Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libressl: 2.9.0 -> 2.9.1 #60925

Merged
merged 3 commits into from May 7, 2019
Merged

libressl: 2.9.0 -> 2.9.1 #60925

merged 3 commits into from May 7, 2019

Conversation

ruuda
Copy link
Contributor

@ruuda ruuda commented May 4, 2019

Motivation for this change

LibreSSL upstream released version 2.9.1, a stable release in the 2.9 series.

Things done

Just bumping the version was not enough, 2.9.1 would not build. Buildroot ran into the same issue, and resolved it in buildroot/buildroot@e783d60 by switching to CMake, so I did the same here.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

I did test compiling nginx and acme-client against the new libressl_2_9.

ruuda added 3 commits May 4, 2019 15:07
@ruuda
libressl_2_9: 2.9.0 -> 2.9.1
3415872 
This new version does not build as-is, it will need to be patched.
@ruuda
libressl: build with cmake
8c7cde5 
LibreSSL 2.9.1 no longer builds with the default autotools configuration.
When I searched for the error, I noticed that Buildroot ran into the
same issue, and they resolved the problem by building with CMake rather
than autotools. [1] I followed the same approach here.

[1]: buildroot/buildroot@e783d60
@ruuda
libressl: ensure we can link against libtls
5f594be 
Without setting BUILD_SHARED_LIBS, the package would build file, but
when linking it into acme-client or nginx, I got the following error:

    libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5'
    binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status

After looking at the CMakeLists.txt in libressl/tls, I noticed the
BUILD_SHARED_LIBS option, and setting it resolves the linking error.
@ofborg ofborg bot requested review from globin, fpletz and thoughtpolice May 4, 2019 17:13
@thoughtpolice
Copy link
Member

@GrahamcOfBorg build libressl

c0bw3b
c0bw3b approved these changes May 7, 2019
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Result of nix-review pr 60925 1 on NixOS 19.03

1 package failed to build:
  • linux-steam-integration (netcat-openbsd ,openntpd_nixos ,s6-networking)
23 package were build:
  • acme-client (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • foundationdb (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • h2o (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • libressl (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • libressl_2_7 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • libressl_2_9 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • mydumper (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • netcat (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • openntpd (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • opensmtpd (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • pony-stable (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • ponyc (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • powerdns (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python27Packages.foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python27Packages.foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python27Packages.foundationdb60 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python37Packages.foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python37Packages.foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • python37Packages.foundationdb60 (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • s6Networking (netcat-openbsd ,openntpd_nixos ,s6-networking)
  • twa (netcat-openbsd ,openntpd_nixos ,s6-networking)

The Steam runtime fails to build only because no mirrors can provide the sources, not because it fails to build.

thoughtpolice
thoughtpolice requested changes May 7, 2019
View reviewed changes
Copy link
Member

@thoughtpolice thoughtpolice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately the Darwin failure seems legit: Hydra #92909558 succeeded for x86_64-darwin but 2.9.1 fails with:

Undefined symbols for architecture x86_64:
  "_clock_gettime", referenced from:
      _app_timer_real in apps_posix.c.o

I assume that something in libressl's cmake build is getting confused and an otherwise correct #ifdef was triggered improperly, perhaps? But then there's the question of why it would even get to the link phase at all, since the lack of a function prototype should throw an error/warning instantly (maybe they define their own clock_gettime prototype?)

@thoughtpolice
Copy link
Member

Actually, from some research, clock_gettime should be defined in macOS since 10.12's SDK, so this is probably some fluke in the build expression that we're missing.

So I think we need a Darwin(R) Expert(TM) to help debug this case.

@thoughtpolice
Copy link
Member

Actually, as @matthewbauer pointed out on IRC, I am stupid since I chose the wrong derivation to build. (It could also be a mac builder issue). Let's try again.

@thoughtpolice
Copy link
Member

@GrahamcOfBorg build libressl_2_9

@thoughtpolice
Copy link
Member

Yeah, we're in the clear. Thanks again @ruuda, sorry for the wait on this.

@thoughtpolice thoughtpolice merged commit 27fd944 into NixOS:master May 7, 2019
@ruuda
Copy link
Contributor Author

ruuda commented May 8, 2019

No problem, thanks for checking thoroughly!

@ruuda ruuda deleted the libressl-291 branch October 6, 2022 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thoughtpolice thoughtpolice thoughtpolice requested changes

@c0bw3b c0bw3b c0bw3b approved these changes

@globin globin Awaiting requested review from globin

@fpletz fpletz Awaiting requested review from fpletz

Assignees
No one assigned
Labels
10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ruuda @thoughtpolice @c0bw3b