Created attachment 191741 [details] patch This patch is needed to build the port against LibreSSL 2.7. It builds fine against LibreSSL 2.7 and base OpenSSL 1.0.1.
Does this patch also work with lang/ruby24 and possibly lang/ruby23? I don't actually use those two ports myself but I ran a testport with the former and it broke the exact same way.
(In reply to Charlie Li from comment #1) I just tried ruby24 port and it builds fine with this patch (note that I just copied the patch without any modifications).
(In reply to Piotr Kubaj from comment #2) Confirm that the same patch works on lang/ruby24: https://keg.brnrd.eu/data/111amd64-default-libressldev/2018-03-25_11h09m25s/logs/ruby-2.4.3,1.log
A commit references this bug: Author: swills Date: Mon Mar 26 13:35:06 UTC 2018 New revision: 465590 URL: https://svnweb.freebsd.org/changeset/ports/465590 Log: lang/ruby25: fix build with LibreSSL 2.7 PR: 226852 Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> Changes: head/lang/ruby25/files/patch-ext_openssl_openssl__missing.h
Committed for ruby25 for now. Let's wait a bit for some run time usage before committing it for ruby24.
Want to keep this PR open for ruby24? Otherwise we can close.
(In reply to Bernard Spil from comment #6) Yes, I do want to keep it open, which is why I set it to "In Progress". I'll add the patch to ruby24 in a few weeks.
I think this patch breaks some features of the OpenSSL library, when Ruby is built with OpenSSL 1.0.1: $ ruby24 -ropenssl -e "OpenSSL::PKey::RSA.generate(1024).to_s" $ ruby25 -ropenssl -e "OpenSSL::PKey::RSA.generate(1024).to_s" /usr/local/lib/ruby/2.5/amd64-freebsd11/openssl.so: Undefined symbol "EVP_PKEY_get0_RSA" zsh: exit 1 ruby25 -ropenssl -e "p OpenSSL::PKey::RSA.generate(1024).to_s" It works again with Ruby 2.5 if I revert the patch. I'll make some tests with LibreSSL later and see if I can update the patch.
Created attachment 192051 [details] Fix openssl ext behavior with DEFAULT_VERSIONS= ssl=openssl I tested this patch with: DEFAULT_VERSIONS= ssl=openssl DEFAULT_VERSIONS= ssl=openssl-devel DEFAULT_VERSIONS= ssl=libressl The `Undefined symbol "EVP_PKEY_get0_RSA"' error with security/openssl does not happen anymore. Port still builds with libressl and openssl-devel. I noticed some warnings during build with openssl-devel, maybe it's related to initial patch: […] compiling openssl_missing.c In file included from openssl_missing.c:21: ./openssl_missing.h:78:11: warning: 'X509_STORE_get_ex_new_index' macro redefined [-Wmacro-redefined] # define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ ^ /usr/local/include/openssl/x509_vfy.h:320:9: note: previous definition is here #define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ ^ 1 warning generated. […]
Created attachment 192101 [details] Fix openssl ext behavior with ssl=openssl The previous patch I posted was incorrect, I misunderstood that LibreSSL 2.7 is security/libressl-dev, not security/libressl. I prepared a new one based on: https://patch-diff.githubusercontent.com/raw/ruby/openssl/pull/193.patch Which I learned about after seeing this on Ruby bug tracker: https://bugs.ruby-lang.org/issues/14657 Original patch author is: Kazuki Yamaguchi <k@rhe.jp>
Between openssl and libressl-devel, would it be helpful to unbreak openssl port again? Cheers, Franco
FWIW I'm also now experiencing "Undefined symbol "EVP_PKEY_get0_RSA" errors with this port because of this patch that was committed in revision 465590. Removing files/patch-ext_openssl_openssl__missing.h from the port fixes the problem for me. I am compiling against OpenSSL in base. OpenSSL 1.0.2k-freebsd 26 Jan 2017 # ruby -v ruby 2.5.1p57 (2018-03-29 revision 63029) [amd64-freebsd11] # irb irb(main):001:0> require 'openssl'; OpenSSL::PKey::RSA.new(`openssl genrsa`).private_encrypt('foo') Generating RSA private key, 2048 bit long modulus .....+++ ...............................................................+++ e is 65537 (0x10001) /usr/local/lib/ruby/2.5/amd64-freebsd11/openssl.so: Undefined symbol "EVP_PKEY_get0_RSA"
Any progress here?
Same problem with ruby24 #227851. But the patch for ruby25 also fix it.
> Created attachment 191741 [details] It's a bit tricky to apply this patch when you need to run "rbenv install -p 2.5.1". For some reason clicking "Raw unified" surrounds the patch for ext/openssl/openssl_missing.h in yet another patch for files/patch-ext_openssl_openssl__missing.h which just doesn't get applied by rbenv install.
(In reply to rihad from comment #15) I'm not sure I understand the issue: patches in this PR are for lang/ruby25 port, but `rbenv install -p 2.5.1` would use the upstream release, not the FreeBSD port, right? In that case, shouldn't the upstream patch be used? https://patch-diff.githubusercontent.com/raw/ruby/openssl/pull/193.patch The patch for `files/patch-ext_openssl_openssl__missing.h' targets ruby ports, it's relative to `lang/ruby25' directory.
I don't know, Thibault, the upstream patch fails for us (on 2.4.4), only this patch works for bot 2.4 & 2.5. I just have to remove the first column of the patch. $ colrm 1 1 | rbenv install -p -f 2.4.4 Downloading ruby-2.4.4.tar.bz2... -> https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.bz2 (at this point I paste the patch starting from "+--- ext/...") Installing ruby-2.4.4... Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- ext/openssl/openssl_missing.h.orig 2018-03-22 19:37:19 UTC |+++ ext/openssl/openssl_missing.h -------------------------- Patching file ext/openssl/openssl_missing.h using Plan A... Hunk #1 succeeded at 119 (offset 47 lines). Hunk #2 succeeded at 195 (offset 47 lines). Hunk #3 succeeded at 247 with fuzz 1 (offset 47 lines). done and build & install continues normally. Sorry if this wasn't the right place to ask but the FreeBSD patch really helped.
I've opened a new bug report to try and address the fact that behavior with ruby 2.5 + OpenSSL is still broken upstream. Perhaps this could be construed as a duplicate issue but it seems like the Assignee for this bug has dropped it. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229119 It seems like the OpenSSL in base should take precedence over LibreSSL in terms of having a functioning port, which simply requires reverting the commit in r 465590. I don't use LibreSSL and I am unclear which of the above patches fixes OpenSSL AND LibreSSL, so perhaps someone could post the working patch as a solution in the new bug.
(In reply to rihad from comment #17) OK, I was worried there could be an issue with the patch I added to this PR, but with the detail you provide, I totally expect that applying it to https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.bz2 would fail. In the context of the FreeBSD ports for Ruby (lang/ruby25), the patch adds a patch, so it's a diff of a diff :-) The "additional" first column is expected in this case. I'm not sure why you couldn't apply upstream patch to 2.4.4 as I didn't look into it yet. But my supposition would be that it's because Ruby openssl extension is developed in a separate repository and Ruby core team merges changes from time to time, but not necessarily the same way/time for Ruby 2.4 and Ruby 2.5.
(In reply to ncrogers from comment #18) I added a patch to bug 229119. This current PR was kept opened for lang/ruby24 if I'm correct, but I believe it was handled in bug 227851. So if we handle lang/ruby25 regression with OpenSSL in bug 229119, I think current PR may be closed.
Can we please have this fixed now?
A commit references this bug: Author: swills Date: Wed Aug 15 18:23:46 UTC 2018 New revision: 477249 URL: https://svnweb.freebsd.org/changeset/ports/477249 Log: lang/ruby25: Fix with ports OpenSSL and LibreSSL PR: 229119 PR: 226852 Submitted by: Thibault Jouan <tj+freebsd_ports@a13.fr> Reported by: Piotr Kubaj <pkubaj@anongoth.pl> With hat: ruby@ Changes: head/lang/ruby25/files/patch-ext-openssl-extconf.rb head/lang/ruby25/files/patch-ext_openssl_openssl__missing.h
Committed, sorry for the wait.
Super, thank you! :)