Bug 248049 - security/yubico-piv-tool: Fails to build under 11.3-RELEASE with DEFAULT_VERSIONS=ssl=openssl
Summary: security/yubico-piv-tool: Fails to build under 11.3-RELEASE with DEFAULT_VERS...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Craig Leres
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-17 17:10 UTC by Craig Leres
Modified: 2020-08-30 06:01 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ume)


Attachments
patch (3.29 KB, patch)
2020-07-17 17:10 UTC, Craig Leres
leres: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Leres freebsd_committer 2020-07-17 17:10:23 UTC
From the poudriere build log:

    /usr/local/libexec/ccache/cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing -w -Wall -Wextra -Werror -Wshadow -Wwrite-strings -Wmissing-prototypes -Wbad-function-cast -pedantic -fstack-protector-all -std=c99 -Wshorten-64-to-32 -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing   -Wl,-rpath,/usr/local/lib -fstack-protector-strong CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o CMakeFiles/yubico-piv-tool.dir/cmdline.c.o  -o yubico-piv-tool  -Wl,-rpath,/wrkdirs/usr/ports/security/yubico-piv-tool/work/.build/lib: -L/usr/local/lib -lcrypto -L/usr/local/lib -pthread ../lib/libykpiv.so.2.1.0 -lpcsclite 
    CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o: In function `main':
    yubico-piv-tool.c:(.text+0x401): undefined reference to `OPENSSL_add_all_algorithms_noconf'
    yubico-piv-tool.c:(.text+0x1bde): undefined reference to `EVP_MD_CTX_create'
    yubico-piv-tool.c:(.text+0x1c6f): undefined reference to `EVP_MD_CTX_destroy'
    yubico-piv-tool.c:(.text+0x2a1b): undefined reference to `sk_new_null'
    yubico-piv-tool.c:(.text+0x31dc): undefined reference to `sk_pop_free'
    yubico-piv-tool.c:(.text+0x356d): undefined reference to `sk_pop_free'
    yubico-piv-tool.c:(.text+0x4774): undefined reference to `EVP_MD_CTX_create'
    yubico-piv-tool.c:(.text+0x4849): undefined reference to `EVP_MD_CTX_destroy'
    yubico-piv-tool.c:(.text+0x4be2): undefined reference to `EVP_cleanup'
    CMakeFiles/yubico-piv-tool.dir/yubico-piv-tool.c.o: In function `add_ext':
    yubico-piv-tool.c:(.text+0x4cb5): undefined reference to `sk_push'

r541879 adds a patch that disables an openssl cmake module from being invoked. But on 11.3 at least if some other package dependency pulls in openssl, yubico-piv-tool is built with openssl 1.0 includes from base and openssl 1.1 libraries from the port.

This is not a compile time problem on 12.1 because the base version of openssl is 1.1 (but there is no guarantee there are not other issues caused by the mixing of includes and libraries).

I think yubico-piv-tool needs to always run the cmake libcrypt checks in case openssl is installed in /usr/local. The patch replaces patch-CMakeLists.txt and makes the cmake checks for libcrypto optional.
Comment 1 Craig Leres freebsd_committer 2020-07-17 17:10:58 UTC
Created attachment 216517 [details]
patch
Comment 2 commit-hook freebsd_committer 2020-07-31 19:53:58 UTC
A commit references this bug:

Author: leres
Date: Fri Jul 31 19:53:38 UTC 2020
New revision: 543880
URL: https://svnweb.freebsd.org/changeset/ports/543880

Log:
  security/yubico-piv-tool: Unbreak build on FreeBSD 11 with DEFAULT_VERSIONS=ssl=openssl

  r541879 adds a patch that disables an openssl cmake module from
  being invoked. But on 11.3 at least if some other package dependency
  pulls in openssl (or DEFAULT_VERSIONS has ssl=openssl), yubico-piv-tool
  is built with openssl 1.0 includes from base and openssl 1.1 libraries
  from the port; this fails due to openssl API changes between 1.0
  and 1.1 (e.g. EVP_MD_CTX_create() became EVP_MD_CTX_new()).

  This is not a compile time problem on 12.1 because the base version
  of openssl is 1.1 (but there is no guarantee there are not other
  issues caused by the mixing of includes and libraries).

  Replace the CMakeLists.txt patch with one for patch-cmake_openssl.cmake
  that the cmake checks for openssl/libcrypto optional. This ensures
  that openssl includes and libraries are not mixed between the base
  and ports versions.

  PR:		248049
  Approved by:	ume (maintainer timeout, 2 weeks)

Changes:
  head/security/yubico-piv-tool/files/patch-CMakeLists.txt
  head/security/yubico-piv-tool/files/patch-cmake_openssl.cmake
Comment 3 Craig Leres freebsd_committer 2020-08-30 06:01:02 UTC
The fix has been committed.