RE: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <rsbecker@nexbridge.com>
To: "'Carlo Marcelo Arenas Belón'" <carenas@gmail.com>
Cc: "'Junio C Hamano'" <gitster@pobox.com>,
	"'Git Mailing List'" <git@vger.kernel.org>,
	<git-packagers@googlegroups.com>,
	"'brian m. carlson'" <sandals@crustytoothpaste.net>,
	"'Neeraj Singh'" <nksingh85@gmail.com>
Subject: RE: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops
Date: Tue, 5 Apr 2022 08:33:23 -0400	[thread overview]
Message-ID: <038001d848e9$5a9c4440$0fd4ccc0$@nexbridge.com> (raw)
In-Reply-To: <20220405042826.56vyilttx3lo4scv@carlos-mbp.lan>

On April 5, 2022 12:28 AM, Carlo Marcelo Arenas Belón wrote:
>On Mon, Apr 04, 2022 at 10:59:54PM -0400, rsbecker@nexbridge.com wrote:
>> On April 4, 2022 8:54 PM, Carlo Marcelo Arenas Belón wrote:
>> >On Mon, Apr 04, 2022 at 05:26:10PM -0700, Carlo Marcelo Arenas Belón wrote:
>> >> On Mon, Apr 04, 2022 at 06:40:35PM -0400, rsbecker@nexbridge.com wrote:
>> >> > On April 4, 2022 6:33 PM, Junio C Hamano wrote:
>> >> > >To: Randall S. Becker <rsbecker@nexbridge.com>
>> >> > >Cc: Git Mailing List <git@vger.kernel.org>;
>> >> > >git-packagers@googlegroups.com
>> >> > >Subject: Re: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on
>> >> > >NonStops
>> >> > >
>> >> > >CSPRNG_METHOD?
>> >> >
>> >> > We already have
>> >> >
>> >> >         CSPRNG_METHOD = openssl
>> >> >
>> >> > In the config for NonStop. Should that not have worked?
>> >>
>> >> only if you are not telling your openssl to hide that function[1]
>> >>
>> >> Carlo
>> >>
>> >> [1] https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html
>> >
>> >nevermind, it seems we forgot to track this header somehow, so will
>> >need something like (untested and likely to need changes to support
>> >NO_OPENSSL)
>> >
>> >Carlo
>> >--- >8 ---
>> >diff --git a/git-compat-util.h b/git-compat-util.h index
>> >4d444dca274..68a9b9cd975
>> >100644
>> >--- a/git-compat-util.h
>> >+++ b/git-compat-util.h
>> >@@ -525,6 +525,10 @@ void warning_errno(const char *err, ...)
>> >__attribute__((format (printf, 1, 2)));  #include <openssl/x509v3.h>
>> >#endif /* NO_OPENSSL */
>> >
>> >+#ifdef HAVE_OPENSSL_CSPRNG
>> >+#include <openssl/rand.h>
>> >+#endif
>> >+
>> > /*
>> >  * Let callers be aware of the constant return value; this can help
>> >  * gcc with -Wuninitialized analysis. We restrict this trick to gcc,
>> > though,
>>
>> I was able to make the build work, adding the above patch and libcrypto.so and
>libssl.so to our LDFLAGS.
>
>Adding libcrypto wasn't enough?; of course it will depend on your linker but when
>tested in Linux and macOS the only "U" symbol that got pulled was RAND_bytes
>and -lcrypto was all that was needed.
>
>Official patch including both libraries below, but it would be ideal to only pull one if
>possible.
>
>Carlo
>-- >8 --
>Subject: [PATCH] git-compat-util: really support openssl as a source of entropy
>
>05cd988dce5 (wrapper: add a helper to generate numbers from a CSPRNG, 2022-
>01-17), configure openssl as the source for entropy in NON-STOP but doesn't add
>the needed header or link options.
>
>Since the only system that is configured to use openssl as a source of entropy is
>NON-STOP, add the header unconditionally, and -lcrypto to the list of external
>libraries.
>
>An additional change is required to make sure a NO_OPENSSL=1 build will be able
>to work as well (tested on Linux with a modified value of CSPRNG_METHOD =
>openssl), and the more complex logic that allows for compatibility with
>APPLE_COMMON_CRYPTO or allowing for simpler ways to link (without libssl) has
>been punted for now.
>
>Reported-by: Randall Becker <rsbecker@nexbridge.com>
>Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
>---
> Makefile          | 1 +
> git-compat-util.h | 4 ++++
> imap-send.c       | 2 +-
> 3 files changed, 6 insertions(+), 1 deletion(-)
>
>diff --git a/Makefile b/Makefile
>index 91738485626..f8bccfab5e9 100644
>--- a/Makefile
>+++ b/Makefile
>@@ -1972,6 +1972,7 @@ endif
>
> ifneq ($(findstring openssl,$(CSPRNG_METHOD)),)
> 	BASIC_CFLAGS += -DHAVE_OPENSSL_CSPRNG
>+	EXTLIBS += -lcrypto -lssl
> endif
>
> ifneq ($(PROCFS_EXECUTABLE_PATH),)
>diff --git a/git-compat-util.h b/git-compat-util.h index 4d444dca274..68a9b9cd975
>100644
>--- a/git-compat-util.h
>+++ b/git-compat-util.h
>@@ -525,6 +525,10 @@ void warning_errno(const char *err, ...)
>__attribute__((format (printf, 1, 2)));  #include <openssl/x509v3.h>  #endif /*
>NO_OPENSSL */
>
>+#ifdef HAVE_OPENSSL_CSPRNG
>+#include <openssl/rand.h>
>+#endif
>+
> /*
>  * Let callers be aware of the constant return value; this can help
>  * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, diff --git
>a/imap-send.c b/imap-send.c index 5ac6fa9c664..a50af56b827 100644
>--- a/imap-send.c
>+++ b/imap-send.c
>@@ -27,7 +27,7 @@
> #include "exec-cmd.h"
> #include "run-command.h"
> #include "parse-options.h"
>-#ifdef NO_OPENSSL
>+#if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG)
> typedef void *SSL;
> #endif
> #ifdef USE_CURL_FOR_IMAP_SEND
>--
>2.35.1.505.g27486cd1b2d

Will retest when this has been rolled into rc1. Thanks
Randall

next prev parent reply	other threads:[~2022-04-05 15:00 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-04 22:30 [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops rsbecker
2022-04-04 22:32 ` Junio C Hamano
2022-04-04 22:40   ` rsbecker
2022-04-05  0:26     ` Carlo Marcelo Arenas Belón
2022-04-05  0:54       ` Carlo Marcelo Arenas Belón
2022-04-05  2:59         ` rsbecker
2022-04-05  4:28           ` Carlo Marcelo Arenas Belón
2022-04-05  8:10             ` brian m. carlson
2022-04-05 22:47               ` Carlo Arenas
2022-04-05 23:09                 ` rsbecker
2022-04-06 16:04               ` Junio C Hamano
2022-04-05 12:33             ` rsbecker [this message]
2022-04-05  1:56       ` rsbecker
2022-04-06 16:14     ` Junio C Hamano
2022-04-06 16:23       ` rsbecker
2022-04-06 19:37         ` Junio C Hamano
2022-04-06 22:32           ` rsbecker
2022-04-06 20:01       ` rsbecker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='038001d848e9$5a9c4440$0fd4ccc0$@nexbridge.com' \
    --to=rsbecker@nexbridge.com \
    --cc=carenas@gmail.com \
    --cc=git-packagers@googlegroups.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=nksingh85@gmail.com \
    --cc=sandals@crustytoothpaste.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.