openssl @3_15 breaks the various ports including ntp, openssh and git

[RobK88]

After upgrading openssl to @3_15 (and after upgrading openssl3) yesterday, the ntp port no longer works on Lion and Mtn Lion.

bash-3.2$ ntpq -p
ntpq: read: Connection refused

bash-3.2$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ ntpq -p
ntpq: read: Connection refused
 
bash-3.2$ ntpstat
Unable to talk to NTP daemon. Is it running?

bash-3.2$ ps -ax | grep ntp 
 1100 ttys000    0:00.00 grep ntp

bash-3.2$ ps -ax | grep ntp | grep -v ntp
bash-3.2$

I have also tried rebooting but no change. The ntp daemon will not launch.

In addition, the openssh port no longer works. (see #68763)

It looks like the cause of the broken ports is openssl.

[RobK88]

It looks like openssl @3_15 does NOT break the ntp port and the openssh port on High Sierra. ntp and openssh still work fine on my mac running High Sierra.

The latest openssl @3_15 only breaks ntp and openssh on older Mac OSs.

[RobK88]

opensssl @3_15 also appears to break git on Lion

rob$ git pull origin master
fatal: unable to access 'https://github.com/RobK88/macports-ports.git/': Insufficient randomness

[RobK88]

The problem is definitely with the latest version of openssl and openssl3.

I reverted to the previous version of openssl and openssl3 by copying the previous Portfiles into my local repo. And I then reinstalled the previous versions of openssl and openssl3. Now the ntp and git ports work properly on Lion.

bash-3.2$ sudo port install openssl
Password:
--->  Computing dependencies for openssl
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @3_14
--->  Deactivating openssl @3_15+universal
--->  Cleaning openssl
--->  Activating openssl @3_14
--->  Cleaning openssl
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  No broken files found.                             
--->  No broken ports found.
bash-3.2$ 
bash-3.2$ sudo port install openssl3
--->  Computing dependencies for openssl3
--->  Fetching distfiles for openssl3
--->  Verifying checksums for openssl3
--->  Extracting openssl3
--->  Configuring openssl3
--->  Building openssl3                                  
--->  Staging openssl3 into destroot                     
--->  Installing openssl3 @3.1.4_0                       
--->  Deactivating openssl3 @3.2.0_0+universal
--->  Cleaning openssl3
--->  Activating openssl3 @3.1.4_0
--->  Cleaning openssl3
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  Found 4 broken files, matching files to ports      
--->  Found 1 broken port, determining rebuild order
You can always run 'port rev-upgrade' again to fix errors.
The following ports will be rebuilt: curl @8.4.0+ssl+universal
Continue? [Y/n]: Y
--->  Computing dependencies for curl
--->  Dependencies to be installed: openssl openssl3
--->  Fetching distfiles for openssl3
--->  Verifying checksums for openssl3
--->  Extracting openssl3
--->  Configuring openssl3
--->  Building openssl3                                  
--->  Staging openssl3 into destroot                     
--->  Installing openssl3 @3.1.4_0+universal             
--->  Deactivating openssl3 @3.1.4_0
--->  Cleaning openssl3
--->  Activating openssl3 @3.1.4_0+universal
--->  Cleaning openssl3
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @3_14+universal
--->  Deactivating openssl @3_14
--->  Cleaning openssl
--->  Activating openssl @3_14+universal
--->  Cleaning openssl
--->  Cleaning curl
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  No broken files found.                             
--->  No broken ports found.

bash-3.2$ git pull origin master
From https://github.com/RobK88/macports-ports
 * branch                    master     -> FETCH_HEAD
Already up to date.


bash-3.2$ sudo launchctl unload  /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ ps -ax | grep ntp | grep -v grep
58552 ??         0:00.01 /opt/local/bin/daemondo --label=ntp --start-cmd /opt/local/sbin/ntpd -n -g -p /opt/local/var/run/ntpd.pid -f /opt/local/var/db/ntp.drift -c /opt/local/etc/ntp.conf ; --restart-netchange --pid=exec
58556 ??         0:00.07 /opt/local/sbin/ntpd -n -g -p /opt/local/var/run/ntpd.pid -f /opt/local/var/db/ntp.drift -c /opt/local/etc/ntp.conf
 
bash-3.2$ ntpstat
synchronised to NTP server (217.180.209.214) at stratum 2 
   time correct to within 27 ms
   polling server every 64 s
bash-3.2$

[RobK88]

FYI -- I am now able to build the latest version of openssh on Lion. See comment:ticket:68763:11

[ryandesign (Ryan Carsten Schmidt)]

Replying to RobK88:

fatal: unable to access 'https://github.com/RobK88/macports-ports.git/': Insufficient randomness

Related to or duplicate of #68766?

[RobK88]

@ryandesign - Yes, I believe it is the same bug that I reported earlier in this ticket and in ticket ​https://trac.macports.org/ticket/68763#comment:11

When you try to build openssh on Lion, the actual problem with openssl3 is more apparent:

configure: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options
Command failed:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.5p1" && ./configure --prefix=/opt/local --with-ssl-dir=/opt/local --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5 --with-libedit --with-pie --without-xauth --without-ldns --with-audit=bsm --with-keychain=apple 
Exit code: 1

[RobK88]

The fix for openssl3 might be in the configure error message generated for openssh:

Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options