gnutls fails on 10.3 with poudriere with =======================<phase: package >============================ ===> Building package for gnutls-3.4.16 pkg-static: Unable to access file /wrkdirs/usr/ports/security/gnutls/work/stage/usr/local/bin/tpmtool: No such file or directory *** Error code 1 Stop. make: stopped in /usr/ports/security/gnutls ====>> Cleaning up wrkdir ===> Cleaning for gnutls-3.4.16 build of security/gnutls ended at Sat Nov 19 08:37:16 CET 2016 build time: 00:05:12 !!! build failure encountered !!!
Created attachment 177173 [details] poudrere-gnutls-3.4.16.log.bz2
The error does not appear with the port.
On my system poudriere has an own portstree, I updated it two hours ago. Now I updated the system portstree (with the update of security/trousers). Now I have the same error in the port.
Please attach config.log from the gnutls work directory.
Created attachment 177183 [details] gnutls-config.log.bz2
configure:47914: checking for tss library configure:47931: /usr/local/libexec/ccache/world/cc -o conftest -O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -DLIBICONV_PLUG -isystem /usr/local/include -I/usr/local/include -fstack-protector conftest.c -L/usr/local/lib -ltspi >&5 /usr/local/lib/libtspi.so: undefined reference to `RSA_set0_key' cc: error: linker command failed with exit code 1 (use -v to see invocation) RSA_set0_key is provided by libcrypto.so.10 which is provided by security/openssl-devel. If you install security/openssl-devel you must also add DEFAULT_VERSIONS+=ssl=openssl-devel to /etc/make.conf. Make sure that is the case.
I use libressl.
locate libcrypto.so.10 /compat/linux/usr/lib/.libcrypto.so.10.hmac /compat/linux/usr/lib/libcrypto.so.10 /compat/linux/usr/lib64/.libcrypto.so.10.hmac /compat/linux/usr/lib64/libcrypto.so.10
(In reply to w.schwarzenfeld from comment #7) Then you must put DEFAULT_VERSIONS=ssl=libressl in /etc/make.conf. What is the output of 'objdump -p /usr/local/lib/libtspi.so | grep NEEDED'?
I see that you have ssl=libressl already so it must be something in trousers that doesn't like libressl. Maybe it depends on OPENSSL_VERSION_NUMBER which is something different in libressl. Over to trousers maintainer.
objdump -p /usr/local/lib/libtspi.so | grep NEEDED NEEDED libthr.so.3 NEEDED libcrypto.so.38 NEEDED libc.so.7 ---- DEFAULT_VERSIONS+=ssl=libressl is in /erc/make.conf
Me too... I am also using libressl with DEFAULT_VERSIONS+=ssl=libressl
Created attachment 177221 [details] Patch to support LibreSSL I've attached a patch to security/trousers that should fix the LibreSSL problem. With the patch, security/gnutls now builds successfully for me. Please test.
Thanks, this is working.
I have also raised this as a bug upstream: https://sourceforge.net/p/trousers/bugs/197/
A commit references this bug: Author: woodsb02 Date: Wed Nov 23 13:16:54 UTC 2016 New revision: 426920 URL: https://svnweb.freebsd.org/changeset/ports/426920 Log: security/trousers: Fix compilation with LibreSSL This was causing the build of security/gnutls to fail when the TPM option was enabled and make.conf contained DEFAULT_VERSIONS+=ssl=libressl. The gnutls configure script failed to successfully link against the libtspi.so library, and therefore determined the tss library was not suitable and disabled TPM. /usr/local/lib/libtspi.so: undefined reference to `RSA_set0_key' This caused the gnutls build to fail during staging due to an incorrect PLIST (missing bin/tpmtool). As of version 0.3.14, TrouSerS utilises the new OpenSSL function RSA_set0_key, which was only introduced in OpenSSL 1.1.0 and is not in LibreSSL (yet). The TrouSerS code utilises the OPENSSL_VERSION_NUMBER preprocessor macro to determine the version of OpenSSL which is it compiling against, and defines the RSA_set0_key function if the version of OpenSSL is older than 1.1.0. This causes an issue with LibreSSL, because it sets the OPENSSL_VERSION_NUMBER preprocessor macro to impersonate OpenSSL 2.0.0. The new patch-src_trspi_crypto_openssl_rsa.c causes TrouSerS to define the RSA_set0_key function on LibreSSL also. PR: 214660 Submitted by: David Z <daz@hyperchronos.org> Reported by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> Approved by: adamw (mentor, implicit) Approved by: portmgr (just-fix-it blanket) Changes: head/security/trousers/Makefile head/security/trousers/files/patch-src_trspi_crypto_openssl_rsa.c
Committed. Thanks for the patch daz, and to everyone else for reporting / debugging the issue.
*** Bug 214782 has been marked as a duplicate of this bug. ***