tor @0.4.4.6_1 fails to build

[cculianu (Calin Culianu)]

I'm on Big Sur 11.6.1, latest Xcode 13.1.

Latest Tor fails to build, the build log shows a compile error:

:info:build src/lib/tls/tortls_openssl.c:1198:3: warning: 'uint64_t' is not defined, evaluates to 0 [-Wundef]
:info:build   SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
:info:build   ^
:info:build /opt/local/include/openssl/ssl.h:389:58: note: expanded from macro 'SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
'
:info:build # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        SSL_OP_BIT(18)
:info:build                                                          ^
:info:build /opt/local/include/openssl/ssl.h:343:26: note: expanded from macro 'SSL_OP_BIT'
:info:build #define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
:info:build                          ^
:info:build src/lib/tls/tortls_openssl.c:1198:3: error: token is not a valid binary operator in a preprocessor subexpres
sion
:info:build   SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
:info:build   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:info:build /opt/local/include/openssl/ssl.h:389:58: note: expanded from macro 'SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
'
:info:build # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        SSL_OP_BIT(18)
:info:build                                                          ^~~~~~~~~~~~~~
:info:build /opt/local/include/openssl/ssl.h:343:35: note: expanded from macro 'SSL_OP_BIT'
:info:build #define SSL_OP_BIT(n)  ((uint64_t)1 << (uint64_t)n)
:info:build                         ~~~~~~~~~~^

[hadrabap (Petr Hadraba)]

There is a fix for this in upstream repo: ​https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/389/diffs?commit_id=faf89589d0d41924bb63d610e51aa20c45a6655b

All of this stuff is caused by MacPorts switching to OpenSSL 3 which claims compatibility but the opposite is true. I have lot of ports broken by this decision, e.g. tor, git-crypt, yubico-piv-tool, opensc…

I'm very disappointed…

[mascguy (Christopher Nielsen)]

For those items that are broken, we'll either be fixing them to work with OpenSSL 3, or switching them back to OpenSSL 1.1.

As for the decision itself, we needed to move forward, and that's why it was done. And among other benefits, it also allows us to provide binaries for many, many other ports - which will significantly improve the user experience.

Please be patient as we work through all of this. There are a LOT of us actively working to fix these issues, and we're quickly making progress.

[cculianu (Calin Culianu)]

Ok, well I understand, as a software engineer myself -- sometimes it's better to move forward. It's sad that OpenSSL 3 claims compatibility, and indeed even stuff compiles against it ok, and then you get stuff breaking. Major stuff like even Python!

I will be patient. Thanks for the follow-up on this. And in some ways it's good to be moving on to a (hopefully) less buggy, more secure, better licensed implementation of OpenSSL.

Question though: how does a user that inadvertently upgraded to 3, revert back? I had to manually edit my ports tree in /opt/local/var to basically *manually* undo the work of the commit that "switched to 3 by default". It would be nice if I could simply have done:

$ sudo port uninstall openssl@3

$ sudo port install openssl@1.1

Or something similar... :/

[reneeotten (Renee Otten)]

Replying to hadrabap:

There is a fix for this in upstream repo: ​https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/389/diffs?commit_id=faf89589d0d41924bb63d610e51aa20c45a6655b

let's not take that commit, this is a MR - the actual change upstream committed is ​here. I'll try now to add that once I figure out how to get a .diff file from GitLab...

All of this stuff is caused by MacPorts switching to OpenSSL 3 which claims compatibility but the opposite is true. I have lot of ports broken by this decision, e.g. tor, git-crypt, yubico-piv-tool, opensc…

I'm very disappointed…

That's where you start to open a ticket for ports that don't currently build or you try to do the actual work yourself to make it build with openssl3 (or switch it back to openssl11 as described on the macports-dev mailinglist) and submit a PR. Alternatvily, as @mascguy says you wait a little bit until the dust settles.

[reneeotten (Renee Otten)]

Replying to cculianu:

Question though: how does a user that inadvertently upgraded to 3, revert back? I had to manually edit my ports tree in /opt/local/var to basically *manually* undo the work of the commit that "switched to 3 by default". It would be nice if I could simply have done:

$ sudo port uninstall openssl@3

$ sudo port install openssl@1.1

Or something similar... :/

The procedure for ​installing an older port is described here.

[reneeotten (Renee Otten)]

okay tor is building now with openssl3, I also updated it to version 0.4.4.8. Running the test-suite now if that all passes happily I'll commit the update/fix.

[cculianu (Calin Culianu)]

Replying to reneeotten:

The procedure for ​installing an older port is described here.

Ah ok. So it's basically like what I did, in a way. I manually "reverted the commit" myself, by editing files directly in /opt/local/var/. LOL.

Ok.. I guess due to the magic of rsync next time I do sudo port selfupdate (which I will only run when I'm sure everything is fixed)... it will "repair" itself and undo my edits, right?

[reneeotten (Renee Otten)]

In b4a1f4675deff310bbaf14f30960524c19296ccf/macports-ports (master):

tor: update to 0.4.4.8, fix build with openssl3

Closes: #63856

[reneeotten (Renee Otten)]

Please test - I only verified that it builds and that there are no failures in the test-suite.

[i0ntempest]

0.4.6.8 seems already have the patch in, any reason not upgrading to that version?

[Knapoc <Knapoc@…>]

In 9498466bafea59f05aca70209c52ea111b2bcc0f/macports-ports (master):

tor: update to 0.4.6.8

Closes: #63856