search

jitsi / luajwtjitsi

JWT tokens for Lua
MIT License
18 stars 10 forks source link

Update lua-cjson dependency #2

Closed mhupfauer closed 3 years ago

mhupfauer commented 3 years ago

With Debian 10 and lua 5.2 the lua-cjson dependency no longer works. Upgraded to version 2.1.0.9-1 and did not notice any issues whatsoever.

https://github.com/openresty/lua-cjson/blob/master/lua-cjson-2.1.0.9-1.rockspec

There are several issues on the forum regarding this: https://community.jitsi.org/t/jwt-token-authentication-broken-on-debian-10-with-openssl-1-1/31027/5

saghul commented 3 years ago

How did you install it? We use it on Debian 10 as follows: https://github.com/jitsi/docker-jitsi-meet/blob/ec570baee661838622e69735a5aa26123a4bd769/prosody/Dockerfile#L17 the dependency is strict and that version should work fine with lua 5.2. What error do you get?

mhupfauer commented 3 years ago

Packageinfo:

root@jitsi-web:~# apt show jitsi-meet-tokens
Package: jitsi-meet-tokens
Version: 1.0.4628-1
Priority: extra
Section: net
Source: jitsi-meet-web
Maintainer: Jitsi Team <dev@jitsi.org>
Installed-Size: 20.5 kB
Depends: debconf (>= 0.5) | debconf-2.0, prosody-trunk (>= 1nightly747) | prosody-0.11 | prosody (>= 0.11.2), libssl1.0-dev | libssl-dev, luarocks, jitsi-meet-prosody, git
Homepage: https://jitsi.org/meet
Download-Size: 4,372 B
APT-Manual-Installed: yes
APT-Sources: https://download.jitsi.org stable/ Packages
Description: Prosody token authentication plugin for Jitsi Meet

Luarocks info:

CONFIGURATION
        Lua version: 5.2
        Configuration files:
                System: /etc/luarocks/config.lua (ok)
                User  : /root/.luarocks/config-5.2.lua (not found)

        Rocks trees in use:
                /root/.luarocks
                /usr/local

luarocks list:

Installed rocks:
----------------

basexx
   0.4.1-1 (installed) - /usr/local/lib/luarocks/rocks

lbase64
   20120807-3 (installed) - /usr/local/lib/luarocks/rocks

lua-cjson
   2.1.0-1 (installed) - /usr/local/lib/luarocks/rocks

luacrypto
   0.3.2-2 (installed) - /usr/local/lib/luarocks/rocks

luajwtjitsi
   2.0-0 (installed) - /usr/local/lib/luarocks/rocks

luaossl
   20200709-0 (installed) - /usr/local/lib/luarocks/rocks

luasec
   1.0-1 (installed) - /usr/local/lib/luarocks/rocks

luasocket
   3.0rc1-2 (installed) - /usr/local/lib/luarocks/rocks

Note: I didn't want to change the deb package so I downgraded the version info of lua-cjson of my own build (got from https://github.com/openresty/lua-cjson and built). However the installed version is 2.1.0.9-1.

saghul commented 3 years ago

I'm a bit confused. All looks good there. What is the problem you are having?

mhupfauer commented 3 years ago

When installing with apt-get install jitsi-meet-tokens the dependency resolution of luarocks is the problem I think.

luajwtjitsi 1.3-7 depends on luacrypto >= 0.3.2-1 (not installed)
Installing http s://luarocks.org/luacrypto-0.3.2-2.src.rock
gcc -O2 -fPIC -I/usr/include/lua5.2 -c src/lcrypto.c -o src/lcrypto.o -I/usr/include
src/lcrypto.c:30:10: fatal error: lua.h: No such file or directory
#include “lua.h”
^~~~~~~
compilation terminated.
Error: Failed installing dependency: http s://luarocks.org/luacrypto-0.3.2-2.src.rock - Build error: Failed compiling object src/lcrypto.o

luacrypto uses whatever lua_cjson is installed. However lua_cjson uses the function lua_objlen which has been deprecated with 5.2 and now it should utilize lua_rawlen. lua_cjson addressed this in

https://github.com/openresty/lua-cjson/blob/891962b11d6d3b1b7275550b5c109e16c73ac94f/lua_cjson.c#L106

However this change is not included in lua_cjson 2.1.0-1.

saghul commented 3 years ago

The current version of this plugin no longer uses luacrypto, you seem to be getting the old version somehow.