repository gentoo: Fri, 08 Nov 2019 21:26:39 +0000
Head commit of repository gentoo: d92abaad25ef78a176dfa2390b3e872b4bac68be

Head commit of repository embe: a044002e104831123a7234c72f2f9a649bf87186

sh bash 5.0_p11
ld GNU ld (Gentoo 2.32 p2) 2.32.0
app-shells/bash:          5.0_p11::gentoo
dev-lang/perl:            5.30.0::gentoo
dev-lang/python:          2.7.16::gentoo, 3.7.5-r1::gentoo
dev-util/cmake:           3.15.5::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/sandbox:         2.18::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.11.6-r3::gentoo, 1.16.1-r2::gentoo
sys-devel/binutils:       2.32-r1::gentoo
sys-devel/gcc:            9.2.0-r2::gentoo
sys-devel/gcc-config:     2.1::gentoo
sys-devel/libtool:        2.4.6-r5::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 5.3-r1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.30-r2::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: true
    sync-git-clone-extra-opts: -b stable

embe
    location: /var/db/repos/embe
    sync-type: git
    sync-uri: https://git.bzium.org/embe/overlay.git
    masters: gentoo

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE @BINARY-REDISTRIBUTABLE vim.org fairuse"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -ggdb -fno-plt -fstack-clash-protection"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe -ggdb -fno-plt -fstack-clash-protection"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y --complete-graph y --quiet-build y"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-march=native -O2 -pipe -ggdb -fno-plt -fstack-clash-protection"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg clean-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync mount-sandbox multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -O2 -pipe -ggdb -fno-plt -fstack-clash-protection"
GENTOO_MIRRORS="https://mirror.dkm.cz/gentoo/ http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
INSTALL_MASK="/etc/rmt /var/run /etc/xinetd.d /var/lock /var/mail /etc/skel /etc/ftpusers /var/www"
LANG="C.UTF-8"
LC_ALL="C.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,now"
MAKEOPTS="-j10"
PKGDIR="/var/cache/binpkgs"
PORTAGE_BUNZIP2_COMMAND="lbunzip2"
PORTAGE_BZIP2_COMMAND="lbzip2"
PORTAGE_COMPRESS="gzip"
PORTAGE_COMPRESS_FLAGS="--best"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/tmp"
USE="aac aacplus acl adns amd64 avahi avx bzip2 caps cdb cli crypt cryptsetup cxx dbus dirac dri elfutils faac fontconfig fuse gdbm git gmp gpg guile http2 iconv icu idn iproute2 ipv6 jpeg libtirpc llvm lua lz4 lzma maildir metric mmxext mp3 multilib ncurses nls nptl offensive ogg openmp opus pam pcre pdf pkcs11 png readline resolvconf rubberband sasl schroedinger seccomp smartcard snappy speex sqlite sse3 sse4 sse4_1 sse4_2 ssl ssse3 syslog systemd theora truetype udev unicode upnp urandom usb user-session uuid vim-syntax vorbis vpx webp x264 xattr xmpp xvid zeroconf zlib zsh-completion zstd" ABI_X86="32 64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en pl" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="BPF X86 WebAssembly" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" NGINX_MODULES_HTTP="access fancyindex browser fastcgi geo proxy rewrite scgi ssi uwsgi realip" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python3_7" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, LINGUAS, PORTAGE_BINHOST, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Michał Bartoszkiewicz 2019-11-09 08:50:15 UTC

Created attachment 595518 [details]
Build log

Comment 2 Duncan 2019-11-10 09:13:06 UTC

In reply to Michał Bartoszkiewicz from comment #0)
> From reading the configure script, it also appears that esni is only
> available when building against openssl, so there probably should be some
> REQUIRED_USE constraints to enforce that in the ebuild.

Yes.  Same "No ESNI support found" error here, with CURL_SSL=gnutls.

The RELEASE-NOTES file footnotes this link for ESNI:

https://github.com/curl/curl/pull/4011

... which says under limits:

* Check for available resources, although extensible, refers only
to specific work in progress (described here) to implement ESNI for OpenSSL,
as this is the immediate motivation for the proposed change.

That "described here" link in turn is to:

https://github.com/sftcd/openssl/tree/master/esnistuff

... which is an esni-specific openssl fork that notes (with a late Oct, 2019 date) that it's not PR-ready for mainline openssl yet.

So unless the maintainer wants to play with it enough to hassle use-mask, I'd say just kill the USE=esni flag entirely and hard-disable it until support has matured substantially.

Meanwhile, for users like the reporter and I who tried it, simply disabling USE=esni again will suffice.  After all, however nice it sounds it's not like we'll be disabling something we can't do without, since we've been doing without until now. =:^)

Comment 3 Anthony Basile gentoo-dev

2019-12-01 17:34:25 UTC

(In reply to Duncan from comment #2)

> 
> So unless the maintainer wants to play with it enough to hassle use-mask,
> I'd say just kill the USE=esni flag entirely and hard-disable it until
> support has matured substantially.
> 


I'm going to hard disable it for now.