Bug 226852 - lang/ruby25: fix build with LibreSSL 2.7
Summary: lang/ruby25: fix build with LibreSSL 2.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
Depends on:
Blocks: 226843
  Show dependency treegraph
Reported: 2018-03-22 19:06 UTC by Piotr Kubaj
Modified: 2018-08-15 19:19 UTC (History)
12 users (show)

See Also:
bugzilla: maintainer-feedback? (ruby)

patch (1.65 KB, patch)
2018-03-22 19:06 UTC, Piotr Kubaj
no flags Details | Diff
Fix openssl ext behavior with DEFAULT_VERSIONS= ssl=openssl (1004 bytes, patch)
2018-04-01 12:01 UTC, Thibault Jouan
no flags Details | Diff
Fix openssl ext behavior with ssl=openssl (2.59 KB, patch)
2018-04-02 10:57 UTC, Thibault Jouan
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2018-03-22 19:06:45 UTC
Created attachment 191741 [details]

This patch is needed to build the port against LibreSSL 2.7.

It builds fine against LibreSSL 2.7 and base OpenSSL 1.0.1.
Comment 1 Charlie Li 2018-03-23 08:26:38 UTC
Does this patch also work with lang/ruby24 and possibly lang/ruby23? I don't actually use those two ports myself but I ran a testport with the former and it broke the exact same way.
Comment 2 Piotr Kubaj freebsd_committer 2018-03-23 11:30:52 UTC
(In reply to Charlie Li from comment #1)
I just tried ruby24 port and it builds fine with this patch (note that I just copied the patch without any modifications).
Comment 3 Bernard Spil freebsd_committer 2018-03-25 11:52:49 UTC
(In reply to Piotr Kubaj from comment #2)
Confirm that the same patch works on lang/ruby24: https://keg.brnrd.eu/data/111amd64-default-libressldev/2018-03-25_11h09m25s/logs/ruby-2.4.3,1.log
Comment 4 commit-hook freebsd_committer 2018-03-26 13:35:22 UTC
A commit references this bug:

Author: swills
Date: Mon Mar 26 13:35:06 UTC 2018
New revision: 465590
URL: https://svnweb.freebsd.org/changeset/ports/465590

  lang/ruby25: fix build with LibreSSL 2.7

  PR:		226852
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

Comment 5 Steve Wills freebsd_committer 2018-03-26 13:36:17 UTC
Committed for ruby25 for now. Let's wait a bit for some run time usage before committing it for ruby24.
Comment 6 Bernard Spil freebsd_committer 2018-03-27 06:02:56 UTC
Want to keep this PR open for ruby24? Otherwise we can close.
Comment 7 Steve Wills freebsd_committer 2018-03-27 12:56:12 UTC
(In reply to Bernard Spil from comment #6)
Yes, I do want to keep it open, which is why I set it to "In Progress". I'll add the patch to ruby24 in a few weeks.
Comment 8 Thibault Jouan 2018-04-01 09:49:24 UTC
  I think this patch breaks some features of the OpenSSL library, when
Ruby is built with OpenSSL 1.0.1:

    $ ruby24 -ropenssl -e "OpenSSL::PKey::RSA.generate(1024).to_s"

    $ ruby25 -ropenssl -e "OpenSSL::PKey::RSA.generate(1024).to_s"
    /usr/local/lib/ruby/2.5/amd64-freebsd11/openssl.so: Undefined symbol "EVP_PKEY_get0_RSA"
    zsh: exit 1     ruby25 -ropenssl -e "p OpenSSL::PKey::RSA.generate(1024).to_s"

  It works again with Ruby 2.5 if I revert the patch. I'll make some
tests with LibreSSL later and see if I can update the patch.
Comment 9 Thibault Jouan 2018-04-01 12:01:34 UTC
Created attachment 192051 [details]
Fix openssl ext behavior with DEFAULT_VERSIONS= ssl=openssl

  I tested this patch with:

    DEFAULT_VERSIONS= ssl=openssl
    DEFAULT_VERSIONS= ssl=openssl-devel
    DEFAULT_VERSIONS= ssl=libressl

  The `Undefined symbol "EVP_PKEY_get0_RSA"' error with
security/openssl does not happen anymore. Port still builds with
libressl and openssl-devel. I noticed some warnings during build with
openssl-devel, maybe it's related to initial patch:

    compiling openssl_missing.c
    In file included from openssl_missing.c:21:
    ./openssl_missing.h:78:11: warning: 'X509_STORE_get_ex_new_index' macro redefined [-Wmacro-redefined]
#  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
    /usr/local/include/openssl/x509_vfy.h:320:9: note: previous definition is here
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
    1 warning generated.
Comment 10 Thibault Jouan 2018-04-02 10:57:25 UTC
Created attachment 192101 [details]
Fix openssl ext behavior with ssl=openssl

  The previous patch I posted was incorrect, I misunderstood that
LibreSSL 2.7 is security/libressl-dev, not security/libressl.

  I prepared a new one based on:

  Which I learned about after seeing this on Ruby bug tracker:

  Original patch author is: Kazuki Yamaguchi <k@rhe.jp>
Comment 11 Franco Fichtner 2018-04-10 05:14:04 UTC
Between openssl and libressl-devel, would it be helpful to unbreak openssl port again?

Comment 12 ncrogers 2018-04-10 22:58:50 UTC
FWIW I'm also now experiencing "Undefined symbol "EVP_PKEY_get0_RSA" errors with this port because of this patch that was committed in revision 465590. Removing files/patch-ext_openssl_openssl__missing.h from the port fixes the problem for me. I am compiling against OpenSSL in base.

OpenSSL 1.0.2k-freebsd  26 Jan 2017
# ruby -v
ruby 2.5.1p57 (2018-03-29 revision 63029) [amd64-freebsd11]
# irb
irb(main):001:0> require 'openssl'; OpenSSL::PKey::RSA.new(`openssl genrsa`).private_encrypt('foo')
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
/usr/local/lib/ruby/2.5/amd64-freebsd11/openssl.so: Undefined symbol "EVP_PKEY_get0_RSA"
Comment 13 Franco Fichtner 2018-04-19 15:16:59 UTC
Any progress here?
Comment 14 Walter Schwarzenfeld freebsd_triage 2018-04-29 16:18:42 UTC
Same problem with ruby24 #227851. But the patch for ruby25 also fix it.
Comment 15 Rihad 2018-05-11 13:58:23 UTC
> Created attachment 191741 [details]

It's a bit tricky to apply this patch when you need to run "rbenv install -p 2.5.1". For some reason clicking "Raw unified" surrounds the patch for ext/openssl/openssl_missing.h in yet another patch for files/patch-ext_openssl_openssl__missing.h which just doesn't get applied by rbenv install.
Comment 16 Thibault Jouan 2018-05-27 13:27:03 UTC
(In reply to rihad from comment #15)

I'm not sure I understand the issue: patches in this PR are for
lang/ruby25 port, but `rbenv install -p 2.5.1` would use the upstream
release, not the FreeBSD port, right?

In that case, shouldn't the upstream patch be used?

The patch for `files/patch-ext_openssl_openssl__missing.h' targets
ruby ports, it's relative to `lang/ruby25' directory.
Comment 17 Rihad 2018-06-18 10:41:33 UTC
I don't know, Thibault, the upstream patch fails for us (on 2.4.4), only this patch works for bot 2.4 & 2.5. I just have to remove the first column of the patch.

$ colrm 1 1 | rbenv install -p -f 2.4.4 
Downloading ruby-2.4.4.tar.bz2...
-> https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.bz2
(at this point I paste the patch starting from "+--- ext/...")
Installing ruby-2.4.4...
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
|--- ext/openssl/openssl_missing.h.orig 2018-03-22 19:37:19 UTC
|+++ ext/openssl/openssl_missing.h
Patching file ext/openssl/openssl_missing.h using Plan A...
Hunk #1 succeeded at 119 (offset 47 lines).
Hunk #2 succeeded at 195 (offset 47 lines).
Hunk #3 succeeded at 247 with fuzz 1 (offset 47 lines).
and build & install continues normally.

Sorry if this wasn't the right place to ask but the FreeBSD patch really helped.
Comment 18 ncrogers 2018-06-18 18:06:52 UTC
I've opened a new bug report to try and address the fact that behavior with ruby 2.5 + OpenSSL is still broken upstream. Perhaps this could be construed as a duplicate issue but it seems like the Assignee for this bug has dropped it.


It seems like the OpenSSL in base should take precedence over LibreSSL in terms of having a functioning port, which simply requires reverting the commit in r 465590.

I don't use LibreSSL and I am unclear which of the above patches fixes OpenSSL AND LibreSSL, so perhaps someone could post the working patch as a solution in the new bug.
Comment 19 Thibault Jouan 2018-07-15 13:47:28 UTC
(In reply to rihad from comment #17)

OK, I was worried there could be an issue with the patch I added to this PR,
but with the detail you provide, I totally expect that applying it to
https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.4.tar.bz2 would fail.

In the context of the FreeBSD ports for Ruby (lang/ruby25), the patch adds a
patch, so it's a diff of a diff :-) The "additional" first column is expected
in this case.

I'm not sure why you couldn't apply upstream patch to 2.4.4 as I didn't look
into it yet. But my supposition would be that it's because Ruby openssl
extension is developed in a separate repository and Ruby core team merges
changes from time to time, but not necessarily the same way/time for Ruby 2.4
and Ruby 2.5.
Comment 20 Thibault Jouan 2018-07-15 14:02:25 UTC
(In reply to ncrogers from comment #18)

I added a patch to bug 229119. This current PR was kept opened for lang/ruby24
if I'm correct, but I believe it was handled in bug 227851.

So if we handle lang/ruby25 regression with OpenSSL in bug 229119, I think
current PR may be closed.
Comment 21 Franco Fichtner 2018-08-02 19:43:45 UTC
Can we please have this fixed now?
Comment 22 commit-hook freebsd_committer 2018-08-15 18:24:36 UTC
A commit references this bug:

Author: swills
Date: Wed Aug 15 18:23:46 UTC 2018
New revision: 477249
URL: https://svnweb.freebsd.org/changeset/ports/477249

  lang/ruby25: Fix with ports OpenSSL and LibreSSL

  PR:		229119
  PR:		226852
  Submitted by:	Thibault Jouan <tj+freebsd_ports@a13.fr>
  Reported by:	Piotr Kubaj <pkubaj@anongoth.pl>
  With hat:	ruby@

Comment 23 Steve Wills freebsd_committer 2018-08-15 18:25:40 UTC
Committed, sorry for the wait.
Comment 24 Franco Fichtner 2018-08-15 19:19:42 UTC
Super, thank you! :)