search

jeroen / openssl

OpenSSL bindings for R
Other
63 stars 21 forks source link

Is elliptic necessary? #15

Closed xfim closed 8 years ago

xfim commented 8 years ago

Hello,

I am trying to update "openssl", but I have found that in my Gentoo Linux the elliptic ec modules are not activated due to some licensing issues and therefore "openssl" complains:

bignum.c:4:24: fatal error: openssl/ec.h: File or directory does not exist
 #include <openssl/ec.h>
                        ^

Would it be possible to make elliptic module optional?

Thank you,

jeroen commented 8 years ago

I'm assuming openssl >= 1.0 on many places. It would be easier if you build a full version of openssl from source and link against that.

xfim commented 8 years ago

Jeroen Ooms vas escriure el dia dv, 29 gen 2016:

I'm assuming openssl >= 1.0 on many places. It would be easier if you build a full version of openssl from source and link against that.

Yes, I'm on 1.0.2e.

The problem is that Gentoo's compilation by default includes the possibiltity of allowing distribution of binaries (bindist), and then the ellipse stuff is disabled due to licensing issues.

But if I compile openssh without bindist, then other packages complain that they need it.

So my question was that if the ellipse stuff is really necessary and core to the package, it is OK and I will have to invent something (maybe keeping an openssl version compiled by myself only for this package), but if it is not, disabling it would be better.

I hope I have made myself clear.

Thank you for the effort of making R better and a safer place.

jeroen commented 8 years ago

I am usually opposed to making R packages overly configurable, because other packages that depend on the openssl package assume that certain functionality is available given a certain version of the package. If some installations don't include the ec stuff, we might get strange errors from other R packages that rely on that functionality.

Maybe you can build a static version of libssl and libcrypto in a temporary directory and link the R package against that?

I'll leave this topic open, if this turns out to be a common problem we'll have to find a better solution.

xfim commented 8 years ago

Jeroen Ooms vas escriure el dia dv, 29 gen 2016:

Oh hmm interesting. I general I am opposed to making R packages overly configurable, because other packages that depend on the openssl package assume that certain functionality is available given a certain version of the package. If we rip that out on particular platforms, you get all kind of strange import errors.

This is a very good point. I also think so.

Maybe you can build a static version of libssl and libcrypto in a temporary directory and link the R package against that?

Yes, I will have to do something like this, I'm afraid.

Thank you anyway.

xfim commented 8 years ago

I have been able to compile openssl with all support, but I am stuck trying to make "openssl" package link against it. I have compiled at "/usr/local/openssl". How should I tell openssl where to look for? I guess I must pass an argument configure.args in install.packages(), but I am quite lost. Thank you.

jeroen commented 8 years ago

Do you have a pkg-config file? What do you get for:

pkg-config --cflags openssl
pkg-config --libs openssl

If you put the proper openssl.pc file in your PKG_CONFIG_PATH it should pick up in it automatically. Alternatively you can also try setting the include/lib dir manually:

wget https://cran.r-project.org/src/contrib/openssl_0.9.1.tar.gz
R CMD INSTALL openssl_0.9.1.tar.gz \
   --configure-vars='INCLUDE_DIR=/usr/local/openssl/include LIB_DIR=/usr/local/openssl/lib'

Some systems might require you set LD_LIBRARY_PATH at runtime to the shared library path I think, but usually that is not needed.

xfim commented 8 years ago

Almost there! If I use the last option (setting include/lib dir manually) "openssl" package compiles (which is better that what I got before, with openssl being stuck in the compilation process), but it fails in the part of testing if the package can be loaded:

** testing if installed package can be loaded
Error in dyn.load(file, DLLpath = DLLpath, ...) :
  unable to load shared object '/usr/lib64/R/library/openssl/libs/openssl.so':
  /usr/lib64/R/library/openssl/libs/openssl.so: undefined symbol: EC_KEY_set_public_key_affine_coordinates
Error: loading failed

Any hint? Is it related to EC or ellipse stuff?

jeroen commented 8 years ago

I guess it is still picking up on the system version of libssl openssl when it loads the package. Can you try to statically link it? You can do this removing/renaming the dynamic or import libraries libssl.so.a and libcrypto.so.a or libssl.soandlibcrypto.sofrom/usr/local/openssl/lib` and then running the same command:

wget https://cran.r-project.org/src/contrib/openssl_0.9.1.tar.gz
R CMD INSTALL openssl_0.9.1.tar.gz \
   --configure-vars='INCLUDE_DIR=/usr/local/openssl/include LIB_DIR=/usr/local/openssl/lib'

It should then statically link against libcurl.a.

xfim commented 8 years ago

I have tried but with no luck. Still stuck in the loading of the package.

I have given up and recompiled the main openssl and openssh libraries in the system by previously deleting the package that was causing the trouble. Then installed the package and recompile the libraries again.

Thank you anyway for trying to help. I think this was a quite specific / personal issue, so for me, we can close it.

jeroen commented 8 years ago

I have made some changes in https://github.com/jeroenooms/openssl/commit/d4c9a8ad3b7e94bab389122a8e99e32008cead1c to support OPENSSL_NO_EC. Could you try to install the dev version and let me know if it works now?

library(devtools)
install_github("jeroenooms/openssl")
jeroen commented 8 years ago

@xfim ping? Can you test if it builds now?

xfim commented 8 years ago

Jeroen Ooms vas escriure el dia dt, 23 feb 2016:

@xfim ping? Can you test if it builds now?

Difficult this week, sorry Jeroen.

holgerbrandl commented 8 years ago

I struggled with the same problem.

It's kind of hard to test in a fresh installation since devtools depends on openssl via httr in the latest version. So to try it this is what I had to do

#install old version of httr to enable devtools installation
packageurl <- "http://cran.r-project.org/src/contrib/Archive/httr/httr_1.0.0.tar.gz"
install.packages(packageurl, repos=NULL, type="source")

install.packages("httr")
install.packages("devtools")

## replace with latest version to test patch
devtools::install_github("jeroenooms/openssl")

The good news is that the patch worked for me. :-)

jeroen commented 8 years ago

@holgerbrandl which platform are you on? You should be able to do:

git clone https://github.com/jeroenooms/openssl
R CMD INSTALL openssl
holgerbrandl commented 8 years ago

Linux, so indeed it would have been a bit simpler to do it that way. Thanks for letting me know.

jeroen commented 8 years ago

Which linux? :D I would like to know which distributions do not have EC.

holgerbrandl commented 8 years ago

ec.h was introduced in RedHat 6.5 ie CentOS 6.5, but my system still runs with CentOS 6.3.

jeroen commented 8 years ago

OK thanks. @holgerbrandl could you do me a favor and see if checks pass on your platform? Thanks!

git clone https://github.com/jeroenooms/openssl
R CMD build openssl
R CMD check openssl_0.9.2.tar.gz
jeroen commented 8 years ago

These fixes are on CRAN now so you should now just be able to use install.packages("openssl"). I am going to close this topic assuming the problem has been resolved. @xfim if you find there is still an issue on Gentoo, feel free to open a new issue.

holgerbrandl commented 8 years ago

The installation of 0.9.2 works for me via install.packages("openssl"). Thanks for the quick fix.

xfim commented 8 years ago

Again, sorry for the delay. I can happily confirm that in gentoo it works perfectly also. Thank you very much @jeroenooms .