223192 – security/gnutls fails install phase when DANE option is enabled

Bug 223192 - security/gnutls fails install phase when DANE option is enabled

Summary: security/gnutls fails install phase when DANE option is enabled

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Many People
Assignee:	Tijl Coosemans

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-23 16:20 UTC by Peter Putzer
Modified:	2017-10-26 19:26 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (tijl)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Putzer 2017-10-23 16:20:25 UTC

Possibly related to LibreSSL. After updating to gnutls-3.5.16, the port install fails when the DANE option is enabled:

===>  Installing for gnutls-3.5.16
===>   gnutls-3.5.16 depends on file: /usr/local/share/certs/ca-root-nss.crt - found
===>   gnutls-3.5.16 depends on executable: indexinfo - found
===>   gnutls-3.5.16 depends on shared library: libgmp.so - found (/usr/local/lib/libgmp.so)
===>   gnutls-3.5.16 depends on shared library: libnettle.so - found (/usr/local/lib/libnettle.so)
===>   gnutls-3.5.16 depends on shared library: libtasn1.so - found (/usr/local/lib/libtasn1.so)
===>   gnutls-3.5.16 depends on shared library: libunistring.so - found (/usr/local/lib/libunistring.so)
===>   gnutls-3.5.16 depends on shared library: libunbound.so - found (/usr/local/lib/libunbound.so)
===>   gnutls-3.5.16 depends on shared library: libidn2.so - found (/usr/local/lib/libidn2.so)
===>   gnutls-3.5.16 depends on shared library: libp11-kit.so - found (/usr/local/lib/libp11-kit.so)
===>   gnutls-3.5.16 depends on shared library: libtspi.so - found (/usr/local/lib/libtspi.so)
===>   gnutls-3.5.16 depends on shared library: libintl.so - found (/usr/local/lib/libintl.so)
===>  Checking if gnutls already installed
===>   Registering installation for gnutls-3.5.16
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/bin/danetool:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/include/gnutls/dane.h:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/lib/libgnutls-dane.so:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/lib/libgnutls-dane.so.0:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/lib/libgnutls-dane.so.0.4.1:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/libdata/pkgconfig/gnutls-dane.pc:No such file or directory
pkg-static: Unable to access file /usr/ports/security/gnutls/work/stage/usr/local/man/man1/danetool.1.gz:No such file or directory
*** Error code 74

The port is still listed as being installed successfully, though.

Comment 1 Tijl Coosemans freebsd_committer

2017-10-23 17:47:46 UTC

Works fine here.  There should be a config.log file in the work/ directory.  Can you attach that file to this bug?  Is there anything unbound or dane related in there?

Comment 2 Peter Putzer 2017-10-23 18:32:07 UTC

(In reply to Tijl Coosemans from comment #1)

configure:53783: checking for unbound library
configure:53799: /usr/local/libexec/ccache/world/cc -o conftest -O3 -pipe -funroll-loops -march=native  -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -DLIBICONV_PLUG -isystem /usr/local/include -I/usr/local/include  -fstack-protector conftest.c -lidn2 -L/usr/local/lib -lunbound >&5
/usr/bin/ld: warning: libsodium.so.18, needed by /usr/local/lib/libunbound.so, not found (try using -rpath or -rpath-link)
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_beforenm'
/usr/local/lib/libunbound.so: undefined reference to `randombytes_random'
/usr/local/lib/libunbound.so: undefined reference to `sodium_init'
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_curve25519xchacha20poly1305_open_easy_afternm'
/usr/local/lib/libunbound.so: undefined reference to `sodium_memcmp'
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_curve25519xchacha20poly1305_easy_afternm'
/usr/local/lib/libunbound.so: undefined reference to `crypto_stream'
/usr/local/lib/libunbound.so: undefined reference to `crypto_scalarmult_base'
/usr/local/lib/libunbound.so: undefined reference to `sodium_allocarray'
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_curve25519xchacha20poly1305_beforenm'
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_open_easy_afternm'
/usr/local/lib/libunbound.so: undefined reference to `crypto_box_easy_afternm'
/usr/local/lib/libunbound.so: undefined reference to `sodium_free'
/usr/local/lib/libunbound.so: undefined reference to `randombytes_buf'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
configure:53799: $? = 1
configure: failed program was:
| /* confdefs.h */

OK, so maybe the real problem is that the libsodium update today was missing an UPDATING entry. I rebuilt unbound and now gnutls can be compiled and installed normally.

Comment 3 commit-hook freebsd_committer

2017-10-26 18:42:49 UTC

A commit references this bug:

Author: tijl
Date: Thu Oct 26 18:42:12 UTC 2017
New revision: 452938
URL: https://svnweb.freebsd.org/changeset/ports/452938

Log:
  After r452629 also bump ports that optionally depend on libsodium.

  PR:		223192

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns-recursor/Makefile
  head/dns/unbound/Makefile
  head/net/libzmq4/Makefile