Re: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops

From: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>
To: rsbecker@nexbridge.com
Cc: 'Junio C Hamano' <gitster@pobox.com>,
	'Git Mailing List' <git@vger.kernel.org>,
	git-packagers@googlegroups.com,
	"brian m. carlson" <sandals@crustytoothpaste.net>
Subject: Re: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops
Date: Mon, 4 Apr 2022 21:28:26 -0700	[thread overview]
Message-ID: <20220405042826.56vyilttx3lo4scv@carlos-mbp.lan> (raw)
In-Reply-To: <035b01d84899$3cdc5b20$b6951160$@nexbridge.com>

On Mon, Apr 04, 2022 at 10:59:54PM -0400, rsbecker@nexbridge.com wrote:
> On April 4, 2022 8:54 PM, Carlo Marcelo Arenas Belón wrote:
> >On Mon, Apr 04, 2022 at 05:26:10PM -0700, Carlo Marcelo Arenas Belón wrote:
> >> On Mon, Apr 04, 2022 at 06:40:35PM -0400, rsbecker@nexbridge.com wrote:
> >> > On April 4, 2022 6:33 PM, Junio C Hamano wrote:
> >> > >To: Randall S. Becker <rsbecker@nexbridge.com>
> >> > >Cc: Git Mailing List <git@vger.kernel.org>;
> >> > >git-packagers@googlegroups.com
> >> > >Subject: Re: [ANNOUNCE] Git v2.36.0-rc0 - Build failure on NonStops
> >> > >
> >> > >CSPRNG_METHOD?
> >> >
> >> > We already have
> >> >
> >> >         CSPRNG_METHOD = openssl
> >> >
> >> > In the config for NonStop. Should that not have worked?
> >>
> >> only if you are not telling your openssl to hide that function[1]
> >>
> >> Carlo
> >>
> >> [1] https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html
> >
> >nevermind, it seems we forgot to track this header somehow, so will need
> >something like (untested and likely to need changes to support NO_OPENSSL)
> >
> >Carlo
> >--- >8 ---
> >diff --git a/git-compat-util.h b/git-compat-util.h index 4d444dca274..68a9b9cd975
> >100644
> >--- a/git-compat-util.h
> >+++ b/git-compat-util.h
> >@@ -525,6 +525,10 @@ void warning_errno(const char *err, ...)
> >__attribute__((format (printf, 1, 2)));  #include <openssl/x509v3.h>  #endif /*
> >NO_OPENSSL */
> >
> >+#ifdef HAVE_OPENSSL_CSPRNG
> >+#include <openssl/rand.h>
> >+#endif
> >+
> > /*
> >  * Let callers be aware of the constant return value; this can help
> >  * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though,
> 
> I was able to make the build work, adding the above patch and libcrypto.so and libssl.so to our LDFLAGS.

Adding libcrypto wasn't enough?; of course it will depend on your linker
but when tested in Linux and macOS the only "U" symbol that got pulled
was RAND_bytes and -lcrypto was all that was needed.

Official patch including both libraries below, but it would be ideal to
only pull one if possible.

Carlo
-- >8 --
Subject: [PATCH] git-compat-util: really support openssl as a source of entropy

05cd988dce5 (wrapper: add a helper to generate numbers from a CSPRNG,
2022-01-17), configure openssl as the source for entropy in NON-STOP
but doesn't add the needed header or link options.

Since the only system that is configured to use openssl as a source
of entropy is NON-STOP, add the header unconditionally, and -lcrypto
to the list of external libraries.

An additional change is required to make sure a NO_OPENSSL=1 build
will be able to work as well (tested on Linux with a modified value
of CSPRNG_METHOD = openssl), and the more complex logic that allows
for compatibility with APPLE_COMMON_CRYPTO or allowing for simpler
ways to link (without libssl) has been punted for now.

Reported-by: Randall Becker <rsbecker@nexbridge.com>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
 Makefile          | 1 +
 git-compat-util.h | 4 ++++
 imap-send.c       | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 91738485626..f8bccfab5e9 100644
--- a/Makefile
+++ b/Makefile
@@ -1972,6 +1972,7 @@ endif
 
 ifneq ($(findstring openssl,$(CSPRNG_METHOD)),)
 	BASIC_CFLAGS += -DHAVE_OPENSSL_CSPRNG
+	EXTLIBS += -lcrypto -lssl
 endif
 
 ifneq ($(PROCFS_EXECUTABLE_PATH),)
diff --git a/git-compat-util.h b/git-compat-util.h
index 4d444dca274..68a9b9cd975 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -525,6 +525,10 @@ void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2)));
 #include <openssl/x509v3.h>
 #endif /* NO_OPENSSL */
 
+#ifdef HAVE_OPENSSL_CSPRNG
+#include <openssl/rand.h>
+#endif
+
 /*
  * Let callers be aware of the constant return value; this can help
  * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though,
diff --git a/imap-send.c b/imap-send.c
index 5ac6fa9c664..a50af56b827 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -27,7 +27,7 @@
 #include "exec-cmd.h"
 #include "run-command.h"
 #include "parse-options.h"
-#ifdef NO_OPENSSL
+#if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG)
 typedef void *SSL;
 #endif
 #ifdef USE_CURL_FOR_IMAP_SEND
-- 
2.35.1.505.g27486cd1b2d

