Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#57016 closed defect (fixed)

ld64-97 @97.17_8: opportunistic use of openssl

Reported by: jmroot (Joshua Root) Owned by: kencu (Ken)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: jeremyhu (Jeremy Huddleston Sequoia)
Port: ld64-97

Description

$ otool -L /opt/local/bin/ld-97
/opt/local/bin/ld-97:
        /opt/local/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/lib/libstdc++.6.dylib (compatibility version 7.0.0, current version 7.4.0)
        /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 1.0.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.3.11)

Temporarily uninstalling the openssl port resulted in a broken toolchain.

Change History (15)

comment:1 Changed 5 years ago by kencu (Ken)

Oh, that's good. If it's opportunistically linking, perhaps I can just turn it off for the build. I'll see if I can figure out what it may or may not be useful for, but it would not (probably) be a very good idea to make it a build dep for ld64-97 as I doubt that openssl 1.1.1 (or 1.0.x for that matter) can build with the system compiler on Tiger.

comment:2 Changed 5 years ago by kencu (Ken)

Cc: kencu added

comment:3 Changed 5 years ago by kencu (Ken)

I believe Jeremy won't mind if I take over this ticket as he doesn't (I believe) have a running Tiger system any longer.

comment:4 Changed 5 years ago by kencu (Ken)

Owner: changed from jeremyhu to kencu

comment:5 Changed 5 years ago by jmroot (Joshua Root)

Cc: jeremyhu added; kencu removed

comment:6 Changed 5 years ago by kencu (Ken)

Cc: kencu added; jeremyhu removed

Ah. It's coming from right here in the ld64-97 Portfile:

    pre-build {
        if {${llvm_version} != ""} {
            build.args-append LLVM_CONFIG=${prefix}/bin/llvm-config-mp-${llvm_version}
        }

        if {${os.major} < 9} {
            build.args-append OTHER_LDFLAGS_LD64=-lcrypto
        }
    }

comment:7 Changed 5 years ago by kencu (Ken)

Cc: jeremyhu added; kencu removed

comment:8 Changed 5 years ago by kencu (Ken)

sorry, you pushed as I was editing, and it undid what you did.

Now -- I'm try to think if there could be any reason why we can't force that -lcrypto library to always be the fully specified one in /usr/lib and therefore never have this issue again ....

comment:9 Changed 5 years ago by jmroot (Joshua Root)

Sounds reasonable to me.

comment:10 Changed 5 years ago by kencu (Ken)

How about :

    pre-build {
        if {${llvm_version} != ""} {
            build.args-append LLVM_CONFIG=${prefix}/bin/llvm-config-mp-${llvm_version}
        }

        if {${os.major} < 9} {
            build.args-append OTHER_LDFLAGS_LD64=/usr/lib/libcrypto.dylib
        }
    }
Last edited 5 years ago by kencu (Ken) (previous) (diff)

comment:11 Changed 5 years ago by kencu (Ken)

I'll try it out on my Tiger system and see if that works correctly even if openssl is installed.

comment:12 Changed 5 years ago by kencu (Ken)

Yes, that works. It builds, and links against the system's libcrypto.dylib even if openssl is installed, as you would expect.

So I can put that through. I can't think, though, what we might do to prevent ld64-97 breaking if a user has it installed already against openssl 1.0.x and then upgrades to openssl 1.1.1. And that would likely be most everyone, of course.

Simplest idea would be to just get them to activate the older openssl and upgrade ld64-97, I guess, then activate the new one again and proceed on from there.

Last edited 5 years ago by kencu (Ken) (previous) (diff)

comment:13 Changed 5 years ago by kencu (Ken)

Resolution: fixed
Status: assignedclosed

In 1a5d1eb48cd0a4a7e571e14195a6cc9c5cf44cf2/macports-ports (master):

ld64-97: prevent opportunistic linking to openssl

fully specify the path to the system libcrypto
prevents ld64-97 breakage when openssl changes ABI
closes: #57016
see: #59019

comment:14 Changed 5 years ago by mouse07410 (Mouse)

Pardon my ignorance, but what's the use case for OpenSSL with ld64?

comment:15 in reply to:  14 Changed 5 years ago by jmroot (Joshua Root)

It needs an MD5 implementation to generate UUIDs, and Tiger doesn't have CommonCrypto.

Note: See TracTickets for help on using tickets.