Bug 229223 - lang/python27: BROKEN again with security/openssl111
Summary: lang/python27: BROKEN again with security/openssl111
Status: Closed Unable to Reproduce
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL: https://bugs.python.org/issue26470
Keywords:
: 235011 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-06-22 00:33 UTC by Curtis Villamizar
Modified: 2019-12-25 06:39 UTC (History)
12 users (show)

See Also:
koobs: maintainer-feedback+


Attachments
Fix openssl 1.1 build (523 bytes, patch)
2018-09-16 02:49 UTC, Nathan
no flags Details | Diff
build log: Nathan's patch breaks security/openssl (539.90 KB, text/plain)
2019-02-19 07:26 UTC, Koichiro Iwao
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Curtis Villamizar 2018-06-22 00:33:13 UTC
Compiling the lang/python17 port is again broken with security/openssl-devel.

===>  Installing for python27-2.7.15
===>  Checking if python27 already installed
===>   Registering installation for python27-2.7.15 as automatic
pkg-static: Unable to access file /usr/releng/r11-20180619/ports/lang/python27/w
ork/stage/usr/local/lib/python2.7/lib-dynload/_ssl.so:No such file or directory
*** Error code 74

Stop.
make[5]: stopped in /usr/releng/r11-20180619/ports/lang/python27
*** Error code 1


# svn info
Path: .
Working Copy Root Path: /usr/releng/r11-20180619/ports
URL: https://svn.freebsd.org/ports/head/security/openssl-devel
Relative URL: ^/head/security/openssl-devel
Repository Root: https://svn.freebsd.org/ports
Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5
Revision: 472829

# svn info
Path: .
Working Copy Root Path: /usr/releng/r11-20180619/ports
URL: https://svn.freebsd.org/ports/head/lang/python27
Relative URL: ^/head/lang/python27
Repository Root: https://svn.freebsd.org/ports
Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5
Revision: 472829

# uname -a
FreeBSD r11-amd64.v6ds.occnc.com 11.2-PRERELEASE FreeBSD 11.2-PRERELEASE #0 r335389: Wed Jun 20 10:04:46 EDT 2018     root@amd64-boot1.v6only.occnc.com:/usr/releng/r11-20180619/obj.amd64.occnc11.amd64/usr/releng/r11-20180619/src/sys/occnc11.amd64  amd64
Comment 1 Curtis Villamizar 2018-06-22 00:37:27 UTC
Workaround is to make deinstall in security/openssl-devel, edit /etc/make.conf to set DEFAULT_VERSIONS+= ssl=base, compile and install lang/python27, then edit /etc/make.conf again to set DEFAULT_VERSIONS+= ssl=openssl-devel, then make install in security/openssl-devel .

Right now I am continuing to build with the above workaround but will look into this.  It would help if someone who had a clue (that would not be me) took a look at this as well.
Comment 2 Conrad Meyer freebsd_committer 2018-07-09 17:42:54 UTC
Here's the upstream Python issue: https://bugs.python.org/issue26470

2.7 patch available here: https://hg.python.org/cpython/rev/14b611ddaabe
And also follow-up patch: https://hg.python.org/cpython/rev/2593ed9a6a62
Comment 3 Patrick Gibson 2018-07-25 01:16:10 UTC
I guess we just have to wait for a proper fix if we're using Poudriere to build?
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2018-08-06 01:44:46 UTC
I can reproduce this issue, but the bugs/commits referenced here (BPO 26470) and those in the previous bug 222795 that reported the same issue have apparently been released (ports version is currently 2.7.15)

The latest port update (ports r469635) removed the patches for upstream issue 30622 which fixed NPN detection. I wonder if they're still needed (or they were updated subsequent to the release, or the patch was inadvertently removed)

The actual error is:

/wrkdirs/usr/ports/lang/python27/work/Python-2.7.15/Modules/_ssl.c:2117:44: error: use of undeclared identifier 'PySSL_selected_npn_protocol'
    {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
                                           ^
1 warning and 1 error generated.

I tried compiling openssl-devel with NPN option on, but the build still fails.
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2018-08-06 01:47:36 UTC
From the sources:

#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
Comment 6 Nathan 2018-09-16 02:19:07 UTC
I now get:
readelf: Not an ELF file.
Warning: /wrkdirs/usr/ports/lang/python27/work/stage/usr/local/lib/libpython2.7.so.1-gdb.py doesn't have a SONAME.
Warning: pkg(8) will not register it as being provided by the port.
Warning: If another port depend on it, pkg will not be able to know where it comes from.
Warning: It is directly in /usr/local/lib, it is probably used by other ports.
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
===> Checking for items in pkg-plist which are not in STAGEDIR
Error: Missing: lib/python2.7/lib-dynload/_ssl.so
Comment 7 Nathan 2018-09-16 02:49:29 UTC
Created attachment 197123 [details]
Fix openssl 1.1 build

This fixed the build for me and also didn't give missing/orphan files in plist like it was in previous comment
Comment 8 johannes 2018-11-18 00:30:29 UTC
that patch works for me as well (with openssl111 port).
Comment 9 Koichiro Iwao freebsd_committer 2019-02-19 07:24:25 UTC
(In reply to Nathan from comment #7)
The patch fixes build with libressl, libressl-devel, openssl111 but breaks openssl.
Comment 10 Koichiro Iwao freebsd_committer 2019-02-19 07:26:49 UTC
Created attachment 202153 [details]
build log: Nathan's patch breaks security/openssl

Here's the build log.
Comment 11 Koichiro Iwao freebsd_committer 2019-02-19 07:54:54 UTC
*** Bug 235011 has been marked as a duplicate of this bug. ***
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2019-12-25 06:38:32 UTC
I couldn't reproduce this in poudriere on 12/amd64 with an up to date ports tree

Please re-open with additional details and reproduction steps if it is still reproducible with the latest version of lang/python27 and security/openssl111, including a full build log, which shows the reason for Python C extensions failing to build, which then cause the the packaging errors