Comment 1 Charlie Li 2022-10-11 21:22:52 UTC

For openssl-sys, please use what I have in the upstream crate, which has full LibreSSL compatibility. Bumping build/main.rs does not guarantee working functionality.

For libssh2, it is better to apply the (upstream) patch against that port, then have this link against that port.

As far I remember it is patch (part) from libssh2 upstream.

I have no idea what you have in upstream crate and where it is, I just make it buildable again in same way as it was done many times.

Confirmed 

  --- stderr
  thread 'main' panicked at '

  This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL 2.5
  through 3.4.1, but a different version of OpenSSL was found. The build is now aborting
  due to this version mismatch.

  ', /usr/obj/usr/ports/lang/rust/work/rustc-1.64.0-src/vendor/openssl-sys/build/main.rs:295:5
  stack backtrace:
     0: std::panicking::begin_panic
     1: build_script_main::version_error
     2: build_script_main::validate_headers
     3: build_script_main::main
     4: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
warning: build failed, waiting for other jobs to finish...
warning: `syn` (lib) generated 1867 warnings (1788 duplicates)
command did not execute successfully: "/usr/obj/usr/ports/lang/rust/work/bootstrap/bin/cargo" "build" "--target" "x86_64-unknown-freebsd" "-Zcheck-cfg=names,values,output,features
expected success, got: exit status: 101
Traceback (most recent call last):
  File "/usr/obj/usr/ports/lang/rust/work/rustc-1.64.0-src/x.py", line 48, in <module>
    bootstrap.main()
  File "/usr/obj/usr/ports/lang/rust/work/rustc-1.64.0-src/src/bootstrap/bootstrap.py", line 928,   in main
    bootstrap(help_triggered)
  File "/usr/obj/usr/ports/lang/rust/work/rustc-1.64.0-src/src/bootstrap/bootstrap.py", line 914, in bootstrap
    run(args, env=env, verbose=build.verbose, is_bootstrap=True)
  File "/usr/obj/usr/ports/lang/rust/work/rustc-1.64.0-src/src/bootstrap/bootstrap.py", line 166, in run
    raise RuntimeError(err)
RuntimeError: failed to run: /usr/obj/usr/ports/lang/rust/work/_build/bootstrap/debug/bootstrap dist --jobs=2
*** Error code 1

(In reply to Ivan Rozhuk from comment #2)

devel/cargo-c also need patching with LibreSSL

Comment 5 Felix Palmen 2022-11-05 06:55:03 UTC

Created attachment 237869 [details]
0001-lang-rust-Fix-build-with-LibreSSL-3.5

Here's a patch backporting the commit mentioned in bug 267542 instead. It's very likely incomplete, so will probably expose *some* wrong runtime behavior. At least it works for me temporarily (until we have new upstream versions).

Comment 6 Tobias Kortkamp 2022-11-08 10:27:46 UTC

Comment on attachment 237869 [details]
0001-lang-rust-Fix-build-with-LibreSSL-3.5

(In reply to Felix Palmen from comment #5)
If you're sure it doesn't break ssl=base builds then just apply the LibreSSL
patches now and in the future with:

Approved by:	rust (tobik, implicit)

Comment 7 Felix Palmen 2022-11-08 10:57:45 UTC

(In reply to Tobias Kortkamp from comment #6)

Thanks! It doesn't change anything regarding OpenSSL, but of course I'd verify that with a test build before committing.

The reason I didn't request maintainer-approval is the fact this patch is very likely incomplete (as vishwin explained, and proved by showing me more commits to the crates fixing more SSL things). So, at least with libressl, some wrong runtime behavior might be expected. It fixes the *build*, and all my rust stuff here seems to work, but I have no idea where and how the SSL stuff is used at all.

So, do you think it makes sense to have a "partial fix/workaround" until we have something better with a new upstream version?

Comment 8 Tobias Kortkamp 2022-11-08 12:16:20 UTC

(In reply to Felix Palmen from comment #7)
Yes, because we are not in an ideal world where people have infinite time.
A partial workaround seems better than to have a known broken lang/rust.
Ideally security/libressl updates wouldn't go in without fixing important
ports like lang/rust first.

Your patch seems like the most complete one and was applied to cargo-c
too. Of course if vishwin@ comes up with something better then we can
use that instead. Maybe you two can agree on what to commit because I
cannot really help you with that.

AFAICT Rust 1.65.0 will need a patch for LibreSSL too, so that's at
minimum another 6 weeks of brokenness.

(In reply to Tobias Kortkamp from comment #8)

Yes, rust 1.65 fails the same way currently.

Comment 10 Charlie Li 2022-11-17 18:33:15 UTC

1.65.0 still bundles/vendors the same versions of openssl and openssl-sys crates as 1.64.0. I will upload somewhere what I have that updates those crate(s?) to the current versions, plus a separate patch on openssl-sys, on phab, but since I only makepatch-ed them without further processing, expect a deluge in files/.

(In reply to Charlie Li from comment #10)

The 0001 patch still works for rust 1.65. I cannot build cargo-c though.

(In reply to jakub_lach from comment #11)

Same problem with rust 1.66

Same error building rust 1.66.0 on amd64.

(In reply to Mathias Monnerville from comment #13)

FWIW, patch still works

(In reply to jakub_lach from comment #14)

Patch still needed for rust-1.67.1

(In reply to jakub_lach from comment #15)

rust 1.68 still needs the patch?

(In reply to jakub_lach from comment #16)

yes, I keep patch and it apply without problems and rust build ok.

(In reply to Ivan Rozhuk from comment #17)

Thanks, same here.

Created attachment 240956 [details]
libressl 3.5 - 3.9

(In reply to Ivan Rozhuk from comment #19)

Works for me, thanks!

Comment 21 Felix Palmen 2023-03-22 10:11:35 UTC

(In reply to Ivan Rozhuk from comment #19)
I think this is doing too much. There's most likely no need to indroduce a new "cfgs" value for 3.6, and I don't think it's a good idea to guess about future versions either....

I will slightly update my previous patch here.

Comment 22 Felix Palmen 2023-03-22 10:16:45 UTC

Created attachment 241050 [details]
0001-lang-rust-Fix-build-with-LibreSSL-3.6

Builds fine for me again with this little change.

Comment 23 Charlie Li 2023-03-22 12:15:44 UTC

Build fixes aside, the vendored openssl{,-sys} crates are still quite old, and some major internal refactorings have occurred. The patches I had to "update" them have become unwieldy as a result and not sustainable. Continuing to patch the version check on the old vendored version also isn't sustainable due to actual changes in OpenSSL/LibreSSL that need accounting for.

I just got a build working where the bundled vendor/ is yeeted and replaced by USES=cargo, which allows us to use updated crates for the most part. LibreSSL 3.7.1 support, for instance, only became available in openssl-sys-0.9.82 and openssl-0.10.47.

Comment 24 Felix Palmen 2023-03-22 13:17:49 UTC

(In reply to Charlie Li from comment #23)

Any software based on rust I'm personally using works correctly with that patch as well. Which of course doesn't mean the patch is entirely correct, but IMHO, it's an improvement compared to a state where rust just doesn't build.

So, I'd very much welcome a "perfect" solution, and if you think being able to use individually upgraded crates here is this perfect solution then I'm really looking forward to it! My only question would be: How long will it take?

Comment 25 Charlie Li 2023-03-22 14:14:34 UTC

(In reply to Felix Palmen from comment #24)
review D39209 for those adventurous

Comment 26 Felix Palmen 2023-03-22 14:39:16 UTC

(In reply to Charlie Li from comment #25)
Thanks! Not sure I can contribute anything useful over there, but I will certainly test it eventually. Of course, upgrading seems much better than patching symptoms.

Still unsure whether just leaving the build with libressl broken meanwhile is the best thing to do ...

But anyways, as far as I'm concerned: Anyone just apply my updated patch on your own risk. "Works for me" is all I can tell about it.

(In reply to Felix Palmen from comment #21)

My goal is reduce time to support it.
In past I already done same few times.

Created attachment 242702 [details]
build fix with libressl 3.7+

Comment 29 Felix Palmen 2023-06-29 14:38:16 UTC

Created attachment 243073 [details]
0001-lang-rust-Allow-build-with-LibreSSL-3.7.3

(In reply to Ivan Rozhuk from comment #28)
> build fix with libressl 3.7+

Adding config values that aren't checked anywhere is pretty pointless, and allowing LibreSSL versions that don't even exist yet is a bad idea, as they most likely will have more API changes. In the best case, the crate would then just fail to build, in the worst case, it would build but misbehave at runtime in weird ways.

But that said, it *seems* that for rust 1.70 and libressl 3.7.3 (what we currently have in ports), it's indeed enough to allow that version; attaching a small patch here.

Would it be fine to commit this one for now?

Comment 30 Charlie Li 2023-06-29 22:48:57 UTC

I still believe we should manage the crates ourselves via USES=cargo. The openssl crates will still need updating pretty much every SSL library release, and the Rust project themselves have shown that they let their Cargo.lock entry for the openssl crates get *very* stale to the point where the openssl crates' own dependencies change. Thankfully Rust 1.70.0 updated them to something much more recent such that the rather intrusive changes in (soon to be earlier iterations of) review D39209 ("unfreezing" Cargo.lock primarily) are not that needed anymore, but managing Makefile.crates ourselves allows us to override the provided Cargo.lock if/when necessary.

Comment 31 commit-hook 2023-06-30 11:43:44 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8bcbc1e32c6c141a4855f402ca06516b9c83d0a6

commit 8bcbc1e32c6c141a4855f402ca06516b9c83d0a6
Author:     Tobias Kortkamp <tobik@FreeBSD.org>
AuthorDate: 2023-06-30 09:49:34 +0000
Commit:     Tobias Kortkamp <tobik@FreeBSD.org>
CommitDate: 2023-06-30 11:40:19 +0000

    lang/rust: Fix build with LibreSSL 3.7.x

    PR:             266670
    Obtained from:  OpenBSD Ports

 .../files/patch-vendor_openssl-sys_build_main.rs (new)     | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

Comment 32 Felix Palmen 2023-06-30 12:27:09 UTC

(In reply to commit-hook from comment #31)
Thanks for that. But looking at it, it will also accept *any* LibreSSL version. So, this has to be monitored now when our libressl port is updated again ;)

Created attachment 244725 [details]
patch

(In reply to Ivan Rozhuk from comment #33)

FWIW, I've rebuilt rust-1.72.0 with libressl without additional tweaking/patches (as is in ports tree).

Once again, rust fails after libressl update do 3.8.2 - 

This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL 2.5 through 3.8.0, but a different version of OpenSSL was found. The build is now aborting due to this version mismatch.     

<etc.>

Created attachment 246136 [details]
patch

Probably this helps me.
Also I use patch (see obsolute) + workaround from here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273961

(In reply to Ivan Rozhuk from comment #36)

Thanks, I've tried earlier patch (with libressl up to 3.10); it still failed on bootstrapping openssl (without message related to version mismatch).

(In reply to Ivan Rozhuk from comment #36)

Patch works for me, after applying pkgconf patch.

Created attachment 246529 [details]
rust-1.73.0.patch

fix
  build with libressl 3.8.2

Comment 40 Peter Jeremy 2023-11-24 21:59:19 UTC

(In reply to takefu from comment #39)
This works for me.

(In reply to jakub_lach from comment #38)

It would be nice if security/py-cryptography, lang/rust and security/libressl updates would be somewhat synchronized - at this point it's a recurring theme. (#275243, #266670, #275397, #275019 etc).

Comment 42 Mikael Urankar 2023-12-09 15:06:30 UTC

*** Bug 274987 has been marked as a duplicate of this bug. ***

Comment 43 Mikael Urankar 2023-12-09 15:36:41 UTC

Created attachment 246931 [details]
v0

Can someone test the following patch?

(In reply to Mikael Urankar from comment #43)

I have built lang/rust from ports tree without additional patches (rust-1.74.1)

(In reply to jakub_lach from comment #44)

Ok, I was mistaken (portsnap would overwrite but I have ports tree from git), I had untracked lang/rust/files/patch-libressl 

--- vendor/openssl-sys/build/cfgs.rs
+++ vendor/openssl-sys/build/cfgs.rs
@@ -53,6 +53,24 @@
         if libressl_version >= 0x3_07_00_00_0 {
             cfgs.push("libressl370");
         }
+        if libressl_version >= 0x3_04_00_00_0 {
+            cfgs.push("libressl340");
+        }
+        if libressl_version >= 0x3_05_00_00_0 {
+            cfgs.push("libressl350");
+        }
+        if libressl_version >= 0x3_06_00_00_0 {
+            cfgs.push("libressl360");
+        }
+        if libressl_version >= 0x3_07_00_00_0 {
+            cfgs.push("libressl370");
+        }
+        if libressl_version >= 0x3_08_00_00_0 {
+            cfgs.push("libressl380");
+        }
+        if libressl_version >= 0x3_09_00_00_0 {
+            cfgs.push("libressl390");
+        }
     } else {
         let openssl_version = openssl_version.unwrap();

--- vendor/openssl-sys/build/main.rs
+++ vendor/openssl-sys/build/main.rs
@@ -274,6 +274,8 @@
             (3, 7, 1) => ('3', '7', '1'),
             (3, 7, _) => ('3', '7', 'x'),
             (3, 8, 0) => ('3', '8', '0'),
+            (3, 8, _) => ('3', '8', 'x'),
+            (3, 9, _) => ('3', '9', 'x'),
             _ => version_error(),
         };

Comment 46 Mikael Urankar 2023-12-15 11:57:41 UTC

Created attachment 247053 [details]
v1

Can someone runtime test this patch?

Created attachment 247536 [details]
v1_adjustment.patch

(In reply to Mikael Urankar from comment #46)

I have created a patch file that corrects the duplicate parts of v1.
Building libressl is no longer a problem.

https://bugs.freebsd.org/bugzilla/attachment.cgi?id=247053

(In reply to Mikael Urankar from comment #46)

Rust 1.75.0 builds

I think this PR should be closed.

https://www.freshports.org/commit.php?category=lang&port=rust&files=yes&message_id=2252f9df9da7248c59affb1010124d8afe5a907e

(In reply to takefu from comment #49)

I have no objections since I have switch to OpenSSL from base.

But LibreSSL 3.9.0 is released and I do expect that it will not work with current rust.

(In reply to Ivan Rozhuk from comment #50)

v1 patch ceased to apply after rust 1.77 update

(In reply to jakub_lach from comment #51)

  exit status: 0                                                                                    
  cargo:rustc-cfg=openssl                                                                           
  cargo:rustc-cfg=osslconf="OPENSSL_NO_BUF_FREELISTS"                                               
  cargo:rustc-cfg=osslconf="OPENSSL_NO_COMP"                                                        
  cargo:rustc-cfg=osslconf="OPENSSL_NO_EC2M"                                                        
  cargo:rustc-cfg=osslconf="OPENSSL_NO_ENGINE"                                                      
  cargo:rustc-cfg=osslconf="OPENSSL_NO_KRB5"                                                        
  cargo:rustc-cfg=osslconf="OPENSSL_NO_PSK"                                                         
  cargo:rustc-cfg=osslconf="OPENSSL_NO_SRP"                                                         
  cargo:rustc-cfg=osslconf="OPENSSL_NO_SSL3_METHOD"                                                 
  cargo:rustc-cfg=osslconf="OPENSSL_NO_SEED"                                                        
  cargo:conf=OPENSSL_NO_BUF_FREELISTS,OPENSSL_NO_COMP,OPENSSL_NO_EC2M,OPENSSL_NO_ENGINE,OPENSSL_NO  _KRB5,OPENSSL_NO_PSK,OPENSSL_NO_SRP,OPENSSL_NO_SSL3_METHOD,OPENSSL_NO_SEED                          
  cargo:rustc-cfg=libressl                                                                          
  cargo:rustc-cfg=libressl251                                                                       
  cargo:rustc-cfg=libressl252                                                                       
  cargo:rustc-cfg=libressl261                                                                       
  cargo:rustc-cfg=libressl270                                                                       
  cargo:rustc-cfg=libressl271                                                                       
  cargo:rustc-cfg=libressl273                                                                       
  cargo:rustc-cfg=libressl280                                                                       
  cargo:rustc-cfg=libressl281                                                                       
  cargo:rustc-cfg=libressl291                                                                       
  cargo:rustc-cfg=libressl310                                                                       
  cargo:rustc-cfg=libressl321                                                                       
  cargo:rustc-cfg=libressl332                                                                       
  cargo:rustc-cfg=libressl340                                                                       
  cargo:rustc-cfg=libressl350                                                                       
  cargo:rustc-cfg=libressl360                                                                       
  cargo:rustc-cfg=libressl370                                                                       
  cargo:libressl_version_number=3080300f                                                            

  --- stderr                                                                                        
  thread 'main' panicked at /usr/obj/usr/ports/lang/rust/work/rustc-1.77.0-src/vendor/openssl-sys-  0.9.92/build/main.rs:314:5:                                                                         

                                                                                                    
  This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL   2.5                                                                                                 
  through 3.8.0, but a different version of OpenSSL was found. The build is now aborting            
  due to this version mismatch.

Created attachment 249461 [details]
rust 1.77.0 libressl patch

Patch allowing rust 1.77 to build with libressl 3.8.3