On Fri, 19 Jul 2024 at 15:21, Jonathan Wakely <jwak...@redhat.com> wrote:
>
> On Fri, 19 Jul 2024 at 12:29, Zbigniew Jędrzejewski-Szmek
> <zbys...@in.waw.pl> wrote:
> >
> > On Fri, Jul 19, 2024 at 12:06:21PM +0100, Richard W.M. Jones wrote:
> > > Zbigniew (correctly) added this patch to nbdkit:
> > >
> > >
> > > https://src.fedoraproject.org/rpms/nbdkit/c/6b18b74749efbe1f618ea4bc010b56277157b0ac?branch=rawhide
> > >
> > > I was wondering what it was for because we don't use openssl at all.
> > > However when I rebuild nbdkit without the BuildRequires, it fails [see
> > > below].
> > >
> > > It seems the _real_ problem may be that either boost-devel or
> > > rb_libtorrent-devel should runtime Requires: openssl-devel-engine?
> > >
> > > However I'm not confident enough to say for sure if I should file a
> > > bug in those packages (or which one to open a bug against). I also
> > > have no idea what openssl "engine" is.
> > >
> > > Can anyone help on this?
> > >
> > > Rich.
> > >
> > > Failed build:
> > > https://koji.fedoraproject.org/koji/taskinfo?taskID=120734527
> > >
> > > /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I.
> > > -I../../../plugins/torrent -I../.. -I../../../include -I../../include
> > > -I../../../common/include -I../../../common/utils -I. -pthread
> > > -fexceptions -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO
> > > -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO
> > > -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects
> > > -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
> > > -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
> > > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
> > > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64
> > > -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
> > > -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer
> > > -mno-omit-leaf-frame-pointer -c -o nbdkit_torrent_plugin_la-torrent.lo
> > > `test -f 'torrent.cpp' || echo '../../../plugins/torrent/'`torrent.cpp
> > > libtool: compile: g++ -DHAVE_CONFIG_H -I. -I../../../plugins/torrent
> > > -I../.. -I../../../include -I../../include -I../../../common/include
> > > -I../../../common/utils -I. -pthread -fexceptions
> > > -DTORRENT_LINKING_SHARED -DBOOST_ASIO_ENABLE_CANCELIO
> > > -DBOOST_ASIO_NO_DEPRECATED -DTORRENT_USE_OPENSSL -DTORRENT_USE_LIBCRYPTO
> > > -DTORRENT_SSL_PEERS -DOPENSSL_NO_SSL2 -O2 -flto=auto -ffat-lto-objects
> > > -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security
> > > -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS
> > > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong
> > > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64
> > > -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
> > > -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer
> > > -mno-omit-leaf-frame-pointer -c ../../../plugins/torrent/torrent.cpp
> > > -fPIC -DPIC -o .libs/nbdkit_torrent_plugin_la-torrent.o
> > > make[3]: Leaving directory
> > > '/builddir/build/BUILD/nbdkit-1.39.10-build/nbdkit-1.39.10/build_native/plugins/torrent'
> > > In file included from /usr/include/boost/asio/ssl/context_base.hpp:19,
> > > from /usr/include/boost/asio/ssl/context.hpp:23,
> > > from /usr/include/boost/asio/ssl.hpp:18,
> > > from /usr/include/libtorrent/ssl.hpp:67,
> > > from /usr/include/libtorrent/tracker_manager.hpp:69,
> > > from /usr/include/libtorrent/alert_types.hpp:69,
> > > from ../../../plugins/torrent/torrent.cpp:48:
> > > /usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error:
> > > openssl/engine.h: No such file or directory
> > > 26 | # include <openssl/engine.h>
> > > | ^~~~~~~~~~~~~~~~~~
> > > compilation terminated.
> >
> > /usr/include/boost/asio/ssl/detail/openssl_types.hpp has
> > #if !defined(OPENSSL_NO_ENGINE)
> > # include <openssl/engine.h>
> > #endif // !defined(OPENSSL_NO_ENGINE)
> > so it looks like boost-devel itself is fine with openssl-devel-engine
> > not being installed, so I don't think the package add the dependency.
> >
> > Similarly, it seems that rb_libtorrent does't specifically care about
> > openssl engines in any way, so I don't think the package add the
> > dependency.
> >
> > Thus, it seems that it's up to the "leaf" package including those
> > headers to decide whether to include with openssl engine headers
> > enabled. And to "decide", each package must either opt-in by pulling
> > in openssl-devel-engine or define OPENSSL_NO_ENGINE.
>
>
> Agreed. Boost Asio will use openssl engine if the user wants it to,
> and it will not use it if the user doesn't want it to. So Boost Asio
> does *not* depend on openssl-engine. It leaves the decision up to the
> users of asio headers.
>
> We should not force all users of boost-devel to install a deprecated package.
It seems like the problem is that openssl assumes you want to use
engines *unless* you explicitly define OPENSSL_NO_ENGINE. But the
default is to assume you want them. Which is a problem when the
headers and libs aren't installed by default.
We can patch Boost.Asio like so:
--- /usr/include/boost/asio/ssl/detail/openssl_types.hpp
2024-06-07 01:00:00.000000000 +0100
+++ /tmp/openssl_types.hpp 2024-07-19 15:25:40.110115742 +0100
@@ -22,7 +22,7 @@
#endif // defined(BOOST_ASIO_USE_WOLFSSL)
#include <openssl/conf.h>
#include <openssl/ssl.h>
-#if !defined(OPENSSL_NO_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE) && __has_include(<openssl/engine.h>)
# include <openssl/engine.h>
#endif // !defined(OPENSSL_NO_ENGINE)
#include <openssl/dh.h>
(and similarly in the other Asio ehaders that check OPENSSL_NO_ENGINE)
This would mean that you can define OPENSSL_NO_ENGINE to disable
engines, but they're automatically disabled if you don't have the
header installed.
Even better would be for openssl/conf.h to do it:
--- /usr/include/openssl/conf.h 2023-08-31 01:00:00.000000000 +0100
+++ /tmp/conf.h 2024-07-19 15:27:57.513979007 +0100
@@ -31,6 +31,10 @@
# include <stdio.h>
# endif
+#if ! __has_include(<openssl/engine.h>)
+# define OPENSSL_NO_ENGINE
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
