X-RT-Interface: Email References: content-type: text/plain; charset="utf-8" From: "Robert Crowston" From crowston@protonmail.com Sat Nov 21 14:05:44 2020 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch MIME-Version: 1.0 Date: Sat, 21 Nov 2020 19:05:36 +0000 Subject: Re: [krbdev.mit.edu #8968] Building 1.18.3 on OpenBSD 6.8 amd64 Content-Transfer-Encoding: quoted-printable Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1605985541; bh=Ey+fEEbLuYdGPCCa2391r9lhyh8H/esgVxXKqXYaKds=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; b=ZphzIrr/IDAiD8bbMXX6oF6imH2Bg+0McaV2il97tD9TyC3sHEgDlJFNEmk6wTPUy 4RJaNPMvFwEi2bdXyg1D9wYhRBLMERS7tLxWYpJWf89BDjSywVuATEl3lXPbm8RHG+ qoDPzDSzdyle/aPg3Hw8ESN8b2HUZ709Hhec8S3M= X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 In-Reply-To: Message-ID: Reply-To: "Robert Crowston" Return-Path: X-RT-Incoming-Encryption: Not encrypted To: "rt@krbdev.mit.edu" Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) by krbdev.mit.edu (Postfix) with ESMTPS id 1ECB640167 for ; Sat, 21 Nov 2020 14:05:44 -0500 (EST) X-RT-Original-Encoding: utf-8 RT-Message-ID: Content-Length: 1849 Actually, I think I confused myself because of the ld problems: after implementing points 2, 3, 4 of my original mail, I can build with ./configure --disable-pkinit. — RHC. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, 21 November 2020 18:47, Greg Hudson via RT wrote: > Thanks for this writeup. > > What goes wrong when trying to build with gcc? Although I prefer clang over > gcc, I don't know if there's a great path forward here. autoconf (as a Gnu > project) is unlikely to stop preferring gcc. There are thousands of > autoconf-using source distributions, and for each one of them to add its own > per-platform decisions about the default compiler would be inefficient and > unreliable. > > Changing shlib.conf to use $(CC) -shared is probably good. I note that NetBSD > uses LDCOMBINE='$(CC) -shared' (no other flags); I don't know if there's a > reason for the discrepancy with Linux platforms. > > I would ordinarily expect that if a platform implements libm functions in libc > that it would leave behind a stub libm, since -lm has a long history. But a > configure test is appropriate now that there is an example of a platform that > chose not to do that. > > The PKINIT LibreSSL incompatibility comes about mainly because LibreSSL defines > OPENSSL_VERSION_NUMBER to 0x20000000L, essentially declaring itself to be > OpenSSL 2.0, while having no interest in maintaining compatibility with > OpenSSL's API changes (or even some of its pre-existing features, such as CMS). > People have written PKINIT patches to work around this, but it's really > inelegant, and the rough consensus has been to push back against LibreSSL's bad > practice here rather than accept it. I think it would be reasonable for > configure to detect whether libcrypto comes from LibreSSL and disable PKINIT.