Re: [openssl-project] Speaking of broken master, have a look at Travis
On Tue, Jul 24, 2018 at 08:34:28PM +0200, Kurt Roeckx wrote: > On Tue, Jul 24, 2018 at 07:54:58PM +0200, Richard Levitte wrote: > > ... > > go test: FAILED (ServerNameExtensionServer-TLS1) > > go test: unexpected failure: local error 'read tcp4 > > 127.0.0.1:41729->127.0.0.1:60574: read: connection reset by peer', child > > error 'signal: segmentation fault (core dumped)', stdout: > > This is caused by https://github.com/openssl/openssl/pull/6378 Yup, Andy pointed it out. I've tried to get a local setup with the boring tests, but need to put a bit more time into it, it seems. At least there's not an IESG telechat this week... -Ben ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
In message <84e6620a-e6bc-4f6e-a282-b46841b6d...@akamai.com> on Tue, 24 Jul 2018 18:05:35 +, "Salz, Rich" said: rsalz> sudo cpan Carp::Always rsalz> rsalz> I did this. Same results for config and the PERLOPT setting. For everyone's information, the breakage was really just rogue output. The death handler was badly written, but got fixed up with this PR: https://github.com/openssl/openssl/pull/6776 Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Speaking of broken master, have a look at Travis
On Tue, Jul 24, 2018 at 07:54:58PM +0200, Richard Levitte wrote: > ... > go test: FAILED (ServerNameExtensionServer-TLS1) > go test: unexpected failure: local error 'read tcp4 > 127.0.0.1:41729->127.0.0.1:60574: read: connection reset by peer', child > error 'signal: segmentation fault (core dumped)', stdout: This is caused by https://github.com/openssl/openssl/pull/6378 Kurt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
sudo cpan Carp::Always I did this. Same results for config and the PERLOPT setting. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Speaking of broken master, have a look at Travis
The master branch doesn't seem to be doing too well currently: https://travis-ci.org/openssl/openssl/branches The issue appears to be with the BoringSSL tests: https://travis-ci.org/openssl/openssl/jobs/407676514 I see segfaults: ... go test: FAILED (ServerNameExtensionServer-TLS1) go test: unexpected failure: local error 'read tcp4 127.0.0.1:41729->127.0.0.1:60574: read: connection reset by peer', child error 'signal: segmentation fault (core dumped)', stdout: go test: go test: stderr: go test: go test: ... go test: FAILED (ServerNameExtensionServer-TLS11) go test: unexpected failure: local error 'read tcp4 127.0.0.1:46797->127.0.0.1:57250: read: connection reset by peer', child error 'signal: segmentation fault (core dumped)', stdout: go test: go test: stderr: go test: go test: ... go test: FAILED (ServerNameExtensionServer-TLS12) go test: unexpected failure: local error 'read tcp4 127.0.0.1:41948->127.0.0.1:49698: read: connection reset by peer', child error 'signal: segmentation fault (core dumped)', stdout: go test: go test: stderr: go test: go test: ... Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
On 7/24/18, 1:42 PM, "Richard Levitte" wrote: Would you mind installing it? The package is called libcarp-always-perl on Debian and derivates, and if my RPM search fu isn't entirely off, the corresponding RPM package is perl-Carp-Always Or install with cpan... Okay. Does this add a new dependency for openssl? Maybe reconsider the approach -- Things seemed acceptable before the latest change. Or maybe print STDERR ? ; sudo cpan install perl-Carp-Always Loading internal null logger. Install Log::Log4perl for logging messages CPAN: Storable loaded ok (v2.41) Reading '/home/rsalz/.cpan/Metadata' Database was generated on Tue, 24 Jul 2018 17:17:02 GMT ; No what? Running "./config -d" still gives the same error message output and this: ; PERL5OPT=-MCarp::Always ./config Operating system: x86_64-whatever-linux2 Can't locate Carp/Always.pm in @INC (you may need to install the Carp::Always module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .). BEGIN failed--compilation aborted. You need Perl 5. exit 1 ; ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
Would you mind installing it? The package is called libcarp-always-perl on Debian and derivates, and if my RPM search fu isn't entirely off, the corresponding RPM package is perl-Carp-Always Or install with cpan... In message on Tue, 24 Jul 2018 17:36:49 +, "Salz, Rich" said: rsalz> ; env | grep PERL rsalz> ; PERL5OPT=-MCarp::Always ./config rsalz> Operating system: x86_64-whatever-linux2 rsalz> Can't locate Carp/Always.pm in @INC (you may need to install the Carp::Always module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .). rsalz> BEGIN failed--compilation aborted. rsalz> You need Perl 5. rsalz> exit 1 rsalz> ; perl -v rsalz> rsalz> This is perl 5, version 18, subversion 2 (v5.18.2) built for x86_64-linux-gnu-thread-multi rsalz> (with 52 registered patches, see perl -V for more detail) rsalz> rsalz> Copyright 1987-2013, Larry Wall rsalz> rsalz> Perl may be copied only under the terms of either the Artistic License or the rsalz> GNU General Public License, which may be found in the Perl 5 source kit. rsalz> rsalz> Complete documentation for Perl, including FAQ lists, should be found on rsalz> this system using "man perl" or "perldoc perl". If you have access to the rsalz> Internet, point your browser at http://www.perl.org/, the Perl Home Page. rsalz> rsalz> ; rsalz> rsalz> On 7/24/18, 1:33 PM, "Richard Levitte" wrote: rsalz> rsalz> PERL5OPT=-MCarp::Always ./config rsalz> rsalz> ___ rsalz> openssl-project mailing list rsalz> openssl-project@openssl.org rsalz> https://mta.openssl.org/mailman/listinfo/openssl-project ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
; env | grep PERL ; PERL5OPT=-MCarp::Always ./config Operating system: x86_64-whatever-linux2 Can't locate Carp/Always.pm in @INC (you may need to install the Carp::Always module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .). BEGIN failed--compilation aborted. You need Perl 5. exit 1 ; perl -v This is perl 5, version 18, subversion 2 (v5.18.2) built for x86_64-linux-gnu-thread-multi (with 52 registered patches, see perl -V for more detail) Copyright 1987-2013, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. ; On 7/24/18, 1:33 PM, "Richard Levitte" wrote: PERL5OPT=-MCarp::Always ./config ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] master is broken?
I can't reproduce, but looking into using Carp::Always uncovered a couple of bugs, which I'm submitting a PR for. When that is merged, you should be able to do this, and get a stack trace every time the death handler is called: PERL5OPT=-MCarp::Always ./config BTW, would you be so kind and check the value of $PERL5OPT for me? That might be relevant... Cheers, Richard In message <21fe7178-6410-48f4-ad17-152454de0...@akamai.com> on Tue, 24 Jul 2018 16:49:24 +, "Salz, Rich" said: rsalz> ; g status rsalz> On branch master rsalz> Your branch is up-to-date with 'origin/master'. rsalz> nothing to commit, working directory clean rsalz> ; g pull rsalz> Current branch master is up to date. rsalz> ; rsalz> rsalz> ; ./config rsalz> Operating system: x86_64-whatever-linux2 rsalz> Configuring OpenSSL version 1.1.1-pre9-dev (0x10101009L) for linux-x86_64 rsalz> Using os-specific seed configuration rsalz> rsalz> Failure! build file wasn't produced. rsalz> Please read INSTALL and associated NOTES files. You may also have to look over rsalz> your available compiler tool chain or change your configuration. rsalz> rsalz> rsalz> Failure! build file wasn't produced. rsalz> Please read INSTALL and associated NOTES files. You may also have to look over rsalz> your available compiler tool chain or change your configuration. rsalz> rsalz> rsalz> Failure! build file wasn't produced. rsalz> Please read INSTALL and associated NOTES files. You may also have to look over rsalz> your available compiler tool chain or change your configuration. rsalz> rsalz> Creating configdata.pm rsalz> Creating Makefile rsalz> rsalz> ** rsalz> ****** rsalz> *** If you want to report a building issue, please include the *** rsalz> *** output from this command:*** rsalz> ****** rsalz> *** perl configdata.pm --dump *** rsalz> ****** rsalz> ** rsalz> ; rsalz> ; perl configdata.pm --dump rsalz> rsalz> Command line (with current working directory = .): rsalz> rsalz> /usr/bin/perl ./Configure linux-x86_64 rsalz> rsalz> Perl information: rsalz> rsalz> /usr/bin/perl rsalz> 5.18.2 for x86_64-linux-gnu-thread-multi rsalz> rsalz> Enabled features: rsalz> rsalz> aria rsalz> asm rsalz> async rsalz> autoalginit rsalz> autoerrinit rsalz> autoload-config rsalz> bf rsalz> blake2 rsalz> camellia rsalz> capieng rsalz> cast rsalz> chacha rsalz> cmac rsalz> cms rsalz> comp rsalz> ct rsalz> deprecated rsalz> des rsalz> dgram rsalz> dh rsalz> dsa rsalz> dso rsalz> dtls rsalz> dynamic-engine rsalz> ec rsalz> ec2m rsalz> ecdh rsalz> ecdsa rsalz> engine rsalz> err rsalz> filenames rsalz> gost rsalz> hw(-.+)? rsalz> idea rsalz> makedepend rsalz> md4 rsalz> mdc2 rsalz> multiblock rsalz> nextprotoneg rsalz> ocb rsalz> ocsp rsalz> pic rsalz> poly1305 rsalz> posix-io rsalz> psk rsalz> rc2 rsalz> rc4 rsalz> rdrand rsalz> rfc3779 rsalz> rmd160 rsalz> scrypt rsalz> seed rsalz> shared rsalz> siphash rsalz> sm2 rsalz> sm3 rsalz> sm4 rsalz> sock rsalz> srp rsalz> srtp rsalz> sse2 rsalz> ssl rsalz> static-engine rsalz> stdio rsalz> tests rsalz> threads rsalz> tls rsalz> ts rsalz> ui-console rsalz> whirlpool rsalz> tls1 rsalz> tls1-method rsalz> tls1_1 rsalz> tls1_1-method rsalz> tls1_2 rsalz> tls1_2-method rsalz> tls1_3 rsalz> dtls1 rsalz> dtls1-method rsalz> dtls1_2 rsalz> dtls1_2-method rsalz> rsalz> Disabled features: rsalz> rsalz> afalgeng[too-old-kernel] rsalz> asan[default]OPENSSL_NO_ASAN rsalz> crypto-mdebug [default]OPENSSL_NO_CRYPTO_MDEBUG rsalz> crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE rsalz> devcryptoeng[default]OPENSSL_NO_DEVCRYPTOENG rsalz> ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 rsalz> egd [default]OPENSSL_NO_EGD rsalz> external-tests [default]OPENSSL_NO_EXTERNAL_TESTS rsalz> fuzz-libfuzzer [default]OPENSSL_NO_FUZZ_LIBFUZZER rsalz> fuzz-afl[default]OPENSSL_NO_FUZZ_AFL rsalz> heartbeats [default]OPENSSL_NO_HEARTBEATS rsalz> md2 [default]OPENSSL_NO_MD2 (skip crypto/md2) rsalz>
[openssl-project] master is broken?
; g status On branch master Your branch is up-to-date with 'origin/master'. nothing to commit, working directory clean ; g pull Current branch master is up to date. ; ; ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1-pre9-dev (0x10101009L) for linux-x86_64 Using os-specific seed configuration Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. Creating configdata.pm Creating Makefile ** ****** *** If you want to report a building issue, please include the *** *** output from this command:*** ****** *** perl configdata.pm --dump *** ****** ** ; ; perl configdata.pm --dump Command line (with current working directory = .): /usr/bin/perl ./Configure linux-x86_64 Perl information: /usr/bin/perl 5.18.2 for x86_64-linux-gnu-thread-multi Enabled features: aria asm async autoalginit autoerrinit autoload-config bf blake2 camellia capieng cast chacha cmac cms comp ct deprecated des dgram dh dsa dso dtls dynamic-engine ec ec2m ecdh ecdsa engine err filenames gost hw(-.+)? idea makedepend md4 mdc2 multiblock nextprotoneg ocb ocsp pic poly1305 posix-io psk rc2 rc4 rdrand rfc3779 rmd160 scrypt seed shared siphash sm2 sm3 sm4 sock srp srtp sse2 ssl static-engine stdio tests threads tls ts ui-console whirlpool tls1 tls1-method tls1_1 tls1_1-method tls1_2 tls1_2-method tls1_3 dtls1 dtls1-method dtls1_2 dtls1_2-method Disabled features: afalgeng[too-old-kernel] asan[default]OPENSSL_NO_ASAN crypto-mdebug [default]OPENSSL_NO_CRYPTO_MDEBUG crypto-mdebug-backtrace [default]OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE devcryptoeng[default]OPENSSL_NO_DEVCRYPTOENG ec_nistp_64_gcc_128 [default]OPENSSL_NO_EC_NISTP_64_GCC_128 egd [default]OPENSSL_NO_EGD external-tests [default]OPENSSL_NO_EXTERNAL_TESTS fuzz-libfuzzer [default]OPENSSL_NO_FUZZ_LIBFUZZER fuzz-afl[default]OPENSSL_NO_FUZZ_AFL heartbeats [default]OPENSSL_NO_HEARTBEATS md2 [default]OPENSSL_NO_MD2 (skip crypto/md2) msan[default]OPENSSL_NO_MSAN rc5 [default]OPENSSL_NO_RC5 (skip crypto/rc5) sctp[default]OPENSSL_NO_SCTP ssl-trace [default]OPENSSL_NO_SSL_TRACE tls13downgrade [default]OPENSSL_NO_TLS13DOWNGRADE ubsan [default]OPENSSL_NO_UBSAN unit-test [default]OPENSSL_NO_UNIT_TEST weak-ssl-ciphers[default]OPENSSL_NO_WEAK_SSL_CIPHERS zlib[default] zlib-dynamic[default] ssl3[default]OPENSSL_NO_SSL3 ssl3-method [default]OPENSSL_NO_SSL3_METHOD Config target attributes: AR => "ar", ARFLAGS => "r", CC => "gcc", CFLAGS => "-Wall -O3", CXX => "g++", CXXFLAGS => "-Wall -O3", HASHBANGPERL => "/usr/bin/env perl", RANLIB => "ranlib", RC => "windres", aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", apps_aux_src => "", apps_init_src => "", apps_obj => "", bf_asm_src => "bf_enc.c", bf_obj => "bf_enc.o", bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s", bn_obj => "asm/x86_64-gcc.o x86_64-mont.o
Re: [openssl-project] To distribute just the repo file, or the result of 'make dist'?
In message <20180724122839.ga2...@roeckx.be> on Tue, 24 Jul 2018 14:28:40 +0200, Kurt Roeckx said: kurt> On Tue, Jul 24, 2018 at 02:08:46PM +0200, Richard Levitte wrote: kurt> > kurt> > The original intention (way back, I think we're even talking SSLeay kurt> > time here, but at the very least pre-1.0.0 time) was to make a tarball kurt> > that can be built directly with just a 'make' on any Unix box and kurt> > without requiring perl. kurt> kurt> I don't see how that could work our current system. As far as I kurt> know, it's actually confired for a system, and it will not work kurt> properly on an other. It would just work on the same system as kurt> that we ran config on. Hmm? The dist target (Configurations/dist.conf) creates a *very* generic Makefile with no system specific files. It assumes LP32 and very generic C compiler command line. It doesn't support assembler modules, threads or shared libraries... that cuts away quite a lot of system dependencies. The only thing that's needed to make the resulting directory tree free of the need for perl is 'make build_all_generated'. kurt> > 1. Don't release pre-configured tarballs. This is a very simple kurt> > thing to do, all we have to do is use 'make tar' to create kurt> > tarballs instead of 'make dist'. We could remove the dist target kurt> > entirely while we're at it. kurt> kurt> This makes most sense to me. Yes, it does to me as well, especially considering we're encouraging everyone to configure anyway. -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] To distribute just the repo file, or the result of 'make dist'?
On Tue, Jul 24, 2018 at 02:28:40PM +0200, Kurt Roeckx wrote: > On Tue, Jul 24, 2018 at 02:08:46PM +0200, Richard Levitte wrote: > > > > The original intention (way back, I think we're even talking SSLeay > > time here, but at the very least pre-1.0.0 time) was to make a tarball > > that can be built directly with just a 'make' on any Unix box and > > without requiring perl. > > I don't see how that could work our current system. As far as I > know, it's actually confired for a system, and it will not work > properly on an other. It would just work on the same system as > that we ran config on. > > > 1. Don't release pre-configured tarballs. This is a very simple > > thing to do, all we have to do is use 'make tar' to create > > tarballs instead of 'make dist'. We could remove the dist target > > entirely while we're at it. > > This makes most sense to me. To me as well. (As a side note, OpenAFS also has something called 'make dist' that is functionally different, but also has deep historical roots and is also something I'm trying to get rid of.) -Ben ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] To distribute just the repo file, or the result of 'make dist'?
This is a question that's been asked before, and that has popped up again in https://github.com/openssl/openssl/issues/6765 Our current mechanism for creating tarballs for a new OpenSSL release is to run 'make dist' in any given build tree... it's a bit clumsy, as it needs a wasted configuration if it's done in a newly checked out work tree, but is designed to work correctly from any build tree. The original intention (way back, I think we're even talking SSLeay time here, but at the very least pre-1.0.0 time) was to make a tarball that can be built directly with just a 'make' on any Unix box and without requiring perl. Since 1.1.0, though, the tarballs do require perl to generate certain files, such as include/openssl/opensslconf.h. That makes a pre-configured distribution less benefitial. Also, if anyone tries to run 'nmake' on Windows without configuring first, they get a nasty and quite confusing surprise... I think the same happens on VMS, although I haven't tested that. I can see two way to fix this: 1. Don't release pre-configured tarballs. This is a very simple thing to do, all we have to do is use 'make tar' to create tarballs instead of 'make dist'. We could remove the dist target entirely while we're at it. 2. Restore the no-perl benefit with a tarball distributed with 'make dist' (which is very simple due to 'make build_all_generated'). 3. Have the 'dist' config target generate a really dumbed down Makefile that contains the same well known targets as the usual build files, but makes sure to run some kind of fancy script (supposedly in perl) that runs a proper configuration for the platform at hand. (actually, the first item doesn't depend on the rest, but the answer will direct our focus) Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
