search

open-quantum-safe / oqs-demos

PARTIALLY SUPPORTED Instructions for enabling the use of quantum-safe cryptography in assorted software using the OQS suite. CONTRIBUTORS WANTED.
https://openquantumsafe.org/
125 stars 68 forks source link

haproxy build failed on MacOS #226

Open mukeshmohanan opened 1 year ago

mukeshmohanan commented 1 year ago

haproxy build failing in MacOS

aishwaryanarayanan@Aishwaryas-MBP haproxy % uname -a Darwin Aishwaryas-MBP.fritz.box 22.5.0 Darwin Kernel Version 22.5.0: Thu Jun 8 22:22:20 PDT 2023; root:xnu-8796.121.3~7/RELEASE_ARM64_T6000 arm64 aishwaryanarayanan@Aishwaryas-MBP haproxy %

error message captured below, I tried to the Dockerfile with darwin64-arm64-cc arg against the ./Configure but that does not help

am missing some pre-requisite to build this in MacOS ?

=> ERROR [intermediate  8/12] RUN LDFLAGS="-Wl,-rpath -Wl,/opt/oqssa/lib" ./Configure linux-x86_64 -lm --prefix=/opt/oqssa && if [[ -z "" ]] ; then nproc=$(getconf _NPROCESSORS_ONLN) && MAKE_DEFINES="-j $np  1.7s
------                                                                                                                                                                                                                
 > [intermediate  8/12] RUN LDFLAGS="-Wl,-rpath -Wl,/opt/oqssa/lib" ./Configure linux-x86_64 -lm --prefix=/opt/oqssa && if [[ -z "" ]] ; then nproc=$(getconf _NPROCESSORS_ONLN) && MAKE_DEFINES="-j $nproc"; fi && make  && make install_sw:                                                                                                                                                                                               
#12 0.345 Configuring OpenSSL version 1.1.1u (0x1010115fL) for linux-x86_64                                                                                                                                           
#12 0.345 Using os-specific seed configuration                                                                                                                                                                        
#12 1.399 Creating configdata.pm                                                                                                                                                                                      
#12 1.399 Creating Makefile
#12 1.492 
#12 1.492 **********************************************************************
#12 1.492 ***                                                                ***
#12 1.492 ***   OpenSSL has been successfully configured                     ***
#12 1.492 ***                                                                ***
#12 1.492 ***   If you encounter a problem while building, please open an    ***
#12 1.492 ***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
#12 1.492 ***   and include the output from the following command:           ***
#12 1.492 ***                                                                ***
#12 1.492 ***       perl configdata.pm --dump                                ***
#12 1.492 ***                                                                ***
#12 1.492 ***   (If you are new to OpenSSL, you might want to consult the    ***
#12 1.492 ***   'Troubleshooting' section in the INSTALL file first)         ***
#12 1.492 ***                                                                ***
#12 1.492 **********************************************************************
#12 1.522 perl "-I." -Mconfigdata "util/dofile.pl" \
#12 1.522     "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
#12 1.522 perl "-I." -Mconfigdata "util/dofile.pl" \
#12 1.522     "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
#12 1.523 perl "-I." -Mconfigdata "util/dofile.pl" \
#12 1.523     "-oMakefile" include/openssl/opensslconf.h.in > include/openssl/opensslconf.h
#12 1.578 make depend && make _all
#12 1.589 make[1]: Entering directory '/root/openssl'
#12 1.653 make[1]: Leaving directory '/root/openssl'
#12 1.672 make[1]: Entering directory '/root/openssl'
#12 1.672 gcc  -I. -Iinclude -fPIC -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/oqssa/ssl\"" -DENGINESDIR="\"/opt/oqssa/lib/engines-1.1\"" -DNDEBUG  -MMD -MF apps/app_rand.d.tmp -MT apps/app_rand.o -c -o apps/app_rand.o apps/app_rand.c
#12 1.672 gcc  -I. -Iinclude -fPIC -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/oqssa/ssl\"" -DENGINESDIR="\"/opt/oqssa/lib/engines-1.1\"" -DNDEBUG  -MMD -MF apps/apps.d.tmp -MT apps/apps.o -c -o apps/apps.o apps/apps.c
#12 1.673 gcc  -I. -Iinclude -fPIC -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/oqssa/ssl\"" -DENGINESDIR="\"/opt/oqssa/lib/engines-1.1\"" -DNDEBUG  -MMD -MF apps/bf_prefix.d.tmp -MT apps/bf_prefix.o -c -o apps/bf_prefix.o apps/bf_prefix.c
#12 1.673 gcc  -I. -Iinclude -fPIC -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/oqssa/ssl\"" -DENGINESDIR="\"/opt/oqssa/lib/engines-1.1\"" -DNDEBUG  -MMD -MF apps/opt.d.tmp -MT apps/opt.o -c -o apps/opt.o apps/opt.c
#12 1.674 gcc  -I. -Iinclude -fPIC -pthread -m64 -Ioqs/include -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/oqssa/ssl\"" -DENGINESDIR="\"/opt/oqssa/lib/engines-1.1\"" -DNDEBUG  -MMD -MF apps/s_cb.d.tmp -MT apps/s_cb.o -c -o apps/s_cb.o apps/s_cb.c
#12 1.675 gcc: error: unrecognized command-line option '-m64'
#12 1.675 gcc: error: unrecognized command-line option '-m64'
#12 1.676 make[1]: *** [Makefile:756: apps/app_rand.o] Error 1
#12 1.676 make[1]: *** Waiting for unfinished jobs....
#12 1.676 gcc: error: unrecognized command-line option '-m64'
#12 1.676 make[1]: *** [Makefile:764: apps/apps.o] Error 1
#12 1.676 make[1]: *** [Makefile:772: apps/bf_prefix.o] Error 1
#12 1.678 gcc: error: unrecognized command-line option '-m64'
#12 1.678 gcc: error: unrecognized command-line option '-m64'
#12 1.678 make[1]: *** [Makefile:780: apps/opt.o] Error 1
#12 1.678 make[1]: *** [Makefile:788: apps/s_cb.o] Error 1
#12 1.678 make[1]: Leaving directory '/root/openssl'
#12 1.679 make: *** [Makefile:175: all] Error 2
baentsch commented 1 year ago

I'm afraid we are not supporting haproxy any more. In addition, the support for oqs-openssl111 that this old code is built on is also going EOL. Please let us know about your use case and we might re-prioritize. In any case, it would need to be added to #182.

mukeshmohanan commented 1 year ago

Okay. I understand support is only for ops-provider(which is base don opens 3.x) , I have used that few weeks back.

my use case to pack the haproxy container along with the sample webApp container with in a single , then expose the ha-proxy service alone to outside which will then forward the request back to the webapp service . For that I was trying to build the haproxy image using the steps outlined the README , but strange that gcc complains unrecognised command-line option '-m64' . I believe I miss something in MAC os set up . should I really need to set up a cross complier to make the docker build ? do you have any advise on the same ?

mukeshmohanan commented 1 year ago

Okay. I understand support is only for ops-provider(which is base don opens 3.x) , I have used that few weeks back.

my use case to pack the haproxy container along with the sample webApp container with in a single , then expose the ha-proxy service alone to outside which will then forward the request back to the webapp service . For that I was trying to build the haproxy image using the steps outlined the README , but strange that gcc complains unrecognised command-line option '-m64' . I believe I miss something in MAC os set up . should I really need to set up a cross complier to make the docker build ? do you have any advise on the same ?

I guess overlooked the same , the gcc error is ideally coming from the docker build isn't it ? so somehow the base image gcc throws error w.r.t to the gcc flag ? or am I terribly wrong ?

baentsch commented 1 year ago

I believe I miss something in MAC os set up . should I really need to set up a cross complier to make the docker build ? do you have any advise on the same ?

I'd personally always check what OpenSSL does for the platform I'm interested in (see https://github.com/openssl/openssl/tree/master/.github/workflows). In your case "darwin64-arm64" seems to be the right config option (instead of the x64 config option in our old haproxy Dockerfile).

mukeshmohanan commented 1 year ago

I believe I miss something in MAC os set up . should I really need to set up a cross complier to make the docker build ? do you have any advise on the same ?

I'd personally always check what OpenSSL does for the platform I'm interested in (see https://github.com/openssl/openssl/tree/master/.github/workflows). In your case "darwin64-arm64" seems to be the right config option (instead of the x64 config option in our old haproxy Dockerfile).

I tried that option , but not luck . error logs below . I wonder whether the gcc with in the alpine image is causing this issue or somehow the host gcc/architecture is causing . I believe people in his community already did similar build in Mac OS ARM so this os something verified stuff. So I assume it could be very much tied to the machine I do the build

aishwaryanarayanan@Aishwaryas-MBP haproxy % cat Dockerfile | grep darwin RUN LDFLAGS="-Wl,-rpath -Wl,$INSTALLPATH/lib" ./Configure darwin64-arm64-cc -prefix=$INSTALLPATH && if [[ -z "$MAKE_DEFINES" ]] ; then nproc=$(getconf _NPROCESSORS_ONLN) && MAKE_DEFINES="-j $nproc"; fi && make $MAKE_DEFINES && make install_sw aishwaryanarayanan@Aishwaryas-MBP haproxy %

13 1.523 make[1]: Entering directory '/root/openssl'

13 1.523 cc -I. -Iinclude -fPIC -arch arm64 -Ioqs/include -Wa,--noexecstack -O3 -Wall -prefix=/opt/oqssa -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -D_REENTRANT -DNDEBUG -MMD -MF apps/app_rand.d.tmp -MT apps/app_rand.o -c -o apps/app_rand.o apps/app_rand.c

13 1.523 cc -I. -Iinclude -fPIC -arch arm64 -Ioqs/include -Wa,--noexecstack -O3 -Wall -prefix=/opt/oqssa -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -D_REENTRANT -DNDEBUG -MMD -MF apps/apps.d.tmp -MT apps/apps.o -c -o apps/apps.o apps/apps.c

13 1.523 cc -I. -Iinclude -fPIC -arch arm64 -Ioqs/include -Wa,--noexecstack -O3 -Wall -prefix=/opt/oqssa -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -D_REENTRANT -DNDEBUG -MMD -MF apps/bf_prefix.d.tmp -MT apps/bf_prefix.o -c -o apps/bf_prefix.o apps/bf_prefix.c

13 1.524 cc -I. -Iinclude -fPIC -arch arm64 -Ioqs/include -Wa,--noexecstack -O3 -Wall -prefix=/opt/oqssa -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -D_REENTRANT -DNDEBUG -MMD -MF apps/opt.d.tmp -MT apps/opt.o -c -o apps/opt.o apps/opt.c

13 1.525 cc -I. -Iinclude -fPIC -arch arm64 -Ioqs/include -Wa,--noexecstack -O3 -Wall -prefix=/opt/oqssa -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -D_REENTRANT -DNDEBUG -MMD -MF apps/s_cb.d.tmp -MT apps/s_cb.o -c -o apps/s_cb.o apps/s_cb.c

13 1.525 cc: error: unrecognized command-line option '-arch'; did you mean '-march='?

13 1.527 cc: error: unrecognized command-line option '-arch'; did you mean '-march='?

13 1.527 cc: error: unrecognized command-line option '-arch'; did you mean '-march='?

13 1.527 cc: error: unrecognized command-line option '-arch'; did you mean '-march='?

13 1.531 cc: error: unrecognized command-line option '-prefix=/opt/oqssa'

baentsch commented 1 year ago

I'm afraid I'm out of my depth there: Those are OpenSSL compile errors on a platform I'm not familiar with. You probably have to ask the OpenSSL team for help on this. But then again, this is a pretty much EOL'd software version... I'd personally try moving everything over to OpenSSL3 rather than spend time on outdated software.