opensc: fails to build due to openssl3

[michael-j-oconnor]

My sense is that opensc will need some explicit dependency on openssl 1.1.x based on these sorts of errors I see in compilation:

:info:build pkcs15-westcos.c:251:7: error: 'i2d_RSAPublicKey_bio' is deprecated [-Werror,-Wdeprecated-declarations]
:info:build                 if(!i2d_RSAPublicKey_bio(mem, rsa))
:info:build                     ^
:info:build /opt/local/include/openssl/x509.h:619:1: note: 'i2d_RSAPublicKey_bio' has been explicitly marked deprecated here
:info:build OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa);
:info:build ^
:info:build /opt/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
:info:build #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
:info:build                                                 ^
:info:build /opt/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
:info:build #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
:info:build                                                    ^
:info:build pkcs15-westcos.c:268:6: error: 'i2d_RSAPrivateKey_bio' is deprecated [-Werror,-Wdeprecated-declarations]
:info:build         if(!i2d_RSAPrivateKey_bio(mem, rsa))
:info:build             ^
:info:build /opt/local/include/openssl/x509.h:617:1: note: 'i2d_RSAPrivateKey_bio' has been explicitly marked deprecated here
:info:build OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa);
:info:build ^
:info:build /opt/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
:info:build #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
:info:build                                                 ^
:info:build /opt/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
:info:build #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
:info:build                                                    ^
:info:build pkcs15-westcos.c:303:3: error: 'RSA_free' is deprecated [-Werror,-Wdeprecated-declarations]
:info:build                 RSA_free(rsa);
:info:build                 ^
:info:build /opt/local/include/openssl/rsa.h:293:1: note: 'RSA_free' has been explicitly marked deprecated here
:info:build OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
:info:build ^
:info:build /opt/local/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
:info:build #   define OSSL_DEPRECATEDIN_3_0                OSSL_DEPRECATED(3.0)
:info:build                                                 ^
:info:build /opt/local/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
:info:build #     define OSSL_DEPRECATED(since) __attribute__((deprecated))
:info:build                                                    ^
:info:build 7 errors generated.

[reneeotten (Renee Otten)]

% port livecheck opensc
opensc seems to have been updated (port version: 0.21.0, new version: 0.22.0)

I'd suggest updating the port to its latest upstream version as the release notes state "Initial support for building with OpenSSL 3.0"; so perhaps it will just work. If not, then the port could be pinned to openssl11 for now.

[jmroot (Joshua Root)]

It would be best to turn off use of -Werror,-Wdeprecated-declarations in any case, as that will just cause failures when using functions that are deprecated but still work.

[Chris Jones <jonesc@…>]

In fe43a48ab35e715ae22a39d127f3d9805b241b60/macports-ports (master):

opensc: Use openssl PG, pin to version 1.1
Closes: #63936

[cjones051073 (Chris Jones)]

Update to 0.22 did not work with openssl3 ​https://github.com/macports/macports-ports/commit/20277b1aa0d067f6454b13f8034d7e1f058eb00c

[lbschenkel (Leonardo Brondani Schenkel)]

I started working on this when I got the notifications, unfortunately it clashed with Chris' changes that were done in parallel and beat me to it so I have to do some rework.

Not a criticism btw, I appreciate the intent to unbreak the port. This is just an announcement so others refrain from working on this until further notice. I'm on it.

I managed to make the port build against openssl3, however I am not convinced it is a good idea to make it the default because the codebase has not really been designed with openssl3 in mind (even 0.22) and there may be regressions only found at runtime. To fully test it I would need to have different kinds of smart cards, which I don't.

So my plan is to keep building against original openssl by default but make it controllable by a variant so users who want to be on the bleeding edge can build against latest openssl and do some beta testing to check if it actually works.

I will also update the port to 0.22.

Most likely openssl3 can become the default when upstream releases 0.23.

[lbschenkel (Leonardo Brondani Schenkel)]

Added an +openssl3 variant on ​https://github.com/macports/macports-ports/commit/718593d9a5f75d93807fb59130cabdf69a3f1115

@cjones051073: FYI, setting openssl.branch in the Portfile and overriding in a variant didn't work for me, it still uses the branch set globally, so I had to add a guard to avoid setting it globally when the variant also sets it. Is this a bug in the PortGroup? Maybe you want to take a look at it. If not a bug, then please let me know the proper way of doing it.