Bug 261452

Summary:

security/vaultwarden: Fails to build with SSL=libressl: ... build is now aborting due to this version mismatch

Product:

Ports & Packages

Reporter:

Alex Vasylenko <lxv>

Component:

Individual Port(s)

Assignee:

Michael Reifenberger <mr>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

brnrd, lxv

Priority:

---

Keywords:

needs-qa

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (mr)
koobs: merge-quarterly?

Hardware:

amd64

OS:

Any

Attachments:

Description	Flags
0001-security-vaultwarden-fix-build-with-default-ssl-libressl.patch	none

Description Alex Vasylenko 2022-01-25 01:00:07 UTC

Created attachment 231292 [details]
0001-security-vaultwarden-fix-build-with-default-ssl-libressl.patch

I have a 12.3 system where libressl is selected as the default SSL in `/etc/make.conf`

$ uname -r
12.3-RELEASE-p1

$ grep ssl /etc/make.conf
DEFAULT_VERSIONS+= ssl=libressl

Builds of security/vaultwarden fail like so:

--- stderr
  thread 'main' panicked at '

  This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3.0.0), or LibreSSL 2.5
  through 3.4.1, but a different version of OpenSSL was found. The build is now aborting
  due to this version mismatch.

  ', /usr/ports/security/vaultwarden/work/vaultwarden-1.23.1/cargo-crates/openssl-sys-0.9.71/build/main.rs:295:5
  stack backtrace:
     0: std::panicking::begin_panic
     1: build_script_main::version_error
     2: build_script_main::validate_headers
     3: build_script_main::main
     4: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
warning: build failed, waiting for other jobs to finish...

The issue is was fixed in `openssl-sys` crate v0.9.72 which also downgrades its `openssl-src` dependency from 300 back to 111 due to performance issue (https://github.com/sfackler/rust-openssl/blob/master/openssl-sys/CHANGELOG.md#v0972).

please consider the attached as a possible fix. Thanks!

Comment 1 Alex Vasylenko 2022-01-25 01:02:28 UTC

same patch for easy viewing on github - https://github.com/lxv/freebsd-ports/commit/68fbed323261417e6a6cc85e154dd45522072893

Comment 2 Bernard Spil freebsd_committer

2022-01-25 11:02:28 UTC

Hi Alex,

Does Rust build at all with LibreSSL?

And does Vaultwarden actually source the OpenSSL libs from the system? I am assuming it uses the crate's OpenSSL build, not the systems'.

Comment 3 Alex Vasylenko 2022-01-25 17:17:19 UTC

Yes, rust port builds fine with libressl as the default ssl (libressl itself is installed from port `security/libressl` which installs version 3.4.2 ATM)

Rust consumes SSL from the system by using openssl-sys and openssl-src crates to build a wrapper over system SSL library. I don't know if there's native SSL impl in rust

The way openssl-sys crate defines "system" SSL is whatever headers it gets by including <openssl/opensslv.h> and <openssl/opensslconf.h> which ends up being headers from /usr/local during vaultwarden port build

references:
https://github.com/sfackler/rust-openssl/blob/openssl-sys-v0.9.72/openssl-sys/build/main.rs#L159
https://github.com/sfackler/rust-openssl/blob/openssl-sys-v0.9.72/openssl-sys/build/expando.c#L1

I need this line so openssl-sys would recognize libressl 3.4.2 as a supported version:

https://github.com/sfackler/rust-openssl/blob/openssl-sys-v0.9.72/openssl-sys/build/main.rs#L256

Comment 4 Alex Vasylenko 2022-02-28 15:41:22 UTC

This issue is fixed in 1.24.0 of the port