search

libressl / portable

LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
https://www.libressl.org
1.36k stars 267 forks source link

Compile issues with LibreSSL 2.1.2 and nginx #51

Closed pouar closed 9 years ago

pouar commented 9 years ago

Trying to statically compile nginx with LibreSSL 2.1.2 following the instructions here https://www.mare-system.de/blog/page/1405201517/

It works perfectly fine with LibreSSL 2.1.1, but it won't compile with 2.1.2. One of those problems is that it's saying it can't find winsock2.h, which considering I'm trying to compile in Arch Linux, this obviously wasn't supposed to happen.

Here's the PKGBUILD

# $Id: PKGBUILD 107711 2014-03-18 17:19:21Z bpiotrowski $
# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
# Maintainer: Sébastien Luttringer
# Contributor: Sergej Pupykin <pupykin.s+arch@gmail.com>
# Contributor: Miroslaw Szot <mss@czlug.icis.pcz.pl>

pkgname=nginx-pouar
provides=('nginx')
conflicts=('nginx')
replaces=('nginx')
pkgver=1.7.8
pkgrel=1
pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server'
arch=('i686' 'x86_64')
url='http://nginx.org'
license=('custom')
depends=('pcre' 'zlib' 'openssl'  'geoip' 'geoip-database' 'gd')
makedepends=(
    'libxslt'
    'gd'
    'git'
)
backup=('etc/nginx/fastcgi.conf'
        'etc/nginx/fastcgi_params'
        'etc/nginx/koi-win'
        'etc/nginx/koi-utf'
        'etc/nginx/mime.types'
        'etc/nginx/nginx.conf'
        'etc/nginx/scgi_params'
        'etc/nginx/uwsgi_params'
        'etc/nginx/win-utf'
        'etc/logrotate.d/nginx')
install=nginx.install
_cachepurge_ver="2.2"
_cachepurge_dirname="ngx_cachepurge"
_slowfscache_ver="1.10"
_slowfscache_dirname="ngx_slowfscache"
_echo_ver="v0.57"
_echo_dirname="ngx_echo"
_headersmore_ver="v0.25"
_headersmore_dirname="ngx_headersmore"
_uploadprogress_ver="v0.9.1"
_uploadprogress_dirname="ngx_uploadprogress"
_upstreamfair_hash="a18b4099fbd458111983200e098b6f0c8efed4bc"
_upstreamfair_dirname="ngx_upstreamfair"
_authpam_ver="1.3"
_authpam_dirname="ngx_authpam"
_pagespeed_ver="1.9.32.2"
_pagespeed_dirname="ngx_pagespeed"
_accesskey_ver="2.0.3"
_accesskey_dirname="ngx_accesskey"
_rtmp_ver="v1.1.6"
_rtmp_dirname="ngx_rtmp"
_davext_ver="v0.0.3"
_davext_dirname="ngx_daxext"
_naxsi_ver="0.53-2"
_naxsi_dirname="ngx_naxsi"
_clojure_ver="v0.3.0"
_clojure_dirname="ngx_clojure"
_lua_ver="v0.9.13"
_lua_dirname="ngx_lua"
_http_internal_redirect_ver="0.6"
_http_internal_redirect_dirname="ngx_http_internal_redirect"
source=($url/download/nginx-$pkgver.tar.gz
        service
        logrotate
        "${_cachepurge_dirname}.tar.gz::http://labs.frickle.com/files/ngx_cache_purge-${_cachepurge_ver}.tar.gz"
        "${_slowfscache_dirname}.tar.gz::http://labs.frickle.com/files/ngx_slowfs_cache-${_slowfscache_ver}.tar.gz"
        "${_uploadprogress_dirname}.tar.gz::https://github.com/masterzen/nginx-upload-progress-module/tarball/${_uploadprogress_ver}"
        "${_headersmore_dirname}.tar.gz::https://github.com/agentzh/headers-more-nginx-module/tarball/${_headersmore_ver}"
        "${_echo_dirname}.tar.gz::https://github.com/agentzh/echo-nginx-module/tarball/${_echo_ver}"
        "${_upstreamfair_dirname}.tar.gz::https://github.com/gnosek/nginx-upstream-fair/tarball/${_upstreamfair_hash}"
        "${_authpam_dirname}.tar.gz::http://web.iti.upv.es/~sto/nginx/ngx_http_auth_pam_module-${_authpam_ver}.tar.gz"
        "${_pagespeed_dirname}.tar.gz::https://github.com/pagespeed/ngx_pagespeed/archive/v${_pagespeed_ver}-beta.tar.gz"
        "psol-${_pagespeed_ver}.tar.gz::https://dl.google.com/dl/page-speed/psol/${_pagespeed_ver}.tar.gz"
        "${_accesskey_dirname}.tar.gz::http://wiki.nginx.org/images/5/51/Nginx-accesskey-${_accesskey_ver}.tar.gz"
        "${_rtmp_dirname}.tar.gz::https://github.com/arut/nginx-rtmp-module/archive/${_rtmp_ver}.tar.gz"
        "${_davext_dirname}.tar.gz::https://github.com/arut/nginx-dav-ext-module/archive/${_davext_ver}.tar.gz"
        "${_naxsi_dirname}.tar.gz::https://github.com/nbs-system/naxsi/archive/${_naxsi_ver}.tar.gz"
        "${_clojure_dirname}.tar.gz::https://github.com/nginx-clojure/nginx-clojure/archive/${_clojure_ver}.tar.gz"
        "${_lua_dirname}.tar.gz::https://github.com/openresty/lua-nginx-module/archive/${_lua_ver}.tar.gz"
        "${_http_internal_redirect_dirname}.tar.gz::https://github.com/flygoast/ngx_http_internal_redirect/archive/v${_http_internal_redirect_ver}.tar.gz"
        git+https://github.com/simpl/ngx_mongo.git
        'http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.2.tar.gz'
        "libressl-dummy-rand-egd.patch"
        'nginx__libressl.patch')
md5sums=('fd5ab813fc1853cd8efe580ead577c3e'
         'ce9a06bcaf66ec4a3c4eb59b636e0dfd'
         '3441ce77cdd1aab6f0ab7e212698a8a7'
         '82c6281e14ffee73e0ad69c134d6e5e1'
         '68a1af12d5c1218fb2b3e05ed7ff6f0c'
         'f7dee95dbe8ada5f4d8e9d59ca1f4797'
         '10e178b0cecf6ce891ee297d32ba2f14'
         '1ba466e7efc03cd9934dd711ce9d84e7'
         'ac5e7f485476af70e0ee1c52016cddaf'
         'bf3c3389353f11f5f2047b67ce08ba79'
         '53d356f24cf2a67e45d0c1ba061ed839'
         '60a6b6e4e3c2fa7aff7fe25150b0f067'
         '9b5304346d5139b1841f5baa01ab0cbe'
         'ceca9874cd89e6027fae8178f5c3af86'
         '2cb502dbda335be4ebd5fed0b3182bae'
         '348b50914a1eedaed09a2509621adf43'
         'e43f86f16529179f754e4c96e1fdd84f'
         '23eecdc84fb996fe22f2ec7ff93622da'
         'b94a636bdfcac5c69f265d493a25874c'
         'SKIP'
         'c979a977e3b54fbecfa762c74a631bc3'
         '708f29ac93db537a705dfe1f6dac0a50'
         'SKIP')

prepare() {

  cd ${srcdir}

    cp -r ngx_cache_purge-* ${_cachepurge_dirname}
    cp -r ngx_slowfs_cache-* ${_slowfscache_dirname}
    cp -r openresty-headers-more-nginx-module-* ${_headersmore_dirname}
    cp -r openresty-echo-nginx-module-* ${_echo_dirname}
    cp -r masterzen-nginx-upload-progress-module-* ${_uploadprogress_dirname}
    cp -r gnosek-nginx-upstream-fair-* ${_upstreamfair_dirname}
    cp -r ngx_http_auth_pam_module-${_authpam_ver} ${_authpam_dirname}
    cp -r ngx_pagespeed-* ${_pagespeed_dirname}
    cp -r psol ${_pagespeed_dirname}/
    cp -r nginx-accesskey* ${_accesskey_dirname}
    cp -r nginx-rtmp-module* ${_rtmp_dirname}
    cp -r nginx-dav-ext-module* ${_davext_dirname}
    cp -r naxsi* ${_naxsi_dirname}
    cp -r nginx-clojure-* ${_clojure_dirname}
    cp -r lua-nginx-module-* ${_lua_dirname}
    cp -r ngx_http_internal_redirect-* ${_http_internal_redirect_dirname}
    # patch -Np0 < $srcdir/libressl-dummy-rand-egd.patch || exit 1
    #cd nginx-$pkgver
    #patch -Np1 < $srcdir/nginx__libressl.patch
}
build() {
    cd $srcdir/libressl-2.1.2
    echo "#! /bin/bash

./configure" > config
./configure && make -j8 check 
if  [ -d ".openssl" ]; then
  rm -Rf .openssl
fi

mkdir -p .openssl/lib

cp crypto/.libs/libcrypto.a ssl/.libs/libssl.a .openssl/lib
cd .openssl && ln -s ../include ./

  cd $srcdir/nginx-$pkgver
  ./configure \
   --with-openssl="$srcdir/libressl-2.1.2" \
    --prefix=/etc/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --sbin-path=/usr/bin/nginx \
    --pid-path=/run/nginx.pid \
    --lock-path=/run/lock/nginx.lock \
    --user=http \
    --group=http \
    --http-log-path=/var/log/nginx/access.log \
    --error-log-path=stderr \
    --http-client-body-temp-path=/var/lib/nginx/client-body \
    --http-proxy-temp-path=/var/lib/nginx/proxy \
    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
    --http-scgi-temp-path=/var/lib/nginx/scgi \
    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
    --with-imap \
    --with-imap_ssl_module \
    --with-ipv6 \
    --with-pcre-jit \
    --with-file-aio \
      --with-pcre \
        --with-libatomic  \
 --with-http_ssl_module  \
  --with-http_spdy_module  \
  --with-http_realip_module  \
  --with-http_addition_module  \
  --with-http_xslt_module   \
  --with-http_image_filter_module \
  --with-http_geoip_module   \
  --with-http_sub_module      \
  --with-http_dav_module     \
  --with-http_flv_module  \
  --with-http_mp4_module \
  --with-http_gunzip_module \
  --with-http_gzip_static_module  \
  --with-http_auth_request_module  \
  --with-http_random_index_module  \
  --with-http_secure_link_module  \
  --with-http_degradation_module \
  --with-http_stub_status_module \
    --with-http_perl_module \
      --with-mail  \
       --with-mail_ssl_module \
         --with-google_perftools_module \
     --with-poll_module \
       --with-rtsig_module  \
  --with-select_module \
                --add-module=../${_cachepurge_dirname} \
                --add-module=../${_echo_dirname} \
                --add-module=../${_headersmore_dirname} \
                --add-module=../${_slowfscache_dirname} \
                --add-module=../${_uploadprogress_dirname} \
                --add-module=../${_upstreamfair_dirname} \
                --add-module=../${_authpam_dirname} \
                --add-module=../${_pagespeed_dirname} \
                --add-module=../${_accesskey_dirname} \
                --add-module=../${_rtmp_dirname} \
                --add-module=../${_http_internal_redirect_dirname} \
                --add-module=../${_davext_dirname} \
                --add-module=../ngx_mongo

        touch $srcdir/libressl-2.1.2/.openssl/include/openssl/ssl.h

  make
}

package() {
  cd $srcdir/nginx-$pkgver
  make DESTDIR="$pkgdir" install

  sed -e 's|\<user\s\+\w\+;|user html;|g' \
    -e '44s|html|/usr/share/nginx/html|' \
    -e '54s|html|/usr/share/nginx/html|' \
    -i "$pkgdir"/etc/nginx/nginx.conf

  rm "$pkgdir"/etc/nginx/*.default

  install -d "$pkgdir"/var/lib/nginx
  install -dm700 "$pkgdir"/var/lib/nginx/proxy

  chmod 750 "$pkgdir"/var/log/nginx
  chown http:log "$pkgdir"/var/log/nginx

  install -d "$pkgdir"/usr/share/nginx
  cp -r "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx

  install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx
  install -Dm644 ../service "$pkgdir"/usr/lib/systemd/system/nginx.service
  install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE

  rmdir "$pkgdir"/run
}

# vim:set ts=2 sw=2 et:
busterb commented 9 years ago

I think your package needs serious work. If earlier versions of libressl worked with it, it was purely by accident. There are a few missing dependencies to start with:

makedepends=(
    'libxslt'
    'gd'
    'git'
    'gperftools'
    'yajl'
)

You appear to be both building libressl standalone and linking the tarball's private 'include' directory into your install path, and telling nginx to build and link it statically? These lines are certainly wrong, as you're 'installing' private include files by just linking that include directory:

cp crypto/.libs/libcrypto.a ssl/.libs/libssl.a .openssl/lib
cd .openssl && ln -s ../include ./

Do something like this instead:

./configure --prefix=/
make && make install DESTDIR=`pwd`/.openssl

I think your first instinct should be, if you need to run 'sudo pkgbuild --asroot', you're probably doing something wrong. Here's a modified version of your PKGBUILD I tested with the next release, though it still probably needs some work:

https://gist.github.com/busterb/5dbfaeb6b24b496d6339

busterb commented 9 years ago

The little config script hack should also be unneeded in the next release - I missed getting it packaged in the tarball in the last release. Check out this package as another example: https://github.com/technion/libressl_nginx