Add patch for OpenSSL v3.2.0
Add a patch [1] to silence warnings from OpenSSL v3.2.0-v3.2.1 for reading from stdin without using -in [2,3]. This will be fixed by upstream OpenSSL v3.2.2 and v3.3.0 as well [4]. [1] https://git.build2.org/cgit/bpkg/commit/?id=40bb034f57cf37c1cbdcef337733507c230c6004 [2] https://github.com/build2/build2/issues/353 [3] https://github.com/build2/build2/issues/379 [4] https://github.com/openssl/openssl/pull/23526
This commit is contained in:
parent
f069aa603a
commit
b9c3486428
227
bpkg-openssl-v3.2.0-stdin-warn.patch
Normal file
227
bpkg-openssl-v3.2.0-stdin-warn.patch
Normal file
@ -0,0 +1,227 @@
|
||||
From 40bb034f57cf37c1cbdcef337733507c230c6004 Mon Sep 17 00:00:00 2001
|
||||
From: Karen Arutyunov <karen@codesynthesis.com>
|
||||
Date: Tue, 23 Apr 2024 12:25:33 +0300
|
||||
Subject: Suppress the 'reading certificate from stdin' openssl warning on
|
||||
POSIX systems in bpkg-fetch
|
||||
|
||||
---
|
||||
bpkg/auth.cxx | 137 ++++++++++++++++++++++++++++++++++++++--------------------
|
||||
1 file changed, 89 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/bpkg/auth.cxx b/bpkg/auth.cxx
|
||||
index 663054d..191da0a 100644
|
||||
--- a/bpkg/auth.cxx
|
||||
+++ b/bpkg/auth.cxx
|
||||
@@ -23,15 +23,15 @@ using namespace butl;
|
||||
|
||||
namespace bpkg
|
||||
{
|
||||
- static const string openssl_version ("version");
|
||||
- static const string openssl_pkeyutl ("pkeyutl");
|
||||
- static const string openssl_rsautl ("rsautl");
|
||||
- static const string openssl_x509 ("x509");
|
||||
-
|
||||
- const char* openssl_commands[5] = {openssl_version.c_str (),
|
||||
- openssl_pkeyutl.c_str (),
|
||||
- openssl_rsautl.c_str (),
|
||||
- openssl_x509.c_str (),
|
||||
+ static const string openssl_version_cmd ("version");
|
||||
+ static const string openssl_pkeyutl_cmd ("pkeyutl");
|
||||
+ static const string openssl_rsautl_cmd ("rsautl");
|
||||
+ static const string openssl_x509_cmd ("x509");
|
||||
+
|
||||
+ const char* openssl_commands[5] = {openssl_version_cmd.c_str (),
|
||||
+ openssl_pkeyutl_cmd.c_str (),
|
||||
+ openssl_rsautl_cmd.c_str (),
|
||||
+ openssl_x509_cmd.c_str (),
|
||||
nullptr};
|
||||
|
||||
// Print process command line.
|
||||
@@ -43,9 +43,42 @@ namespace bpkg
|
||||
print_process (args, n);
|
||||
}
|
||||
|
||||
+ // Query the openssl information and return the openssl version. Cache the
|
||||
+ // version on the first function call. Fail on the underlying process and IO
|
||||
+ // error. Return the 0.0.0 version if unable to parse the openssl stdout.
|
||||
+ //
|
||||
+ static optional<semantic_version> openssl_ver;
|
||||
+
|
||||
+ static const semantic_version&
|
||||
+ openssl_version (const common_options& co)
|
||||
+ {
|
||||
+ const path& openssl_path (co.openssl ()[openssl_version_cmd]);
|
||||
+
|
||||
+ if (!openssl_ver)
|
||||
+ try
|
||||
+ {
|
||||
+ optional<openssl_info> oi (
|
||||
+ openssl::info (print_command, 2, openssl_path));
|
||||
+
|
||||
+ openssl_ver = (oi && oi->name == "OpenSSL"
|
||||
+ ? move (oi->version)
|
||||
+ : semantic_version ());
|
||||
+ }
|
||||
+ catch (const process_error& e)
|
||||
+ {
|
||||
+ fail << "unable to execute " << openssl_path << ": " << e << endf;
|
||||
+ }
|
||||
+ catch (const io_error& e)
|
||||
+ {
|
||||
+ fail << "unable to read '" << openssl_path << "' output: " << e
|
||||
+ << endf;
|
||||
+ }
|
||||
+
|
||||
+ return *openssl_ver;
|
||||
+ }
|
||||
+
|
||||
// Return true if the openssl version is greater or equal to 3.0.0 and so
|
||||
- // pkeyutl needs to be used instead of rsautl. Cache the result on the first
|
||||
- // function call.
|
||||
+ // pkeyutl needs to be used instead of rsautl.
|
||||
//
|
||||
// Note that openssl 3.0.0 deprecates rsautl in favor of pkeyutl.
|
||||
//
|
||||
@@ -54,37 +87,28 @@ namespace bpkg
|
||||
// (see the 'pkeyutl -verifyrecover error "input data too long to be a
|
||||
// hash"' issue report for details).
|
||||
//
|
||||
- static optional<bool> use_pkeyutl;
|
||||
-
|
||||
- static bool
|
||||
+ static inline bool
|
||||
use_openssl_pkeyutl (const common_options& co)
|
||||
{
|
||||
- if (!use_pkeyutl)
|
||||
- {
|
||||
- const path& openssl_path (co.openssl ()[openssl_version]);
|
||||
-
|
||||
- try
|
||||
- {
|
||||
- optional<openssl_info> oi (
|
||||
- openssl::info (print_command, 2, openssl_path));
|
||||
-
|
||||
- use_pkeyutl = oi &&
|
||||
- oi->name == "OpenSSL" &&
|
||||
- oi->version >= semantic_version {3, 0, 0};
|
||||
- }
|
||||
- catch (const process_error& e)
|
||||
- {
|
||||
- fail << "unable to execute " << openssl_path << ": " << e << endf;
|
||||
- }
|
||||
- catch (const io_error& e)
|
||||
- {
|
||||
- fail << "unable to read '" << openssl_path << "' output: " << e
|
||||
- << endf;
|
||||
- }
|
||||
- }
|
||||
+ return openssl_version (co) >= semantic_version {3, 0, 0};
|
||||
+ }
|
||||
|
||||
- return *use_pkeyutl;
|
||||
+ // Return true if some openssl commands (openssl x509 -fingerprint, etc) may
|
||||
+ // issue the 'Reading certificate from stdin since no -in or -new option is
|
||||
+ // given' warning. This is the case for the openssl version in the [3.2.0
|
||||
+ // 3.3.0) range (see GH issue #353 for details).
|
||||
+ //
|
||||
+ // Note that there is no easy way to suppress this warning on Windows and
|
||||
+ // thus we don't define this function there.
|
||||
+ //
|
||||
+#ifndef _WIN32
|
||||
+ static inline bool
|
||||
+ openssl_warn_stdin (const common_options& co)
|
||||
+ {
|
||||
+ const semantic_version& v (openssl_version (co));
|
||||
+ return v >= semantic_version {3, 2, 0} && v < semantic_version {3, 3, 0};
|
||||
}
|
||||
+#endif
|
||||
|
||||
// Find the repository location prefix that ends with the version component.
|
||||
// We consider all repositories under this location to be related.
|
||||
@@ -190,15 +214,25 @@ namespace bpkg
|
||||
dr << ": " << *e;
|
||||
};
|
||||
|
||||
- const path& openssl_path (co.openssl ()[openssl_x509]);
|
||||
- const strings& openssl_opts (co.openssl_option ()[openssl_x509]);
|
||||
+ const path& openssl_path (co.openssl ()[openssl_x509_cmd]);
|
||||
+ const strings& openssl_opts (co.openssl_option ()[openssl_x509_cmd]);
|
||||
|
||||
try
|
||||
{
|
||||
openssl os (print_command,
|
||||
fdstream_mode::text, fdstream_mode::text, 2,
|
||||
- openssl_path, openssl_x509,
|
||||
- openssl_opts, "-sha256", "-noout", "-fingerprint");
|
||||
+ openssl_path, openssl_x509_cmd,
|
||||
+ openssl_opts,
|
||||
+ "-sha256",
|
||||
+ "-noout",
|
||||
+ "-fingerprint"
|
||||
+#ifndef _WIN32
|
||||
+ ,
|
||||
+ (openssl_warn_stdin (co)
|
||||
+ ? cstrings ({"-in", "/dev/stdin"})
|
||||
+ : cstrings ())
|
||||
+#endif
|
||||
+ );
|
||||
|
||||
os.out << pem;
|
||||
os.out.close ();
|
||||
@@ -288,8 +322,8 @@ namespace bpkg
|
||||
dr << ": " << *e;
|
||||
};
|
||||
|
||||
- const path& openssl_path (co.openssl ()[openssl_x509]);
|
||||
- const strings& openssl_opts (co.openssl_option ()[openssl_x509]);
|
||||
+ const path& openssl_path (co.openssl ()[openssl_x509_cmd]);
|
||||
+ const strings& openssl_opts (co.openssl_option ()[openssl_x509_cmd]);
|
||||
|
||||
try
|
||||
{
|
||||
@@ -315,7 +349,7 @@ namespace bpkg
|
||||
openssl os (
|
||||
print_command,
|
||||
fdstream_mode::text, fdstream_mode::text, 2,
|
||||
- openssl_path, openssl_x509,
|
||||
+ openssl_path, openssl_x509_cmd,
|
||||
openssl_opts, "-noout", "-subject", "-dates", "-email",
|
||||
|
||||
// Previously we have used "RFC2253,sep_multiline" format to display
|
||||
@@ -347,6 +381,13 @@ namespace bpkg
|
||||
// sep_multiline - display field per line.
|
||||
//
|
||||
"-nameopt", "utf8,esc_ctrl,dump_nostr,dump_der,sname,sep_multiline"
|
||||
+
|
||||
+#ifndef _WIN32
|
||||
+ ,
|
||||
+ (openssl_warn_stdin (co)
|
||||
+ ? cstrings ({"-in", "/dev/stdin"})
|
||||
+ : cstrings ())
|
||||
+#endif
|
||||
);
|
||||
|
||||
// We unset failbit to provide the detailed error description (which
|
||||
@@ -877,7 +918,7 @@ namespace bpkg
|
||||
};
|
||||
|
||||
bool ku (use_openssl_pkeyutl (co));
|
||||
- const string& cmd (ku ? openssl_pkeyutl : openssl_rsautl);
|
||||
+ const string& cmd (ku ? openssl_pkeyutl_cmd : openssl_rsautl_cmd);
|
||||
|
||||
const path& openssl_path (co.openssl ()[cmd]);
|
||||
const strings& openssl_opts (co.openssl_option ()[cmd]);
|
||||
@@ -973,8 +1014,8 @@ namespace bpkg
|
||||
};
|
||||
|
||||
const string& cmd (use_openssl_pkeyutl (co)
|
||||
- ? openssl_pkeyutl
|
||||
- : openssl_rsautl);
|
||||
+ ? openssl_pkeyutl_cmd
|
||||
+ : openssl_rsautl_cmd);
|
||||
|
||||
const path& openssl_path (co.openssl ()[cmd]);
|
||||
const strings& openssl_opts (co.openssl_option ()[cmd]);
|
||||
--
|
||||
cgit v1.1
|
||||
|
@ -27,6 +27,9 @@ Source100: https://pkg.cppget.org/1/beta/odb/libodb-%{libodb_bundle_version
|
||||
Source101: https://pkg.cppget.org/1/beta/odb/libodb-sqlite-%{libodb_bundle_version}.tar.gz
|
||||
%endif
|
||||
|
||||
# Upstream: https://git.build2.org/cgit/bpkg/commit/?id=40bb034f57cf37c1cbdcef337733507c230c6004
|
||||
Patch3000: bpkg-openssl-v3.2.0-stdin-warn.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libpkgconf-devel
|
||||
%if %{with bootstrap}
|
||||
@ -257,6 +260,9 @@ This package contains the %{name} RPM macros.
|
||||
%else
|
||||
%setup -q -c -n %{name}-toolchain-%{version} -a 1 -a 2 -a 3 -a 4 -a 100 -a 101
|
||||
%endif
|
||||
pushd bpkg-%{version}
|
||||
%patch -p 1 -P 3000
|
||||
popd
|
||||
mv libbutl-%{version} %{name}-%{version}
|
||||
|
||||
%build
|
||||
@ -635,6 +641,7 @@ b test:
|
||||
%changelog
|
||||
* Sat Apr 20 2024 Matthew Krupcale <mkrupcale@gmail.com> - 0.16.0-4
|
||||
- Rebuild for libpkgconf ABI changes
|
||||
- Apply patch to silence OpenSSL v3.2.0 warnings in bpkg
|
||||
|
||||
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.16.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
Loading…
Reference in New Issue
Block a user