Opened 7 months ago

Closed 6 months ago

#69827 closed defect (fixed)

got 0.98.2 and TLS library dependency woes

Reported by: artkiver (グレェ) Owned by: artkiver (グレェ)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: got

Description

Also see:

https://github.com/macports/macports-ports/pull/23716

Specifically, GitHub Actions CI is breaking with this PR to Got for reasons that certainly weren't true previously.

Namely, it seems to be defaulting to OpenSSL3 and failing because it can't find libtls, which MacPorts supplies via the libretls MacPort.

There are some different approaches to potentially take and I am documenting them here for reference and to get some Portfile experimentation somewhere that isn't just local to my system.

For example, one Portfile, simply explicitly declares libressl as a dependency, that works locally.

Another example, the Portfile declares openssl and libretls as dependencies, that works locally too.

The third example, borrows inspiration from the "smarts" in the rpki-client Portfile, to attempt to determine which TLS library MacPorts already has installed, and now has two variants, a libressl and an openssl variant. This sort of seems to work locally, kind of, but not entirely.

For example, if I remove all TLS libraries, it will default to installing OpenSSL3 and libretls and functions.

If, on the other hand, I have libressl already installed, it works.

However, if I remove all TLS libraries, but then specify +libressl when installing the port, for some reason it is still installing OpenSSL3 and then fails, because that conflicts!

That logic, was very thoroughly tested when originally introduced with the rpki-client Portfile, so my guess is, something changed with MacPorts?

Hopefully others can suggest some improvements?

Thanks!

Attachments (6)

Portfile0.98.2workingwithlibressl (1.6 KB) - added by artkiver (グレェ) 7 months ago.
A got-portable 0.98.2 Portfile with libressl explicitly stated as a dependency, this functions OK locally.
Portfile0.98.2workingwithopenssl (1.6 KB) - added by artkiver (グレェ) 7 months ago.
A got-portable 0.98.2 Portfile with openssl and libretls listed as explicit dependencies, this also appears to function OK locally.
Portfile.got0.98.2libreoropenssl (2.5 KB) - added by artkiver (グレェ) 7 months ago.
A got portable 0.98.2 Portfile with some logic to attempt to add a libressl and an openssl variant this functions sort of but not reliably in all my local tests so far hopefully others can improve upon it
Portfile.got0.98.2_defaultstoopensslsortaworks (2.3 KB) - added by artkiver (グレェ) 7 months ago.
another refactoring of the Portfile %port -v install will default to OpenSSL and install OK, but other errors remain.
got0.99Portfile_withopensslvariantdefault (1.7 KB) - added by artkiver (グレェ) 7 months ago.
got 0.99 Portfile which creates an OpenSSL variant and defaults to it, which should also please the GitHub Actions CI?
got0.99Portfile_not_default_openssl_but_willbreakGitHubActionsCIasaresult (1.7 KB) - added by artkiver (グレェ) 7 months ago.
A got 0.99 Portfile which has the openssl variant, but does not default to it. This will break the GitHub Actions CI as a result; but seems to be OK if +openssl is specified at install time, or if libressl is already installed.

Download all attachments as: .zip

Change History (9)

Changed 7 months ago by artkiver (グレェ)

A got-portable 0.98.2 Portfile with libressl explicitly stated as a dependency, this functions OK locally.

Changed 7 months ago by artkiver (グレェ)

A got-portable 0.98.2 Portfile with openssl and libretls listed as explicit dependencies, this also appears to function OK locally.

Changed 7 months ago by artkiver (グレェ)

A got portable 0.98.2 Portfile with some logic to attempt to add a libressl and an openssl variant this functions sort of but not reliably in all my local tests so far hopefully others can improve upon it

Changed 7 months ago by artkiver (グレェ)

another refactoring of the Portfile %port -v install will default to OpenSSL and install OK, but other errors remain.

comment:1 Changed 7 months ago by artkiver (グレェ)

Added another refactored Portfile.

Portfile.got0.98.2_defaultstoopensslsortaworks

Will:

install OK with %sudo port -v install

Defaults to OpenSSL(3) but at least picks up the libretls dependency.

If LibreSSL or libressl-devel are already installed in MacPorts, it might also work and use the libressl variant if installed with %sudo port -v install +libressl.

However, there are various caveats:

e.g. if just installing with no variant parameter and MacPorts with having previously installed install got via %sudo port -v install:

port -vst install
--->  Computing dependencies for got..
Error: Can't install libressl because conflicting ports are active: openssl
Error: Follow https://guide.macports.org/#project.tickets if you believe there is a
bug.
Error: Processing of port got failed

Or, cleaning MacPorts entirely via %sudo port -fp uninstall installed and specifying %sudo port -vst install

port -vst install
--->  Computing dependencies for got.......................
The following dependencies will be installed: 
 bison
 bison-runtime
 db48
 gdbm
 gettext
 gettext-runtime
 gettext-tools-libs
 gperf
 libevent
 libiconv
 libretls
 libtextstyle
 m4
 ncurses
 openssl
 openssl3
 ossp-uuid
 perl5.34
 pkgconfig
 readline
 xz
 zlib
Continue? [Y/n]: 
--->  Fetching distfiles for ncurses
--->  ncurses-6.4.tar.gz does not exist in /opt/local/var/macports/distfiles/ncurses
--->  Attempting to fetch ncurses-6.4.tar.gz from http://mirror.fcix.net/macports/distfiles/ncurses
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3527k  100 3527k    0     0  3377k      0  0:00:01  0:00:01 --:--:-- 3379k
--->  Verifying checksums for ncurses
--->  Checksumming ncurses-6.4.tar.gz
--->  Extracting ncurses
--->  Extracting ncurses-6.4.tar.gz
Executing:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_devel_ncurses/ncurses/work" && /usr/bin/gzip -dc '/opt/local/var/macports/distfiles/ncurses/ncurses-6.4.tar.gz' | /usr/bin/tar -xf - 
Command failed:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_devel_ncurses/ncurses/work" && /usr/bin/gzip -dc '/opt/local/var/macports/distfiles/ncurses/ncurses-6.4.tar.gz' | /usr/bin/tar -xf - 
Killed by signal: 9
Error: Failed to extract ncurses: command execution failed
Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_devel_ncurses/ncurses/main.log for details.
Error: Follow https://guide.macports.org/#project.tickets if you believe there is a
bug.
Error: Processing of port got failed

I am still kind of tempted to submit a PR with this version, since %port -v install and %port test both seem to function OK and I am guessing it will pass GitHub Actions CI as a result?

Moreover, I think most MacPorts users who use libressl are probably savvy enough to be able to work around the potential pitfalls?

Still, perhaps there is a smarter way to phrase this:

if {[catch {registry_active openssl}] && ![variant_isset libressl]} {
  # openssl is installed and the libressl variant isn't manually requested, default to openssl
  default_variants +openssl
} elseif {([catch {registry_active libressl}] || [catch {registry_active libressl-devel}]) && ![variant_isset openssl]} {
  # either libressl or libressl-devel are already installed, and the openssl variant is not explicitly requested, default to libressl
  default_variants +libressl
}

Also, I do NOT for the life of me, understand why if I invoke % sudo port -v install +libressl on a clean MacPorts installation it has openssl and openssl3 as dependencies? Which, also doesn't seem to pick up the libretls dependency of the openssl variant. My guess is: one of the other dependencies is defaulting to OpenSSL as a dependency? Moreover, this is probably why I don't see this if I already have libressl installed, because whichever port is defaulting to OpenSSL and being flagged as conflicting dependency this way is presumably already handled.

e.g.

 port -v install +libressl
--->  Computing dependencies for got...................
The following dependencies will be installed: 
 bison
 bison-runtime
 db48
 gdbm
 gettext-runtime
 libevent
 libiconv
 libressl
 libtextstyle
 m4
 ncurses
 openssl
 openssl3
 ossp-uuid
 perl5.34
 pkgconfig
 readline
 zlib
Continue? [Y/n]: 
Last edited 7 months ago by artkiver (グレェ) (previous) (diff)

comment:2 Changed 7 months ago by ryandesign (Ryan Carsten Schmidt)

Port: got added

Obviously failure to extract ncurses in trace mode has nothing to do with got. You didn't mention your OS or platform but trace mode doesn't work on macOS 13 or later on Apple Silicon machines.

Changed 7 months ago by artkiver (グレェ)

got 0.99 Portfile which creates an OpenSSL variant and defaults to it, which should also please the GitHub Actions CI?

Changed 7 months ago by artkiver (グレェ)

A got 0.99 Portfile which has the openssl variant, but does not default to it. This will break the GitHub Actions CI as a result; but seems to be OK if +openssl is specified at install time, or if libressl is already installed.

comment:3 Changed 6 months ago by artkiver (グレェ)

Owner: set to artkiver
Resolution: fixed
Status: newclosed

In e04f7bdc5b6d9f3d4a2411a636c1d2c5dcfd7eb4/macports-ports (master):

got: update to 0.99

Note: See TracTickets for help on using tickets.