| Summary: | switching to libressl | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Alexandros C. Couloumbis <alex> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | alex, sam |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://wiki.gentoo.org/wiki/Project:LibreSSL | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
emerge --info
required package ebuild modifications |
||
Please file individual bugs for each, so we can assign to the right maintainers. Created attachment 667532 [details]
emerge --info
Created attachment 667535 [details, diff]
required package ebuild modifications
(In reply to Sam James from comment #1) > Please file individual bugs for each, so we can assign to the right > maintainers. I am afraid (IMHO), this is NOT the optimal way to approach the openssl --> libressl migration chronic problems, since, depending on various different system setups, such issues may well bump every now & then so, this BUG report, is an attempt to have a centralized BUG report on the openssl --> libressl migration process (https://wiki.gentoo.org/wiki/Project:LibreSSL) please kindly reconsider the validity of this BUG report with kind regards (In reply to Alexandros C. Couloumbis from comment #4) > (In reply to Sam James from comment #1) > > Please file individual bugs for each, so we can assign to the right > > maintainers. > > I am afraid (IMHO), this is NOT the optimal way to approach the openssl --> > libressl migration chronic problems, since, depending on various different > system setups, such issues may well bump every now & then > We still need individual bugs per package to put the patches in and figure out any issues. > so, this BUG report, is an attempt to have a centralized BUG report on the > openssl --> libressl migration process > (https://wiki.gentoo.org/wiki/Project:LibreSSL) We already have this: bug 561854. another one bites the dust
Failed to emerge dev-lang/php-7.4.13
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c: In function ‘php_openssl_load_cipher_mode’:
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c:6501:8: error: ‘EVP_CIPH_OCB_MODE’ undeclared (first use in this function); did you mean ‘EVP_CIPH_OFB_MODE’?
6501 | case EVP_CIPH_OCB_MODE:
| ^~~~~~~~~~~~~~~~~
| EVP_CIPH_OFB_MODE
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c:6501:8: note: each undeclared identifier is reported only once for each function it appears in
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c:6509:30: error: ‘EVP_CTRL_AEAD_GET_TAG’ undeclared (first use in this function); did you mean ‘EVP_CTRL_CCM_GET_TAG’?
6509 | mode->aead_get_tag_flag = EVP_CTRL_AEAD_GET_TAG;
| ^~~~~~~~~~~~~~~~~~~~~
| EVP_CTRL_CCM_GET_TAG
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c:6510:30: error: ‘EVP_CTRL_AEAD_SET_TAG’ undeclared (first use in this function); did you mean ‘EVP_CTRL_GCM_SET_TAG’?
6510 | mode->aead_set_tag_flag = EVP_CTRL_AEAD_SET_TAG;
| ^~~~~~~~~~~~~~~~~~~~~
| EVP_CTRL_GCM_SET_TAG
/extra/tmp/portage/dev-lang/php-7.4.13/work/sapis-build/embed/ext/openssl/openssl.c:6511:28: error: ‘EVP_CTRL_AEAD_SET_IVLEN’ undeclared (first use in this function); did you mean ‘EVP_CTRL_GCM_SET_IVLEN’?
6511 | mode->aead_ivlen_flag = EVP_CTRL_AEAD_SET_IVLEN;
| ^~~~~~~~~~~~~~~~~~~~~~~
| EVP_CTRL_GCM_SET_IVLEN
searching the net, looks like this is an upstream (php) issue against libressl support (is this politics?)
still the whole issue of migrating from openssl to libressl is getting quite aggravating
I will open a specific php ticket, but I insist that we do need a libressl centralized BUG space (I would like to avoid reverting my libressl migration back to openssl, but this is crazy)
|
switching to libressl still bumps to various issues, some reported here Reproducible: Always Steps to Reproduce: 1. on make.conf USE="libressl -openssl ssl" 2. on package.mask --> dev-libs/openssl 2. emerge -uDNp world Actual Results: the following packages complain either or both for missing +openssl USE flag and/or dev-libs/openssl been masked (while dev-libs/libressl is installed) dev-libs/apr-util/apr-util-1.6.1-r6 dev-libs/hiredis/hiredis-1.0.0 www-apache/mod_security/mod_security-2.9.1-r1 www-apache/mod_security/mod_security-2.9.3 the following changes fix the reported issues: diff --git a/dev-libs/apr-util/apr-util-1.6.1-r6.ebuild b/dev-libs/apr-util/apr-util-1.6.1-r6.ebuild index a30d4b805b28..882336dd90d7 100644 --- a/dev-libs/apr-util/apr-util-1.6.1-r6.ebuild +++ b/dev-libs/apr-util/apr-util-1.6.1-r6.ebuild @@ -16,7 +16,7 @@ SRC_URI="mirror://apache/apr/${P}.tar.bz2" LICENSE="Apache-2.0" SLOT="1" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="berkdb doc gdbm ldap libressl mysql nss odbc openssl postgres sqlite static-libs" +IUSE="berkdb doc gdbm ldap libressl mysql nss odbc ssl postgres sqlite static-libs" #RESTRICT="test" RDEPEND=" @@ -31,7 +31,7 @@ RDEPEND=" ) ) nss? ( dev-libs/nss ) odbc? ( dev-db/unixODBC ) - openssl? ( + ssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) @@ -78,7 +78,7 @@ src_configure() { $(use_with mysql) $(use_with nss) $(use_with odbc) - $(use_with openssl) + $(use_with ssl) $(use_with postgres pgsql) $(use_with sqlite sqlite3) ) @@ -101,7 +101,7 @@ src_configure() { myconf+=( --without-berkeley-db ) fi - if use nss || use openssl ; then + if use nss || use ssl ; then myconf+=( --with-crypto ) # 518708 fi diff --git a/dev-libs/hiredis/hiredis-1.0.0.ebuild b/dev-libs/hiredis/hiredis-1.0.0.ebuild index d11dddc289cd..ec81c43b9ec8 100644 --- a/dev-libs/hiredis/hiredis-1.0.0.ebuild +++ b/dev-libs/hiredis/hiredis-1.0.0.ebuild @@ -16,7 +16,10 @@ IUSE="examples ssl static-libs test" RESTRICT="!test? ( test )" DEPEND=" - ssl? ( dev-libs/openssl ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) test? ( dev-db/redis )" src_prepare() { diff --git a/www-apache/mod_security/mod_security-2.9.1-r1.ebuild b/www-apache/mod_security/mod_security-2.9.1-r1.ebuild index eb214cbee1c6..6c1d28b64682 100644 --- a/www-apache/mod_security/mod_security-2.9.1-r1.ebuild +++ b/www-apache/mod_security/mod_security-2.9.1-r1.ebuild @@ -18,7 +18,8 @@ KEYWORDS="amd64 x86" IUSE="doc fuzzyhash geoip jit json lua mlogc" COMMON_DEPEND="dev-libs/apr - dev-libs/apr-util[openssl] + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) dev-libs/libxml2 dev-libs/libpcre[jit?] fuzzyhash? ( app-crypt/ssdeep ) diff --git a/www-apache/mod_security/mod_security-2.9.3.ebuild b/www-apache/mod_security/mod_security-2.9.3.ebuild index c7a7974d2d08..ae896dabb492 100644 --- a/www-apache/mod_security/mod_security-2.9.3.ebuild +++ b/www-apache/mod_security/mod_security-2.9.3.ebuild @@ -18,7 +18,8 @@ KEYWORDS="amd64 x86" IUSE="doc fuzzyhash geoip jit json lua mlogc" COMMON_DEPEND="dev-libs/apr - dev-libs/apr-util[openssl] + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) dev-libs/libxml2 dev-libs/libpcre[jit?] fuzzyhash? ( app-crypt/ssdeep )