New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libressl: 2.9.0 -> 2.9.1 #60925
libressl: 2.9.0 -> 2.9.1 #60925
Conversation
This new version does not build as-is, it will need to be patched.
LibreSSL 2.9.1 no longer builds with the default autotools configuration. When I searched for the error, I noticed that Buildroot ran into the same issue, and they resolved the problem by building with CMake rather than autotools. [1] I followed the same approach here. [1]: buildroot/buildroot@e783d60
Without setting BUILD_SHARED_LIBS, the package would build file, but when linking it into acme-client or nginx, I got the following error: libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5' binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status After looking at the CMakeLists.txt in libressl/tls, I noticed the BUILD_SHARED_LIBS option, and setting it resolves the linking error.
@GrahamcOfBorg build libressl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Result of nix-review pr 60925
1 on NixOS 19.03
1 package failed to build:
- linux-steam-integration (netcat-openbsd ,openntpd_nixos ,s6-networking)
23 package were build:
- acme-client (netcat-openbsd ,openntpd_nixos ,s6-networking)
- foundationdb (netcat-openbsd ,openntpd_nixos ,s6-networking)
- foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- h2o (netcat-openbsd ,openntpd_nixos ,s6-networking)
- libressl (netcat-openbsd ,openntpd_nixos ,s6-networking)
- libressl_2_7 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- libressl_2_9 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- mydumper (netcat-openbsd ,openntpd_nixos ,s6-networking)
- netcat (netcat-openbsd ,openntpd_nixos ,s6-networking)
- openntpd (netcat-openbsd ,openntpd_nixos ,s6-networking)
- opensmtpd (netcat-openbsd ,openntpd_nixos ,s6-networking)
- pony-stable (netcat-openbsd ,openntpd_nixos ,s6-networking)
- ponyc (netcat-openbsd ,openntpd_nixos ,s6-networking)
- powerdns (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python27Packages.foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python27Packages.foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python27Packages.foundationdb60 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python37Packages.foundationdb51 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python37Packages.foundationdb52 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- python37Packages.foundationdb60 (netcat-openbsd ,openntpd_nixos ,s6-networking)
- s6Networking (netcat-openbsd ,openntpd_nixos ,s6-networking)
- twa (netcat-openbsd ,openntpd_nixos ,s6-networking)
The Steam runtime fails to build only because no mirrors can provide the sources, not because it fails to build.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately the Darwin failure seems legit: Hydra #92909558 succeeded for x86_64-darwin
but 2.9.1 fails with:
Undefined symbols for architecture x86_64:
"_clock_gettime", referenced from:
_app_timer_real in apps_posix.c.o
I assume that something in libressl's cmake build is getting confused and an otherwise correct #ifdef
was triggered improperly, perhaps? But then there's the question of why it would even get to the link phase at all, since the lack of a function prototype should throw an error/warning instantly (maybe they define their own clock_gettime
prototype?)
Actually, from some research, So I think we need a Darwin(R) Expert(TM) to help debug this case. |
Actually, as @matthewbauer pointed out on IRC, I am stupid since I chose the wrong derivation to build. (It could also be a mac builder issue). Let's try again. |
@GrahamcOfBorg build libressl_2_9 |
Yeah, we're in the clear. Thanks again @ruuda, sorry for the wait on this. |
No problem, thanks for checking thoroughly! |
Motivation for this change
LibreSSL upstream released version 2.9.1, a stable release in the 2.9 series.
Things done
Just bumping the version was not enough, 2.9.1 would not build. Buildroot ran into the same issue, and resolved it in buildroot/buildroot@e783d60 by switching to CMake, so I did the same here.
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)I did test compiling
nginx
andacme-client
against the newlibressl_2_9
.