Re: [squid-dev] squid master build with alternate openssl fails
On 5/8/20 5:11 PM, Francesco Chemolli wrote: > I rebuild our docker > images once a month to ensure they're fresh with what's in the wild. FWIW, I think montly update frequency is excessive when there is no adequate update validation. I speculate that we are spending more time on faulty build tests than on fixing true build bugs the tests expose. > To decide how much effort to invest, how prevalent is this situation? On > Linux I'd expect this to be pretty much a corner case by now, is it not? Unfortunately, we do not know. Folks running SslBump on older OS releases may want to build with newer OpenSSL releases. Is that 1% of Squid deployments? 10%? 20% of those deployments that matter? Unknown. If it takes more than a few hours to change an existing (or add a new) test node that uses custom library locations for --with-foo=PATH options, then I would not do it (for now). You have bigger fish to catch. Alex. ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On 10/05/20 7:53 pm, Amos Jeffries wrote: > On 10/05/20 7:02 pm, Christos Tsantilas wrote: >> On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >>> Does this change resolve the issue for you? >> >> It is a step but this is not enough. >> >> I am attaching a patch which finally solved the issue. However still it >> is not enough, there are other similar cases need to be fixed in >> squid-util.m4 and probably in configure.ac >> > > That configure.ac change is wrong. It really should be checking for ' = > "xyes" ' because this library is supposed to be auto-disabled. eg for > the default value of nil. > > > The defun'd macro line "set with_$squid_auto_lib = yes" should be > changing with_openssl to "yes". If not, that is a bug. > Your patch helped me track it down though. The whitespace around "+=" is breaking those assignments. I will submit a PR fixing this shortly. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On 10/05/20 7:02 pm, Christos Tsantilas wrote: > On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: >> Does this change resolve the issue for you? > > It is a step but this is not enough. > > I am attaching a patch which finally solved the issue. However still it > is not enough, there are other similar cases need to be fixed in > squid-util.m4 and probably in configure.ac > That configure.ac change is wrong. It really should be checking for ' = "xyes" ' because this library is supposed to be auto-disabled. eg for the default value of nil. The defun'd macro line "set with_$squid_auto_lib = yes" should be changing with_openssl to "yes". If not, that is a bug. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On 8/5/20 5:50 μ.μ., Amos Jeffries wrote: Does this change resolve the issue for you? It is a step but this is not enough. I am attaching a patch which finally solved the issue. However still it is not enough, there are other similar cases need to be fixed in squid-util.m4 and probably in configure.ac diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 7f5a72e5b..5860b690e 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -188,9 +188,9 @@ AC_DEFUN([SQUID_OPTIONAL_LIB],[ squid_auto_lib=`echo $1|tr "\-" "_"` set with_$squid_auto_lib = no AC_ARG_WITH([$1],AS_HELP_STRING([--with-$1],[Compile with the $2 library.]),[ -AS_CASE(["$with_$1"],[yes|no],,[ - AS_IF([test ! -d "$with_$1"],AC_MSG_ERROR([--with-$1 path does not point to a directory])) - with_$squid_auto_lib=yes +AS_CASE(["$withval"],[yes|no],,[ + AS_IF([test ! -d "$withval"],AC_MSG_ERROR([--with-$1 path does not point to a directory])) + set with_$squid_auto_lib = yes AS_IF([test -d "$withval/lib64"],[$3_PATH += "-L$withval/lib64"]) AS_IF([test -d "$withval/lib"],[$3_PATH += "-L$withval/lib"]) $3_CFLAGS="-I$withval/include" ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 7f5a72e5b..e48d2c8f9 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -190,9 +190,9 @@ AC_DEFUN([SQUID_OPTIONAL_LIB],[ AC_ARG_WITH([$1],AS_HELP_STRING([--with-$1],[Compile with the $2 library.]),[ AS_CASE(["$with_$1"],[yes|no],,[ AS_IF([test ! -d "$with_$1"],AC_MSG_ERROR([--with-$1 path does not point to a directory])) - with_$squid_auto_lib=yes - AS_IF([test -d "$withval/lib64"],[$3_PATH += "-L$withval/lib64"]) - AS_IF([test -d "$withval/lib"],[$3_PATH += "-L$withval/lib"]) + set with_$squid_auto_lib = yes + AS_IF([test -d "$withval/lib64"],[$3_PATH+="-L$withval/lib64"]) + AS_IF([test -d "$withval/lib"],[$3_PATH+="-L$withval/lib"]) $3_CFLAGS="-I$withval/include" ]) ]) diff --git a/configure.ac b/configure.ac index 2260d09c6..49f79a499 100644 --- a/configure.ac +++ b/configure.ac @@ -1261,7 +1261,7 @@ dnl User may specify OpenSSL is needed from a non-standard location SQUID_OPTIONAL_LIB(openssl,[OpenSSL],[LIBOPENSSL]) AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available]) ## OpenSSL is default disable due to licensing issues on some OS -if test "x$with_openssl" = "xyes"; then +if test "x$with_openssl" != "xno"; then CPPFLAGS="$LIBOPENSSL_CFLAGS $CPPFLAGS" AC_CHECK_HEADERS( \ openssl/asn1.h \ ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On Fri, May 8, 2020 at 3:58 PM Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 5/8/20 10:12 AM, Christos Tsantilas wrote: > > > Squid master 699ade2d fails to build with an alternate OpenSsl, when the > > "--with-openssl=/path/to/openssl" is used. > > Francesco, builds with custom OpenSSL paths are not that uncommon, > especially among SslBump admins. Would you be able to test that kind of > configuration in one of the Jenkins tests? It can be even combined with > other custom-path tests. Or is this too custom/special to warrant an > automated test in your opinion? The most complicated part is to prep and keep uptodate a test environment with openssl in a nonstandard location; I rebuild our docker images once a month to ensure they're fresh with what's in the wild. To decide how much effort to invest, how prevalent is this situation? On Linux I'd expect this to be pretty much a corner case by now, is it not? -- Francesco ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On 9/05/20 2:58 am, Alex Rousskov wrote: > On 5/8/20 10:12 AM, Christos Tsantilas wrote: > >> Squid master 699ade2d fails to build with an alternate OpenSsl, when the >> "--with-openssl=/path/to/openssl" is used. > > Francesco, builds with custom OpenSSL paths are not that uncommon, > especially among SslBump admins. Would you be able to test that kind of > configuration in one of the Jenkins tests? It can be even combined with > other custom-path tests. Or is this too custom/special to warrant an > automated test in your opinion? > > >> I think that the issue added with the commit 245314010. > > I speculate that the bug is related to the disappearance of the > LIBOPENSSL_PATH assignment in that commit. We still use that variable, > but we no longer set it. > > > Amos, would you be able to fix this? It is set by $3_PATH in the SQUID_OPTIONAL_LIB macro, then set into SSLLIB when the files are confirmed. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
On 5/8/20 10:12 AM, Christos Tsantilas wrote: > Squid master 699ade2d fails to build with an alternate OpenSsl, when the > "--with-openssl=/path/to/openssl" is used. Francesco, builds with custom OpenSSL paths are not that uncommon, especially among SslBump admins. Would you be able to test that kind of configuration in one of the Jenkins tests? It can be even combined with other custom-path tests. Or is this too custom/special to warrant an automated test in your opinion? > I think that the issue added with the commit 245314010. I speculate that the bug is related to the disappearance of the LIBOPENSSL_PATH assignment in that commit. We still use that variable, but we no longer set it. Amos, would you be able to fix this? Thank you, Alex. > Example build output: > g++ -DHAVE_CONFIG_H > -DDEFAULT_CONFIG_FILE=\"/usr/local/squid3-cvs/etc/squid.conf\" > -DDEFAULT_SQUID_DATA_DIR=\"/usr/local/squid3-cvs/share\" > -DDEFAULT_SQUID_CONFIG_DIR=\"/usr/local/squid3-cvs/etc\" -I.. > -I../include -I../lib -I../src -I../include -I../src > -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments > -Wshadow -Woverloaded-virtual -Werror -pipe -D_REENTRANT > -I/usr/include/libxml2 -m64 -I/usr/include/p11-kit-1 -g -O2 > -march=native -MT CacheDigest.o -MD -MP -MF $depbase.Tpo -c -o > CacheDigest.o CacheDigest.cc &&\ > mv -f $depbase.Tpo $depbase.Po > In file included from cache_cf.cc:3427:0: > cf_parser.cci: In function ‘int parse_line(char*)’: > cf_parser.cci:1466:20: error: ‘Ssl’ has not been declared > parse_eol(&Ssl::TheConfig.ssl_crtd); > ... > > > My understanding is that squid enables ssl-crtd build (--with-ssl-crtd > is given) but fails to detect OpenSsl correctly. ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] squid master build with alternate openssl fails
Does this change resolve the issue for you? diff --git a/acinclude/squid-util.m4 b/acinclude/squid-util.m4 index 7f5a72e5b..5860b690e 100644 --- a/acinclude/squid-util.m4 +++ b/acinclude/squid-util.m4 @@ -188,9 +188,9 @@ AC_DEFUN([SQUID_OPTIONAL_LIB],[ squid_auto_lib=`echo $1|tr "\-" "_"` set with_$squid_auto_lib = no AC_ARG_WITH([$1],AS_HELP_STRING([--with-$1],[Compile with the $2 library.]),[ -AS_CASE(["$with_$1"],[yes|no],,[ - AS_IF([test ! -d "$with_$1"],AC_MSG_ERROR([--with-$1 path does not point to a directory])) - with_$squid_auto_lib=yes +AS_CASE(["$withval"],[yes|no],,[ + AS_IF([test ! -d "$withval"],AC_MSG_ERROR([--with-$1 path does not point to a directory])) + set with_$squid_auto_lib = yes AS_IF([test -d "$withval/lib64"],[$3_PATH += "-L$withval/lib64"]) AS_IF([test -d "$withval/lib"],[$3_PATH += "-L$withval/lib"]) $3_CFLAGS="-I$withval/include" ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
[squid-dev] squid master build with alternate openssl fails
Hi all, Squid master 699ade2d fails to build with an alternate OpenSsl, when the "--with-openssl=/path/to/openssl" is used. I think that the issue added with the commit 245314010. Example build output: g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/usr/local/squid3-cvs/etc/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/local/squid3-cvs/share\" -DDEFAULT_SQUID_CONFIG_DIR=\"/usr/local/squid3-cvs/etc\" -I.. -I../include -I../lib -I../src -I../include-I../src -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -Werror -pipe -D_REENTRANT -I/usr/include/libxml2 -m64-I/usr/include/p11-kit-1 -g -O2 -march=native -MT CacheDigest.o -MD -MP -MF $depbase.Tpo -c -o CacheDigest.o CacheDigest.cc &&\ mv -f $depbase.Tpo $depbase.Po In file included from cache_cf.cc:3427:0: cf_parser.cci: In function ‘int parse_line(char*)’: cf_parser.cci:1466:20: error: ‘Ssl’ has not been declared parse_eol(&Ssl::TheConfig.ssl_crtd); ... My understanding is that squid enables ssl-crtd build (--with-ssl-crtd is given) but fails to detect OpenSsl correctly. ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev