New submission from aixtools: Actually, I have been building and using my builds of Python, when needed for ./configure requirements for a long time. In short, it is quite nice that make "completes" even when there are missing and/or failed modules.
I have just resolved the problem with ctypes not building (see https://bugs.python.org/issue6006) and that got me started to research others. Failed to build these modules: _elementtree _sqlite3 _ssl bz2 pyexpat While there are several - I am looking first at ssl. My first attempt comes up with some failed defines - probably because the latest openssl provided by IBM is openssl-1.0.0 and openssl-1.0.1 is needed. Rather than wait for that to happen I decided to experiment with LibreSSL. If you are not familiar with LibreSSL - I shall be quick - openbsd (who also maintains openssh) has been cutting out insecure and/or superfluous code. One of the more insecure (because it can be a predictable source of enthropy) is RAND_egd() - so it is unavoidable that this occurs: ld: 0711-317 ERROR: Undefined symbol: .RAND_egd After patching _ssl.c to this: --- _ssl.c.orig 2014-06-30 02:05:42 +0000 +++ _ssl.c 2015-04-24 02:47:00 +0000 @@ -1604,6 +1604,7 @@ static PyObject * PySSL_RAND_egd(PyObject *self, PyObject *arg) { +#ifndef LIBRESSL_VERSION_NUMBER int bytes; if (!PyString_Check(arg)) @@ -1618,6 +1619,12 @@ return NULL; } return PyInt_FromLong(bytes); +#else + PyErr_SetString(PySSLErrorObject, + "external EGD connection not allowed when using LibreSSL:" + "no data to seed the PRNG via PySSL_RAND_egd"); + return NULL; +#endif } PyDoc_STRVAR(PySSL_RAND_egd_doc, The end result is: Failed to build these modules: _elementtree _sqlite3 bz2 pyexpat In short, you can get ahead of the curve by depreciating/removing PySSL_RAND_egd() because any code that uses it may be receiving predictable input and thereafter everything may be predictable. If you do not believe openbsd (or me) - just read the code. It calls anything configured (handy when /dev/urandom was hard to find anno 1999) but these days a backdoor waiting to be opened. p.s. As I get time I shall continue with the other modules that do not build - just let me know if you prefer that I continue posting in this "issue", or make new one(s) for each module as I find a solution. ---------- components: Extension Modules messages: 241908 nosy: aixto...@gmail.com priority: normal severity: normal status: open title: Incomplete build on AIX type: compile error versions: Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue24046> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
