Re: 01/02: gnu: libressl: Update to 2.5.3.

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: 01/02: gnu: libressl: Update to 2.5.3.
Date: Thu, 13 Apr 2017 17:08:29 +0200	[thread overview]
Message-ID: <87mvbkny4y.fsf@gnu.org> (raw)
In-Reply-To: <20170412152029.GA5920@jasmine> (Leo Famulari's message of "Wed, 12 Apr 2017 11:20:29 -0400")

[-- Attachment #1: Type: text/plain, Size: 1402 bytes --]

Leo Famulari <leo@famulari.name> skribis:

> This is libressl-portable bug #290:
>
> https://github.com/libressl-portable/portable/issues/290
>
> There is a problem with using getentropy() or getrandom() from
> glibc-2.25 with Linux < 3.17, when these syscalls where introduced.
> Basically, glibc will return ENOSYS, which applications are not handling
> properly.
>
> I expect the build to succeed on armhf, where I believe the builders
> have kernels > 3.17.
>
> In the case of libressl, the developers have closed as WONTFIX, although
> perhaps they could be persuaded to make libressl handle ENOSYS somehow.
>
> Cpython hit the same problem, and they worked around it. This means that
> the Python interpreters Hydra builds for x86_64 and i686 not use the new
> getentropy() / getrandom() syscalls, even though many Guix users and
> probably all GuixSD users have more recent kernels:
>
> https://bugs.python.org/issue29157
>
> Can we disable the build on Hydra without marking the package as
> non-substitutable?

A simple approach is to force LibreSSL to always use its non-getentropy
code, and lift this restriction once we clearly require newer kernels¹.
The attached patch does that.

Thoughts?

Thanks,
Ludo’.

¹ We currently build libc with "--enable-kernel=2.6.32", and this is
  pretty much what defines our minimal kernel version requirement.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 711 bytes --]

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1c99a3ad7..5fe35a535 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -442,6 +442,10 @@ required structures.")
        (base32
         "0c4awq45cl757fv7f7f75i5i0ibc6v7ns13n7xvfak7chv2lrqql"))))
     (build-system gnu-build-system)
+    (arguments
+     ;; Do as if 'getentropy' was missing since older Linux kernels lack it
+     ;; and libc would return ENOSYS, which is not properly handled.
+     '(#:configure-flags '("ac_cv_func_getentropy=no")))
     (native-search-paths
       ;; FIXME: These two variables must designate a single file or directory
       ;; and are not actually "search paths."  In practice it works OK in

next prev parent reply	other threads:[~2017-04-13 15:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20170412011114.29557.46901@vcs0.savannah.gnu.org>
     [not found] ` <20170412011115.CE2FF220BE@vcs0.savannah.gnu.org>
2017-04-12  9:15   ` 01/02: gnu: libressl: Update to 2.5.3 Mark H Weaver
2017-04-12 15:20     ` Leo Famulari
2017-04-13 15:08       ` Ludovic Courtès [this message]
2017-04-13 18:59         ` Leo Famulari
2017-04-13 20:18           ` Leo Famulari
2017-04-14 12:43           ` Ludovic Courtès
2017-04-14 16:48             ` Leo Famulari
2017-04-14 18:07           ` Mark H Weaver
2017-04-19 20:12             ` Ludovic Courtès

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1c99a3ad dfblob:5fe35a53 )
 OR (
bs:"Re: 01/02: gnu: libressl: Update to 2.5.3." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mvbkny4y.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=guix-devel@gnu.org \
    --cc=leo@famulari.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).