openssl @3_15 breaks the various ports including ntp, openssh and git

[RobK88]

After upgrading openssl to @3_15 (and after upgrading openssl3) yesterday, the ntp port no longer works on Lion and Mtn Lion.

bash-3.2$ ntpq -p
ntpq: read: Connection refused

bash-3.2$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ ntpq -p
ntpq: read: Connection refused
 
bash-3.2$ ntpstat
Unable to talk to NTP daemon. Is it running?

bash-3.2$ ps -ax | grep ntp 
 1100 ttys000    0:00.00 grep ntp

bash-3.2$ ps -ax | grep ntp | grep -v ntp
bash-3.2$

I have also tried rebooting but no change. The ntp daemon will not launch.

In addition, the openssh port no longer works. (see #68763)

It looks like the cause of the broken ports is openssl.

[RobK88]

It looks like openssl @3_15 does NOT break the ntp port and the openssh port on High Sierra. ntp and openssh still work fine on my mac running High Sierra.

The latest openssl @3_15 only breaks ntp and openssh on older Mac OSs.

[RobK88]

opensssl @3_15 also appears to break git on Lion

rob$ git pull origin master
fatal: unable to access 'https://github.com/RobK88/macports-ports.git/': Insufficient randomness

[RobK88]

The problem is definitely with the latest version of openssl and openssl3.

I reverted to the previous version of openssl and openssl3 by copying the previous Portfiles into my local repo. And reinstalled openssl and openssl3. Now the ntp and git ports work properly on Lion.

bash-3.2$ sudo port install openssl
Password:
--->  Computing dependencies for openssl
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @3_14
--->  Deactivating openssl @3_15+universal
--->  Cleaning openssl
--->  Activating openssl @3_14
--->  Cleaning openssl
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  No broken files found.                             
--->  No broken ports found.
bash-3.2$ 
bash-3.2$ sudo port install openssl3
--->  Computing dependencies for openssl3
--->  Fetching distfiles for openssl3
--->  Verifying checksums for openssl3
--->  Extracting openssl3
--->  Configuring openssl3
--->  Building openssl3                                  
--->  Staging openssl3 into destroot                     
--->  Installing openssl3 @3.1.4_0                       
--->  Deactivating openssl3 @3.2.0_0+universal
--->  Cleaning openssl3
--->  Activating openssl3 @3.1.4_0
--->  Cleaning openssl3
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  Found 4 broken files, matching files to ports      
--->  Found 1 broken port, determining rebuild order
You can always run 'port rev-upgrade' again to fix errors.
The following ports will be rebuilt: curl @8.4.0+ssl+universal
Continue? [Y/n]: Y
--->  Computing dependencies for curl
--->  Dependencies to be installed: openssl openssl3
--->  Fetching distfiles for openssl3
--->  Verifying checksums for openssl3
--->  Extracting openssl3
--->  Configuring openssl3
--->  Building openssl3                                  
--->  Staging openssl3 into destroot                     
--->  Installing openssl3 @3.1.4_0+universal             
--->  Deactivating openssl3 @3.1.4_0
--->  Cleaning openssl3
--->  Activating openssl3 @3.1.4_0+universal
--->  Cleaning openssl3
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @3_14+universal
--->  Deactivating openssl @3_14
--->  Cleaning openssl
--->  Activating openssl @3_14+universal
--->  Cleaning openssl
--->  Cleaning curl
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  No broken files found.                             
--->  No broken ports found.

bash-3.2$ git pull origin master
From https://github.com/RobK88/macports-ports
 * branch                    master     -> FETCH_HEAD
Already up to date.


bash-3.2$ sudo launchctl unload  /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.ntp/org.macports.ntp.plist

bash-3.2$ ps -ax | grep ntp | grep -v grep
58552 ??         0:00.01 /opt/local/bin/daemondo --label=ntp --start-cmd /opt/local/sbin/ntpd -n -g -p /opt/local/var/run/ntpd.pid -f /opt/local/var/db/ntp.drift -c /opt/local/etc/ntp.conf ; --restart-netchange --pid=exec
58556 ??         0:00.07 /opt/local/sbin/ntpd -n -g -p /opt/local/var/run/ntpd.pid -f /opt/local/var/db/ntp.drift -c /opt/local/etc/ntp.conf
 
bash-3.2$ ntpstat
synchronised to NTP server (217.180.209.214) at stratum 2 
   time correct to within 27 ms
   polling server every 64 s
bash-3.2$

[RobK88]

FYI -- I am now able to build the latest version of openssh on Lion. See comment:ticket:68763:11

[ryandesign (Ryan Carsten Schmidt)]

Replying to RobK88:

fatal: unable to access 'https://github.com/RobK88/macports-ports.git/': Insufficient randomness

Related to or duplicate of #68766?

[RobK88]

@ryandesign - Yes, I believe it is the same bug that I reported earlier in this ticket and in ticket ​https://trac.macports.org/ticket/68763#comment:11

When you try to build openssh on Lion, the actual problem with openssl3 is more apparent:

configure: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options
Command failed:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-9.5p1" && ./configure --prefix=/opt/local --with-ssl-dir=/opt/local --sysconfdir=/opt/local/etc/ssh --with-privsep-path=/var/empty --with-md5-passwords --with-pid-dir=/opt/local/var/run --with-pam --mandir=/opt/local/share/man --with-zlib=/opt/local --without-kerberos5 --with-libedit --with-pie --without-xauth --without-ldns --with-audit=bsm --with-keychain=apple 
Exit code: 1

[RobK88]

The fix for openssl3 might be in the configure error message generated for openssh:

Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options