Bug 242986 - www/nginx: Can't build nginx-1.16.1_8,2 on FreeBSD 11.3-RELEASE with NJS=on
Summary: www/nginx: Can't build nginx-1.16.1_8,2 on FreeBSD 11.3-RELEASE with NJS=on
Status: Closed Unable to Reproduce
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Jochen Neumeister
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-30 16:02 UTC by Arnaud de Prelle
Modified: 2020-01-21 16:21 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (joneum)


Attachments
nginx build log with NJS=on (13.27 KB, text/plain)
2019-12-30 16:02 UTC, Arnaud de Prelle
no flags Details
Proposed NJS build Makefile patch (861 bytes, patch)
2020-01-03 11:30 UTC, Arnaud de Prelle
arnaud: maintainer-approval? (joneum)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arnaud de Prelle 2019-12-30 16:02:56 UTC
Created attachment 210332 [details]
nginx build log with NJS=on

nginx can be used as a DoH server.

A blog post on the nginx official websites provides two examples in order to deploy such a feature.

Both require the http_javascript module (NJS=on).

Trying to recompile nginx with NJS=on fails on my server (see attached build logs).

Server's specs:
11.3-RELEASE
Intel(R) Core(TM) i5-3570S

# cat /etc/make.conf | grep -v ^#
MYSQL_VER=103m
OPTIONS_UNSET=X11
DEFAULT_VERSIONS+=ssl=openssl
OPTIONS_UNSET=GSSAPI
KERNCONF=ICE3K
DEFAULT_VERSIONS+= perl5=5.30

BSD:/usr/ports/www/nginx # make showconfig | grep -v =off
===> The following configuration options are available for nginx-1.16.1_8,2:
     IPV6=on: Enable IPv6 support
     WWW=on: Enable html sample files
====> Modules that require MAIL module
====> Modules that require HTTP module
     HTTP=on: Enable HTTP module
     HTTP_CACHE=on: Enable http_cache module
     HTTP_REWRITE=on: Enable http_rewrite module
     HTTP_SLICE=on: Enable http_slice module
     HTTP_SSL=on: Enable http_ssl module
     HTTP_STATUS=on: Enable http_stub_status module
     HTTPV2=on: Enable HTTP/2 protocol support (SSL req.)
     STREAM=on: Enable stream module
     STREAM_SSL=on: Enable stream_ssl module (SSL req.)
     STREAM_SSL_PREREAD=on: Enable stream_ssl_preread module (SSL req.)
     HTTP_GEOIP2=on: 3rd party geoip2 module
     NJS=on: Enable http_javascript module
====> GSSAPI implementation (imply HTTP_AUTH_KRB5): you can only select none or one of them
===> Use 'make config' to modify these settings
Comment 1 Arnaud de Prelle 2019-12-30 16:33:14 UTC
Quick and dirty fix by hand:

BSD:/usr/ports/www/nginx # diff -u work/njs-b2f0f5d/build/Makefile.orig work/njs-b2f0f5d/build/Makefile
--- work/njs-b2f0f5d/build/Makefile.orig        2019-12-30 17:32:33.193165000 +0100
+++ work/njs-b2f0f5d/build/Makefile     2019-12-30 17:29:52.565286000 +0100
@@ -4,7 +4,7 @@
 NJS_CC = cc
 NJS_STATIC_LINK = ar -r -c
 NJS_LINK = cc -O
-NJS_CFLAGS =  -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g -O -O2 -pipe  -I/usr/local/include -Wl,-rpath,/usr/local/lib -fstack-protector-strong -fno-strict-aliasing  -I /usr/local/include
+NJS_CFLAGS =  -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g -O -O2 -pipe  -I/usr/local/include -fstack-protector-strong -fno-strict-aliasing  -I /usr/local/include

 default: libnjs njs
 NJS_LIB_INCS = -Isrc -Ibuild
Comment 2 Arnaud de Prelle 2020-01-03 11:30:31 UTC
Created attachment 210412 [details]
Proposed NJS build Makefile patch
Comment 3 Jochen Neumeister freebsd_committer 2020-01-03 21:50:17 UTC
hi,

thx for the PR.

i always check all modules in poudriere before i commit them.
i just tested in a test VM with NJS=on, i have no problems here either.
Comment 4 Kirill 2020-01-20 09:04:08 UTC
+1
Comment 5 Kirill 2020-01-20 10:41:47 UTC
It works on 12.1. Please try to build it on 11.3 or 12.0.
Comment 6 Arnaud de Prelle 2020-01-20 10:48:54 UTC
Issue still present while trying to upgrade from 1.16.1_8,2 to 1.16.1_9,2.



Build logs:
cc -c -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g -O -O2 -pipe  -I/usr/local/include -Wl,-rpath,/usr/local/lib -fstack-protector-strong -fno-strict-aliasing  -I /usr/local/include -I/usr/local/include  -Isrc -Ibuild -Injs  -o build/src/njs_diyfp.o  -MMD -MF build/src/njs_diyfp.dep -MT build/src/njs_diyfp.o  src/njs_diyfp.c
cc: error: -Wl,-rpath,/usr/local/lib: 'linker' input unused [-Werror,-Wunused-command-line-argument]
*** [build/src/njs_diyfp.o] Error code 1

make[4]: stopped in /usr/ports/www/nginx/work/njs-b2f0f5d
1 error

make[4]: stopped in /usr/ports/www/nginx/work/njs-b2f0f5d
*** [/usr/ports/www/nginx/work/njs-b2f0f5d/nginx/../build/libnjs.a] Error code 2

make[3]: stopped in /usr/ports/www/nginx/work/nginx-1.16.1
1 error

make[3]: stopped in /usr/ports/www/nginx/work/nginx-1.16.1
*** [build] Error code 2

make[2]: stopped in /usr/ports/www/nginx/work/nginx-1.16.1
1 error

make[2]: stopped in /usr/ports/www/nginx/work/nginx-1.16.1
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/www/nginx
*** Error code 1

Stop.
make: stopped in /usr/ports/www/nginx

===>>> make build failed for www/nginx
===>>> Aborting update

===>>> Update for www/nginx failed
===>>> Aborting update


===>>> You can restart from the point of failure with this command line:
       portmaster <flags> www/nginx 


Would it be possible for you to build it in your Poudriere environment with the exact same configuration to confirm it's not a general issue (my environment is really clean so there is no reason it would fail) : 

# make showconfig
===> The following configuration options are available for nginx-1.16.1_9,2:
     DEBUG=off: Build with debugging support
     DEBUGLOG=off: Enable debug log (--with-debug)
     DSO=off: Enable dynamic modules support
     FILE_AIO=off: Enable file aio
     IPV6=on: Enable IPv6 support
     THREADS=off: Enable threads support
     WWW=on: Enable html sample files
====> Modules that require MAIL module
     MAIL=off: Enable IMAP4/POP3/SMTP proxy module
     MAIL_IMAP=off: Enable IMAP4 proxy module
     MAIL_POP3=off: Enable POP3 proxy module
     MAIL_SMTP=off: Enable SMTP proxy module
     MAIL_SSL=off: Enable mail_ssl module
====> Modules that require HTTP module
     GOOGLE_PERFTOOLS=off: Enable google perftools module
     HTTP=on: Enable HTTP module
     HTTP_ADDITION=off: Enable http_addition module
     HTTP_AUTH_REQ=off: Enable http_auth_request module
     HTTP_CACHE=on: Enable http_cache module
     HTTP_DAV=off: Enable http_webdav module
     HTTP_FLV=off: Enable http_flv module
     HTTP_GUNZIP_FILTER=off: Enable http_gunzip_filter module
     HTTP_GZIP_STATIC=off: Enable http_gzip_static module
     HTTP_IMAGE_FILTER=off: Enable http_image_filter module
     HTTP_MP4=off: Enable http_mp4 module
     HTTP_PERL=off: Enable http_perl module
     HTTP_RANDOM_INDEX=off: Enable http_random_index module
     HTTP_REALIP=off: Enable http_realip module
     HTTP_REWRITE=on: Enable http_rewrite module
     HTTP_SECURE_LINK=off: Enable http_secure_link module
     HTTP_SLICE=on: Enable http_slice module
     HTTP_SLICE_AHEAD=off: Enable http_slice_ahead module
     HTTP_SSL=on: Enable http_ssl module
     HTTP_STATUS=on: Enable http_stub_status module
     HTTP_SUB=off: Enable http_sub module
     HTTP_XSLT=off: Enable http_xslt module
     HTTPV2=on: Enable HTTP/2 protocol support (SSL req.)
     STREAM=on: Enable stream module
     STREAM_SSL=on: Enable stream_ssl module (SSL req.)
     STREAM_SSL_PREREAD=on: Enable stream_ssl_preread module (SSL req.)
     AJP=off: 3rd party ajp module
     AWS_AUTH=off: 3rd party aws auth module
     BROTLI=off: 3rd party brotli module
     CACHE_PURGE=off: 3rd party cache_purge module
     CLOJURE=off: 3rd party clojure module
     CT=off: 3rd party cert_transparency module (SSL req.)
     DEVEL_KIT=off: 3rd party Nginx Development Kit module
     ARRAYVAR=off: 3rd party array_var module
     DRIZZLE=off: 3rd party drizzle module
     DYNAMIC_TLS=off: 3rd party dynamic tls records patch
     DYNAMIC_UPSTREAM=off: 3rd party dynamic_upstream module
     ECHO=off: 3rd party echo module
     ENCRYPTSESSION=off: 3rd party encrypted_session module
     FASTDFS=off: 3rd party fastdfs module
     FORMINPUT=off: 3rd party form_input module
     GRIDFS=off: 3rd party gridfs module
     HEADERS_MORE=off: 3rd party headers_more module
     HTTP_ACCEPT_LANGUAGE=off: 3rd party accept_language module
     HTTP_AUTH_DIGEST=off: 3rd party http_authdigest module
     HTTP_AUTH_JWT=off: 3rd party http_auth_jwt module
     HTTP_AUTH_KRB5=off: 3rd party http_auth_gss module
     HTTP_AUTH_LDAP=off: 3rd party http_auth_ldap module
     HTTP_AUTH_PAM=off: 3rd party http_auth_pam module
     HTTP_DAV_EXT=off: 3rd party webdav_ext module
     HTTP_EVAL=off: 3rd party eval module
     HTTP_FANCYINDEX=off: 3rd party http_fancyindex module
     HTTP_FOOTER=off: 3rd party http_footer module
     HTTP_GEOIP2=on: 3rd party geoip2 module
     HTTP_IP2LOCATION=off: 3rd party ip2location-nginx module
     HTTP_IP2PROXY=off: 3rd party ip2proxy-nginx module
     HTTP_JSON_STATUS=off: 3rd party http_json_status module
     HTTP_MOGILEFS=off: 3rd party mogilefs module
     HTTP_MP4_H264=off: 3rd party mp4/h264 module
     HTTP_NOTICE=off: 3rd party notice module
     HTTP_PUSH=off: 3rd party push module
     HTTP_PUSH_STREAM=off: 3rd party push stream module
     HTTP_REDIS=off: 3rd party http_redis module
     HTTP_RESPONSE=off: 3rd party http_response module
     HTTP_SUBS_FILTER=off: 3rd party subs filter module
     HTTP_TARANTOOL=off: 3rd party tarantool upstream module
     HTTP_UPLOAD=off: 3rd party upload module
     HTTP_UPLOAD_PROGRESS=off: 3rd party uploadprogress module
     HTTP_UPSTREAM_CHECK=off: 3rd party upstream check module
     HTTP_UPSTREAM_FAIR=off: 3rd party upstream fair module
     HTTP_UPSTREAM_STICKY=off: 3rd party upstream sticky module
     HTTP_VIDEO_THUMBEXTRACTOR=off: 3rd party video_thumbextractor module
     HTTP_ZIP=off: 3rd party http_zip module
     ICONV=off: 3rd party iconv module
     LET=off: 3rd party let module
     LUA=off: 3rd party lua module
     MEMC=off: 3rd party memc (memcached) module
     MODSECURITY=off: 3rd party mod_security module
     MODSECURITY3=off: 3rd party modsecurity3 module
     NAXSI=off: 3rd party naxsi module
     NJS=on: Enable http_javascript module
     PASSENGER=off: 3rd party passenger module
     POSTGRES=off: 3rd party postgres module
     RDS_CSV=off: 3rd party rds_csv module
     RDS_JSON=off: 3rd party rds_json module
     REDIS2=off: 3rd party redis2 module
     RTMP=off: 3rd party rtmp module
     SET_MISC=off: 3rd party set_misc module
     SFLOW=off: 3rd party sflow module
     SHIBBOLETH=off: 3rd party shibboleth module
     SLOWFS_CACHE=off: 3rd party slowfs_cache module
     SMALL_LIGHT=off: 3rd party small_light module
     SRCACHE=off: 3rd party srcache module
     VOD=off: 3rd party vod module
     VTS=off: 3rd party vts module
     XSS=off: 3rd party xss module
     WEBSOCKIFY=off: 3rd party websockify module
====> GSSAPI implementation (imply HTTP_AUTH_KRB5): you can only select none or one of them
     GSSAPI_BASE=off: GSSAPI support via base system (needs Kerberos)
     GSSAPI_HEIMDAL=off: GSSAPI support via security/heimdal
     GSSAPI_MIT=off: GSSAPI support via security/krb5
===> Use 'make config' to modify these settings
Comment 7 Arnaud de Prelle 2020-01-20 10:49:42 UTC
re-opening topic as issue still present, see above comment.
Comment 8 Jochen Neumeister freebsd_committer 2020-01-20 10:55:48 UTC
on 11.3, 12.1 and CURRENT no Problems
Comment 9 Arnaud de Prelle 2020-01-20 11:03:25 UTC
(In reply to Jochen Neumeister from comment #8)
Okay... Thanks Jochen for the feedback.
I'll investigate further then.
Note that I never had issue compiling nginx before.
This issue just appeared when adding the NJS module.
Comment 10 Jochen Neumeister freebsd_committer 2020-01-20 11:14:28 UTC
Before I released version 1.16.1_9 on Saturday, everything was tested in poudriere (11.3, 12.1 and CURRENT (amd64 and i386)) and in VMs (11.3, 12.1 and CURRENT on amd64) with all options on YES. I could not find any error here. I can never show you poudriere links here :)
Even a new test VM did not show me the error :-(
Comment 11 Jochen Neumeister freebsd_committer 2020-01-20 11:15:52 UTC
ooops ich mean, i can show you the poudriere logs :-)
Comment 12 Arnaud de Prelle 2020-01-20 11:28:01 UTC
(In reply to Jochen Neumeister from comment #10)
Thanks for the clarifications !

I don't have all options set to YES though but I guess it won't have a positive impact on building this NJS module in my case.
Comment 13 Kirill 2020-01-20 14:38:05 UTC
Maybe you have CFLAGS="-w" in your make.conf...
Comment 14 Kirill 2020-01-20 16:21:03 UTC
Main thing, you need use openssl from ports:

DEFAULT_VERSIONS+= ssl=openssl
Comment 15 Arnaud de Prelle 2020-01-21 08:18:29 UTC
(In reply to kuPyxa from comment #13)
Hello kuPyxa,

My make.conf has been provided in the description of the issue when creating this ticket.

As you can see, no CFLAGS is set and I'm well using OpenSSL from ports.
Comment 16 Kirill 2020-01-21 16:21:55 UTC
I mean that this problem appears if you are using Openssl from ports