Bug 236741 - security/luasec-51 broken with openssl from port
Summary: security/luasec-51 broken with openssl from port
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: David Thiel
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-23 21:31 UTC by Dirk Meyer
Modified: 2019-08-20 22:51 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (lx)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Meyer freebsd_committer 2019-03-23 21:31:54 UTC
FreeBSD 11.2 amd64

make.conf:
DEFAULT_VERSIONS+=      ssl=openssl111

openssl111-1.1.1b_1
lua51-luasec-0.7
prosody-0.11.2

:tls        error   Error creating context for c2s: LuaSec (required for encryption) was not found
:tls        error   Error creating contexts for s2sout: LuaSec (required for encryption) was not found
:tls        error   Error creating contexts for s2sin: LuaSec (required for encryption) was not found

ldd /usr/local/lib/lua/5.1/ssl.so
/usr/local/lib/lua/5.1/ssl.so:
        libssl.so.8 => /usr/lib/libssl.so.8 (0x801211000)
        libcrypto.so.8 => /lib/libcrypto.so.8 (0x801600000)
        libc.so.7 => /lib/libc.so.7 (0x800823000)

LDFLAGS are not passed to build:

[...]
cc -O2 -pipe  -I/usr/local/include -DOPENSSL_NO_SSL3 -fstack-protector -fno-strict-aliasing  -O2 -fPIC -Wall -pedantic -I/usr/local/include/lua51 -I/usr/obj/ports/usr/ports/security/luasec-51/work/luasec-luasec-0.7/src -DWITH_LUASOCKET -c ssl.c -o ssl.o
[...]
cc -O -fPIC -shared -L./luasocket -L/usr/lib -o ssl.so x509.o     context.o  ssl.o      config.o   ec.o -lssl -lcrypto -lluasocket
[...]

it runs with:
DEFAULT_VERSIONS+=      ssl=openssl

but ldd confirms it still uses base ssl.
Comment 1 David Thiel freebsd_committer 2019-08-13 23:22:54 UTC
I've updated luasec to 0.8, and I'm able to build luasec with openssl111. Can you test?
Comment 2 Dirk Meyer freebsd_committer 2019-08-20 22:26:10 UTC
Sorry, still the same problem.

The decencies are recorded,
but the linked so always uses libssl.so from base.

The same problem also happens on FreeBSD 12.0 amd64
DEFAULT_VERSIONS+=      ssl=openssl111

$ pkg which /usr/local/lib/lua/5.1/ssl.so
/usr/local/lib/lua/5.1/ssl.so was installed by package lua51-luasec-0.8

$ pkg info -d lua51-luasec
lua51-luasec-0.8:
        openssl111-1.1.1c
        lua51-5.1.5_9

$ ldd /usr/local/lib/lua/5.1/ssl.so
/usr/local/lib/lua/5.1/ssl.so:
        libssl.so.111 => /usr/lib/libssl.so.111 (0x800679000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000)
        libc.so.7 => /lib/libc.so.7 (0x800248000)
        libthr.so.3 => /lib/libthr.so.3 (0x80070e000)
Comment 3 Dirk Meyer freebsd_committer 2019-08-20 22:50:30 UTC
The port builds but fails on usage.

Problem is that LDFLAGS are not passed to build.

$ make -V OPENSSL_LDFLAGS
-Wl,-rpath,/usr/local/lib

Because the path to /usr/local/lib ist not set,
the so is always linked to the libssl.so from base.

I tried to fix this by adding to the Makefile

LDFLAGS+=       ${OPENSSL_LDFLAGS}

But the LDFLAGS are not picked up:
[...]
--- ssl.so ---
cc -O -fPIC -shared -L./luasocket -L/usr/lib -o ssl.so x509.o     context.o  ssl.o      config.o   ec.o -lssl -lcrypto -lluasocket
===>  Staging for lua51-luasec-0.8
[...]

no change
Comment 4 Dirk Meyer freebsd_committer 2019-08-20 22:51:26 UTC
I tried to fix this by adding to the Makefile

MAKE_ENV+=      LIBDIR="${LIBDIR}"

Then the port uses the correct path for libssl.so

$ ldd /usr/local/lib/lua/5.1/ssl.so
/usr/local/lib/lua/5.1/ssl.so:
        libssl.so.11 => /usr/local/lib/libssl.so.11 (0x800679000)
        libcrypto.so.11 => /usr/local/lib/libcrypto.so.11 (0x800e00000)
        libc.so.7 => /lib/libc.so.7 (0x800248000)
        libthr.so.3 => /lib/libthr.so.3 (0x80070c000)