Bug 199179

Summary:

[PATCH] security/p5-openxpki: Fix build with LibreSSL

Product:

Ports & Packages

Reporter:

Bernard Spil <brnrd>

Component:

Individual Port(s)

Assignee:

Dmitry Marakasov <amdmi3>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

amdmi3, danfe, svysh.fbsd

Priority:

---

Keywords:

patch

Version:

Latest

Flags:

svysh.fbsd: maintainer-feedback+

Hardware:

Any

OS:

Any

Bug Depends on:

Bug Blocks:

200229

Attachments:

Description	Flags
svn diff for security/openxpki	none
svn diff for secuity/p5-openxpki	none
svn diff for security/openxpki	none
Poudriere build log for security/p5-openxpki	none
patch for updating port	svysh.fbsd: maintainer-approval+
log from poudriere at 11-amd64 with perl-5.20	svysh.fbsd: maintainer-approval+

Description Bernard Spil freebsd_committer

2015-04-05 18:16:54 UTC

Created attachment 155206 [details]
svn diff for security/openxpki

security/openxpki relies on `openssl version` output which has changed with LibreSSL. Attached patch fixes build with LibreSSL

Upstreamed to https://github.com/openxpki/openxpki/pull/287

Comment 1 Sergei Vyshenski 2015-04-07 17:02:38 UTC

A note from maintainer of port security/p5-openxpki:

1. This PR names port incorrectly, thus concealing this PR from those concerned. I have found it by a pure chance.

2. Submitted patch seems wrong, as it ruins existing files/patch... file.

3. Submitted patch fixes only one trivial check of openssl name and version, and ignores multiple problems of compatibility with libressl. There is a major work in progress with the upstream.

openxpki project uses too many features of openssl, including calls to internal methods of the openssl libs. Let me suggest to wait until new upstream versions will gradually add support for libressl. Until this full support happens, I am willing to declare this port as BROKEN conditionally, if OPENSSL_PORT=security/libressl is defined. This declaration could be added soon with the nearest upstream version change.

Comment 2 Sergei Vyshenski 2015-04-11 04:48:33 UTC

Maintainer does not approve. Cf. comment #1

Comment 3 Bernard Spil freebsd_committer

2015-04-11 11:24:13 UTC

Created attachment 155465 [details]
svn diff for secuity/p5-openxpki

(In reply to Sergei Vyshenski from comment #2)
Hi Sergei,

Upstream has created a revised patch based on the one I upstreamed. That contained an error for LibreSSL still so I patched it to work properly.

Attached patch is based on the upstream patch and includes the latest fix (which I can only assume will be accepted upstream) see https://github.com/openxpki/openxpki/pull/291

Comment 4 Sergei Vyshenski 2015-04-11 12:31:37 UTC

Hi Bernard,

Thank you for efforts with mating everything to libressl. The renewed patch still ruins the old version of the file files/patch-Makefile.PL which is already present in this port. And so this patch does not solve points 2 and 3 from comment #1.

Being part of the upstream I can repeat the summary of our discussion there: at the moment support of libressl in the openxpki project is considered bleeding, marginal, experimental, for developers only, as many features of openxpki simply do not work with libressl. You can not solve numerous problems by just muting the check for name and version of openssl or libressl.

That said, the generalized version of your patch will be present in the forthcoming upstream versions (with libressl support explicitly labeled as for developers only) together with gradually adding the real support for libressl. 

Let me suggest to close this PR without commit.

Thank you again for your contribution.
Regards, Sergei

Comment 5 Bernard Spil freebsd_committer

2015-04-11 13:38:34 UTC

Created attachment 155467 [details]
svn diff for security/openxpki

Hi Sergei,

That was by no means my intention, so sloppy! Dunno what I did but probably a make extract and not a make patch before patching...

This new patch includes the original modifications to Makefile.PL

You're suggesting to close this PR and wait for upstream to release a fixed version?

Comment 6 Bernard Spil freebsd_committer

2015-04-11 13:40:46 UTC

Created attachment 155468 [details]
Poudriere build log for security/p5-openxpki

Comment 7 Sergei Vyshenski 2015-04-11 14:15:59 UTC

Hi Bernard,

Let me repeat for the third time.

OpenXPKI project in its present state does NOT support libressl, both without and with your patch. 

Also, please note that the upstream has incorporated your offer into its "development" branch, while this port deals with only "master" branch stable releases of the OpenXPI.

With updating this port to the next stable upstream version I will add conditional BROKEN, if libressl related env variable is defined. Already have a reprimand from FreeBSD committers for too frequent updates of this port. So at the moment see no reasons to disturb committers with a specially dedicated fix about this BROKEN. 

And yes, suggesting to close this PR now without committing any changes. I would appreciate if you (as originator of this PR) could change its status to "Fixed: Overcome by events".

Thank you again for your contribution. You really stimulated upstream members (me too) to start digging into this important issue of integrating libressl.

Regards, Sergei

Comment 8 Sergei Vyshenski 2015-04-11 14:30:42 UTC

Let me clarify.

At the moment this port builds ok and works just fine with all (either base or port) available versions of openssl.

At the moment this port explicitly refuses to build with libressl. If you force this build (hacking the port with something like your patch), then you get software which is NOT workable.

Hence this looks like very reasonable behavior of the port, and I see no reasons for immediate modifications of this port.

Comment 9 Sergei Vyshenski 2015-05-15 21:48:57 UTC

Created attachment 156808 [details]
patch for updating port

[MAINTAINER] security/p5-openxpki: update to 0.27.0.1

- Update to ver 0.28.0
Changes: https://github.com/openxpki/openxpki/commits/master

- Add IGNORE if LibreSSL is installed. This port uses low level functions 
of OpenSSL, and big work of the upstream is ahead to support LibreSSL.
This version of OpenXPKI still does not have full support of LibreSSL.

- Allow non-root user to build and stage so library. Cf. complains about chmod below.

- "portlint -AC" says:
WARN: Makefile: [122]: possible use of "${CHMOD}" found. Use @(owner,group,mode) syntax or @owner/@group operators in pkg-plist instead.
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
0 fatal errors and 2 warnings found.

- Tested with poudriere (log attached) at 11.0-CURRENT-amd64,
perl5-5.20, and openssl from ports.

Comment 10 Sergei Vyshenski 2015-05-15 21:49:49 UTC

Created attachment 156810 [details]
log from poudriere at 11-amd64 with perl-5.20

Comment 11 Sergei Vyshenski 2015-05-15 21:53:43 UTC

Errata.

Comment #9 should begin with: 
[MAINTAINER] security/p5-openxpki: update to 0.28.0

Comment 12 commit-hook freebsd_committer

2015-05-18 19:59:50 UTC

A commit references this bug:

Author: amdmi3
Date: Mon May 18 19:59:08 UTC 2015
New revision: 386710
URL: https://svnweb.freebsd.org/changeset/ports/386710

Log:
  - Update to 0.28.0
  - Add IGNORE if LibreSSL is installed. This port uses low level functions of OpenSSL, and big work of the upstream is ahead to support LibreSSL.  This version of OpenXPKI still does not have full support of LibreSSL.
  - Allow non-root user to build and stage so library.

  PR:		199179
  Submitted by:	spil.oss@gmail.com
  Patch by:	svysh.fbsd@gmail.com (maintainer)

Changes:
  head/security/p5-openxpki/Makefile
  head/security/p5-openxpki/distinfo
  head/security/p5-openxpki/files/pkg-message.in
  head/security/p5-openxpki/pkg-descr
  head/security/p5-openxpki/pkg-plist