Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797673 - <dev-lang/ruby-3.1 fails to build against dev-libs/openssl-3: ossl_pkey_rsa.c:877:58: error: ‘RSA_SSLV23_PADDING’ undeclared (first use in this function)
Summary: <dev-lang/ruby-3.1 fails to build against dev-libs/openssl-3: ossl_pkey_rsa.c...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 2 votes (vote)
Assignee: Gentoo Ruby Team
URL:
Whiteboard:
Keywords: PATCH
: 830010 (view as bug list)
Depends on:
Blocks: openssl-3.0
  Show dependency tree
 
Reported: 2021-06-23 00:28 UTC by Thomas Deutschmann
Modified: 2022-05-18 01:04 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,438.00 KB, text/plain)
2021-06-23 00:28 UTC, Thomas Deutschmann
Details
ruby-3.0.2-openssl-3.0-p1.patch (ruby-3.0.2-openssl-3.0-p1.patch,9.39 KB, patch)
2021-09-17 07:12 UTC, Mark Wright
Details | Diff
ruby-3.0.2-openssl-3.0-p2.patch (ruby-3.0.2-openssl-3.0-p2.patch,26.51 KB, patch)
2021-09-17 07:13 UTC, Mark Wright
Details | Diff
ruby-3.0.2-openssl-3.0-p3.patch (ruby-3.0.2-openssl-3.0-p3.patch,457 bytes, patch)
2021-09-17 07:17 UTC, Mark Wright
Details | Diff
ruby-2.6.9 ebuild updated to install a no sslv23_padding patch (ruby-2.6.9.ebuild,7.31 KB, text/plain)
2022-01-03 18:44 UTC, Drake Donahue
Details
Delete SSLV23_Padding patch (SSLV23.patch,387 bytes, patch)
2022-01-03 19:23 UTC, Drake Donahue
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev 2021-06-23 00:28:30 UTC
Created attachment 717756 [details]
build.log

> In file included from ../.././include/ruby.h:33,
>                  from ossl.h:16,
>                  from ossl_pkey_rsa.c:10:
> ossl_pkey_rsa.c: In function ‘Init_ossl_rsa’:
> ossl_pkey_rsa.c:877:58: error: ‘RSA_SSLV23_PADDING’ undeclared (first use in this function); did you mean ‘RSA_PKCS1_PADDING’?
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                          ^~~~
> ../.././include/ruby/ruby.h:261:33: note: in definition of macro ‘RB_INT2FIX’
>   261 | #define RB_INT2FIX(i) (((VALUE)(i))<<1 | RUBY_FIXNUM_FLAG)
>       |                                 ^
> ../.././include/ruby/ruby.h:1594:20: note: in expansion of macro ‘RB_INT2NUM’
>  1594 | #define INT2NUM(x) RB_INT2NUM(x)
>       |                    ^~~~~~~~~~
> ossl_pkey_rsa.c:877:50: note: in expansion of macro ‘INT2NUM’
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                  ^~~~~~~
> ossl_pkey_rsa.c:942:5: note: in expansion of macro ‘DefRSAConst’
>   942 |     DefRSAConst(SSLV23_PADDING);
>       |     ^~~~~~~~~~~
> ossl_pkey_rsa.c:877:58: note: each undeclared identifier is reported only once for each function it appears in
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                          ^~~~
> ../.././include/ruby/ruby.h:261:33: note: in definition of macro ‘RB_INT2FIX’
>   261 | #define RB_INT2FIX(i) (((VALUE)(i))<<1 | RUBY_FIXNUM_FLAG)
>       |                                 ^
> ../.././include/ruby/ruby.h:1594:20: note: in expansion of macro ‘RB_INT2NUM’
>  1594 | #define INT2NUM(x) RB_INT2NUM(x)
>       |                    ^~~~~~~~~~
> ossl_pkey_rsa.c:877:50: note: in expansion of macro ‘INT2NUM’
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                  ^~~~~~~
> ossl_pkey_rsa.c:942:5: note: in expansion of macro ‘DefRSAConst’
>   942 |     DefRSAConst(SSLV23_PADDING);
>       |     ^~~~~~~~~~~
> make[2]: *** [Makefile:313: ossl_pkey_rsa.o] Error 1
> make[2]: Leaving directory '/var/tmp/portage/dev-lang/ruby-2.6.6-r2/work/ruby-2.6.6/ext/openssl'
> make[1]: *** [exts.mk:252: ext/openssl/all] Error 2
> make[1]: Leaving directory '/var/tmp/portage/dev-lang/ruby-2.6.6-r2/work/ruby-2.6.6'
> make: *** [uncommon.mk:286: build-ext] Error 2
>  * ERROR: dev-lang/ruby-2.6.6-r2::gentoo failed (compile phase):
>  *   emake failed

Same failure for =dev-lang/ruby-2.7.3-r2 and =dev-lang/ruby-3.0.1-r1.
Comment 1 Thomas Bettler 2021-08-03 09:19:15 UTC
https://github.com/ruby/openssl/commit/2dfc1779d3
patch with this commit makes it work for me with ruby-2.6.8
Comment 2 Mark Wright gentoo-dev 2021-09-17 07:12:29 UTC
Created attachment 739626 [details, diff]
ruby-3.0.2-openssl-3.0-p1.patch

Backported from upstream commit:

commit 2dfc1779d3ffd1a62f8053362c3b98321c3dc083
Author: Kazuki Yamaguchi <k@rhe.jp>
Date:   Mon May 18 20:24:08 2020 +0900

    pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API
    
    Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
    family. The definitions are now in lib/openssl/pkey.rb.
    
    Also, recommend using those generic methods in the documentation.
Comment 3 Mark Wright gentoo-dev 2021-09-17 07:13:50 UTC
Created attachment 739629 [details, diff]
ruby-3.0.2-openssl-3.0-p2.patch

Patch backported from upstream commit:

commit c055938f4ba6da868f2e61c8935c197bae7c295f
Author: Kazuki Yamaguchi <k@rhe.jp>
Date:   Tue Aug 4 23:14:44 2020 +0900

    require OpenSSL >= 1.0.2 and LibreSSL >= 3.1
    
    Clean up old version guards in preparation for the upcoming OpenSSL 3.0
    support.
    
    OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
    to keep 1.0.1 support because many major Linux distributions were still
    shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
    are reaching their EOL and it should be safe to assume nobody uses them
    anymore. Major ones that were using 1.0.1:
    
     - Ubuntu 14.04 is EOL since 2019-04-30
     - RHEL 6 will reach EOL on 2020-11-30
    
    LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
    team as of October 2020.
    
    Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
    did on 2018-08-31.
Comment 4 Mark Wright gentoo-dev 2021-09-17 07:17:20 UTC
Created attachment 739632 [details, diff]
ruby-3.0.2-openssl-3.0-p3.patch

Patch by me. With the 3 patches dev-lang/ruby-3.0.2 compiles with dev-libs/openssl-3.0.0. Other openssl versions were not tested.
Comment 5 Hans de Graaff gentoo-dev 2021-09-19 06:36:01 UTC
To set expectations here I really don't want to backport individual patches so that this compiles, because that may miss changes that are important for e.g. the secure use of openssl.

Quoting from the upstream pull request: "Currently, as of 2021-05-25, it compiles with OpenSSL's master branch (3.0.0-alpha17), but many things are known to be broken and test suite does not pass."

An approach we can consider at some point is to introduce dev-ruby/openssl as a package and let it overrule the vendored version in dev-lang/ruby, especially if backporting to earlier ruby versions is taking too long. That would at least allow us to provide a complete snapshot of all the current work.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-26 22:18:00 UTC
*** Bug 830010 has been marked as a duplicate of this bug. ***
Comment 7 Drake Donahue 2022-01-03 18:44:12 UTC
Created attachment 761214 [details]
ruby-2.6.9 ebuild updated to install a no sslv23_padding patch
Comment 8 Drake Donahue 2022-01-03 19:23:32 UTC
Created attachment 761215 [details, diff]
Delete SSLV23_Padding patch

If anyone else is plagued by the SSLV23_Padding problem in ruby-2.6.9 blocking emerge ruby-2.6.9 and then having to find workarounds for regular emerge's and emerge --depclean try:

--- 

replace ruby-2.6.9.ebuild with the ebuild attached, 
add the attached SSLV23.patch to the /usr/portage/dev-lang/ruby directory, then:
cd /usr/portage/dev-lang/ruby 
ebuild ruby-2.6.9.ebuild manifest
cd
emerge -1 =dev-lang/ruby-2.6.9

this ruby-2.6.9 sslv23_padding problem should vanish until a rebuild/source code reload occurs. 

If the problem was mine alone, sorry for the noise.
Comment 9 Esteve Varela Colominas 2022-01-06 18:08:06 UTC
@donahue95
Consider using /etc/portage/patches or pre_/post_ hooks in /etc/portage/env to apply patches/modifications without modifying the ebuilds in-place. If you really have to modify the ebuild, create a local overlay as described in https://wiki.gentoo.org/wiki/Handbook:AMD64/Portage/CustomTree#Defining_a_custom_ebuild_repository .
Direct changes to your tree will be overwritten whenever the repository is synced.
Comment 10 Drake Donahue 2022-01-06 19:46:18 UTC
@Esteve Varela Colominas
Totally true but the executable ruby 2.6.9 produced and the ruby26_target executables produced should persist (are persisting) which meets my desires for the   
 present --  My daily world updates and depcleans run normally.
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-18 01:04:08 UTC
(In reply to Hans de Graaff from comment #5)
> To set expectations here I really don't want to backport individual patches
> so that this compiles, because that may miss changes that are important for
> e.g. the secure use of openssl.
> 
> Quoting from the upstream pull request: "Currently, as of 2021-05-25, it
> compiles with OpenSSL's master branch (3.0.0-alpha17), but many things are
> known to be broken and test suite does not pass."
> 
> An approach we can consider at some point is to introduce dev-ruby/openssl
> as a package and let it overrule the vendored version in dev-lang/ruby,
> especially if backporting to earlier ruby versions is taking too long. That
> would at least allow us to provide a complete snapshot of all the current
> work.

Would you consider revisiting this please?