Bug 226883 - lang/python27, lang/python35, lang/python36: Add libressl 2.7 support (fixes build failures)
Summary: lang/python27, lang/python35, lang/python36: Add libressl 2.7 support (fixes ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernard Spil
URL: https://bugs.python.org/issue33127
Keywords:
Depends on: 227090
Blocks: 226843
  Show dependency treegraph
 
Reported: 2018-03-23 22:39 UTC by Charlie Li
Modified: 2018-05-25 17:46 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Charlie Li 2018-03-23 22:39:54 UTC
libressl 2.7.0 was released on 21 March, and it introduced support for many OpenSSL 1.0.2 and 1.1 APIs. However, this has broken builds of the affected lang/python ports when DEFAULT_VERSIONS contains ssl=libressl-devel (currently).

Both the OpenBSD ports team and upstream have tracked this issue separately. OpenBSD has patched their ports tree [1], but when applied here, their patch breaks builds for both ssl=openssl and ssl=openssl-devel. Meanwhile, upstream will not release their patch until libressl 2.7.1 is released. Thus, this PR mainly exists to coordinate downstream patching efforts until upstream releases something.

[1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/2.7/patches/patch-Modules__ssl_c?rev=1.6&content-type=text/x-cvsweb-markup and http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.6/patches/patch-Modules__ssl_c?rev=1.2&content-type=text/x-cvsweb-markup
Comment 1 Charlie Li 2018-03-24 18:52:43 UTC
Upstream has released patches. Putting them in Phabricator in a bit.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2018-03-27 09:46:54 UTC
Thank you for your report Charlie,

Could you confirm/clarify some points that might be slightly ambiguous:

- Is D14837 the same as the OpenBSD patches, or different, fixing "both ssl=openssl and ssl=openssl-devel" build failures referenced in comment 0?

- In D14837, Does "Fails otherwise" mean the same as "breaks both ssl=openssl and ssl=openssl-devel" as referenced in comment 0 here, or some other subset/combination?

- I interpreted 'upstream' in 'upstream will not release their patch' to mean Python (waiting for libressl upstream to 'release' before committing code). Is this correct?

An explicit/accurate/complete list of what succeeds/fails would be super handy to figure out where/what needs work from here:

From the standpoint of Python (team) and python ports, we'd ideally like to take changesets from upstream after they're committed and backported there. We're happy to carry local patches prior to next point releases in each branch.

If we can confidently get to the point where we have a candidate changeset with thorough QA passing and no regressions, we can consider landing it early (before upstream (Python)).

For clarity purposes, if the changeset in D14837 is incomplete (in that it regresses certain ssl combinations), then it should be abandoned in favour of a 'work in progress' patch here for someone (Bernard, CC'd, is the point on libressl things) to review and improve upon.

At the point where a QA passing/complete patch is ready, we can put it back up on Phabricator for broader review, if necessary beyond here.
Comment 3 Charlie Li 2018-03-27 11:10:26 UTC
Upstream refers to the Python project themselves, not OpenBSD. The stuff on Phabricator came directly from them.

"Fails otherwise" referred to earlier testport runs of mine where ccache interfered with proper testing, ie used a cached copy with wrong symbols when the ssl= value was changed. Disabling ccache fixed this, and all ssl= values work. So everything succeeds.
Comment 5 Charlie Li 2018-03-31 20:25:26 UTC
Bug 227090 updates lang/python36 to 3.6.5. This patch is still needed there, as upstream released 3.6.5rc1 before landing it, thus missing the merge window there.
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2018-04-01 02:51:22 UTC
Landing this after bug 227090 is easier/faster than moving the python36 specific patch to that update. Make this bug block on it.
Comment 7 commit-hook freebsd_committer 2018-04-28 19:11:30 UTC
A commit references this bug:

Author: brnrd
Date: Sat Apr 28 19:11:14 UTC 2018
New revision: 468566
URL: https://svnweb.freebsd.org/changeset/ports/468566

Log:
  lang/python27: Fix build with LibreSSL 2.7

  PR:		226883
  Submitted by:	Charlie Li <ml+freebsd vishwin info>
  Approved by:	python (koobs)
  Differential Revision:	https://reviews.freebsd.org/D14837

Changes:
  head/lang/python27/files/patch-issue33127
Comment 8 commit-hook freebsd_committer 2018-04-28 19:17:38 UTC
A commit references this bug:

Author: brnrd
Date: Sat Apr 28 19:17:34 UTC 2018
New revision: 468567
URL: https://svnweb.freebsd.org/changeset/ports/468567

Log:
  lang/python35: Fix build with LibreSSL 2.7

  PR:		226883
  Submitted by:	Charlie Li <ml+freebsd vishwin info>
  Approved by:	python (koobs)
  Differential Revision:	https://reviews.freebsd.org/D14837

Changes:
  head/lang/python35/files/patch-issue33127
Comment 9 commit-hook freebsd_committer 2018-04-28 19:30:50 UTC
A commit references this bug:

Author: brnrd
Date: Sat Apr 28 19:30:01 UTC 2018
New revision: 468569
URL: https://svnweb.freebsd.org/changeset/ports/468569

Log:
  lang/python36: Fix build with LibreSSL 2.7

  PR:		226883
  Submitted by:	Charlie Li <ml+freebsd vishwin info>
  Approved by:	python (koobs)
  Differential Revision:	https://reviews.freebsd.org/D14837

Changes:
  head/lang/python36/files/patch-issue33127
Comment 10 Andrey Cherkashin 2018-05-01 19:56:19 UTC
FYI while python builds with libressl now, py-cryptography does not: https://pkg.andoriyu.xyz/data/live-system-nimble/2018-05-01_10h53m35s/logs/errors/py27-cryptography-2.1.4.log
Comment 11 Charlie Li 2018-05-01 19:59:03 UTC
(In reply to Andrey Cherkashin from comment #10)
Please refer to bug 226906.
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2018-05-02 02:08:47 UTC
Assign to committer that resolved.
Comment 13 commit-hook freebsd_committer 2018-05-25 17:46:59 UTC
A commit references this bug:

Author: feld
Date: Fri May 25 17:46:42 UTC 2018
New revision: 470858
URL: https://svnweb.freebsd.org/changeset/ports/470858

Log:
  MFH: r468566 r469635

  lang/python27: Fix build with LibreSSL 2.7

  PR:		226883
  Submitted by:	Charlie Li <ml+freebsd vishwin info>
  Approved by:	python (koobs)
  Differential Revision:	https://reviews.freebsd.org/D14837

  - Update to 2.7.15(include security fix)

  PR:		228028
  Submitted by:	wen@(myself)
  Exp-run by:	antoine@

Changes:
_U  branches/2018Q2/
  branches/2018Q2/lang/python-doc-html/distinfo
  branches/2018Q2/lang/python27/Makefile
  branches/2018Q2/lang/python27/Makefile.version
  branches/2018Q2/lang/python27/distinfo
  branches/2018Q2/lang/python27/files/patch-issue30622
  branches/2018Q2/lang/python27/pkg-plist