Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797673 - dev-lang/ruby fails to build against dev-libs/openssl-3: ossl_pkey_rsa.c:877:58: error: ‘RSA_SSLV23_PADDING’ undeclared (first use in this function)
Summary: dev-lang/ruby fails to build against dev-libs/openssl-3: ossl_pkey_rsa.c:877:...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Ruby Team
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks: openssl-3.0
  Show dependency tree
 
Reported: 2021-06-23 00:28 UTC by Thomas Deutschmann
Modified: 2021-09-19 06:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build.log (build.log,438.00 KB, text/plain)
2021-06-23 00:28 UTC, Thomas Deutschmann
Details
ruby-3.0.2-openssl-3.0-p1.patch (ruby-3.0.2-openssl-3.0-p1.patch,9.39 KB, patch)
2021-09-17 07:12 UTC, Mark Wright
Details | Diff
ruby-3.0.2-openssl-3.0-p2.patch (ruby-3.0.2-openssl-3.0-p2.patch,26.51 KB, patch)
2021-09-17 07:13 UTC, Mark Wright
Details | Diff
ruby-3.0.2-openssl-3.0-p3.patch (ruby-3.0.2-openssl-3.0-p3.patch,457 bytes, patch)
2021-09-17 07:17 UTC, Mark Wright
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2021-06-23 00:28:30 UTC
Created attachment 717756 [details]
build.log

> In file included from ../.././include/ruby.h:33,
>                  from ossl.h:16,
>                  from ossl_pkey_rsa.c:10:
> ossl_pkey_rsa.c: In function ‘Init_ossl_rsa’:
> ossl_pkey_rsa.c:877:58: error: ‘RSA_SSLV23_PADDING’ undeclared (first use in this function); did you mean ‘RSA_PKCS1_PADDING’?
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                          ^~~~
> ../.././include/ruby/ruby.h:261:33: note: in definition of macro ‘RB_INT2FIX’
>   261 | #define RB_INT2FIX(i) (((VALUE)(i))<<1 | RUBY_FIXNUM_FLAG)
>       |                                 ^
> ../.././include/ruby/ruby.h:1594:20: note: in expansion of macro ‘RB_INT2NUM’
>  1594 | #define INT2NUM(x) RB_INT2NUM(x)
>       |                    ^~~~~~~~~~
> ossl_pkey_rsa.c:877:50: note: in expansion of macro ‘INT2NUM’
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                  ^~~~~~~
> ossl_pkey_rsa.c:942:5: note: in expansion of macro ‘DefRSAConst’
>   942 |     DefRSAConst(SSLV23_PADDING);
>       |     ^~~~~~~~~~~
> ossl_pkey_rsa.c:877:58: note: each undeclared identifier is reported only once for each function it appears in
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                          ^~~~
> ../.././include/ruby/ruby.h:261:33: note: in definition of macro ‘RB_INT2FIX’
>   261 | #define RB_INT2FIX(i) (((VALUE)(i))<<1 | RUBY_FIXNUM_FLAG)
>       |                                 ^
> ../.././include/ruby/ruby.h:1594:20: note: in expansion of macro ‘RB_INT2NUM’
>  1594 | #define INT2NUM(x) RB_INT2NUM(x)
>       |                    ^~~~~~~~~~
> ossl_pkey_rsa.c:877:50: note: in expansion of macro ‘INT2NUM’
>   877 | #define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
>       |                                                  ^~~~~~~
> ossl_pkey_rsa.c:942:5: note: in expansion of macro ‘DefRSAConst’
>   942 |     DefRSAConst(SSLV23_PADDING);
>       |     ^~~~~~~~~~~
> make[2]: *** [Makefile:313: ossl_pkey_rsa.o] Error 1
> make[2]: Leaving directory '/var/tmp/portage/dev-lang/ruby-2.6.6-r2/work/ruby-2.6.6/ext/openssl'
> make[1]: *** [exts.mk:252: ext/openssl/all] Error 2
> make[1]: Leaving directory '/var/tmp/portage/dev-lang/ruby-2.6.6-r2/work/ruby-2.6.6'
> make: *** [uncommon.mk:286: build-ext] Error 2
>  * ERROR: dev-lang/ruby-2.6.6-r2::gentoo failed (compile phase):
>  *   emake failed

Same failure for =dev-lang/ruby-2.7.3-r2 and =dev-lang/ruby-3.0.1-r1.
Comment 1 Thomas Bettler 2021-08-03 09:19:15 UTC
https://github.com/ruby/openssl/commit/2dfc1779d3
patch with this commit makes it work for me with ruby-2.6.8
Comment 2 Mark Wright gentoo-dev 2021-09-17 07:12:29 UTC
Created attachment 739626 [details, diff]
ruby-3.0.2-openssl-3.0-p1.patch

Backported from upstream commit:

commit 2dfc1779d3ffd1a62f8053362c3b98321c3dc083
Author: Kazuki Yamaguchi <k@rhe.jp>
Date:   Mon May 18 20:24:08 2020 +0900

    pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP API
    
    Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
    family. The definitions are now in lib/openssl/pkey.rb.
    
    Also, recommend using those generic methods in the documentation.
Comment 3 Mark Wright gentoo-dev 2021-09-17 07:13:50 UTC
Created attachment 739629 [details, diff]
ruby-3.0.2-openssl-3.0-p2.patch

Patch backported from upstream commit:

commit c055938f4ba6da868f2e61c8935c197bae7c295f
Author: Kazuki Yamaguchi <k@rhe.jp>
Date:   Tue Aug 4 23:14:44 2020 +0900

    require OpenSSL >= 1.0.2 and LibreSSL >= 3.1
    
    Clean up old version guards in preparation for the upcoming OpenSSL 3.0
    support.
    
    OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
    to keep 1.0.1 support because many major Linux distributions were still
    shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
    are reaching their EOL and it should be safe to assume nobody uses them
    anymore. Major ones that were using 1.0.1:
    
     - Ubuntu 14.04 is EOL since 2019-04-30
     - RHEL 6 will reach EOL on 2020-11-30
    
    LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
    team as of October 2020.
    
    Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
    did on 2018-08-31.
Comment 4 Mark Wright gentoo-dev 2021-09-17 07:17:20 UTC
Created attachment 739632 [details, diff]
ruby-3.0.2-openssl-3.0-p3.patch

Patch by me. With the 3 patches dev-lang/ruby-3.0.2 compiles with dev-libs/openssl-3.0.0. Other openssl versions were not tested.
Comment 5 Hans de Graaff gentoo-dev 2021-09-19 06:36:01 UTC
To set expectations here I really don't want to backport individual patches so that this compiles, because that may miss changes that are important for e.g. the secure use of openssl.

Quoting from the upstream pull request: "Currently, as of 2021-05-25, it compiles with OpenSSL's master branch (3.0.0-alpha17), but many things are known to be broken and test suite does not pass."

An approach we can consider at some point is to introduce dev-ruby/openssl as a package and let it overrule the vendored version in dev-lang/ruby, especially if backporting to earlier ruby versions is taking too long. That would at least allow us to provide a complete snapshot of all the current work.