-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
warning: macOS truffleruby-head: TS_VERIFY_CTS_set_certs macro redefined in OpenSSL 3.1 #650
Comments
It seems this part in OpenSSL 3.1.1. https://github.com/openssl/openssl/blob/openssl-3.1.1/include/openssl/ts.h#L425-L427
|
From the log:
This doesn't seem correct. Both OpenSSL 1.1.1 and 3.1.1 are included. |
Hmm. Right. I can see both the |
Hi @eregon, I guess that you are familiar with the truffleruby things. We see the issue that the |
I opened the ticket for ruby-build: rbenv/ruby-build#2220 |
I tested by removing OpenSSL 1.1 include directory in the macos-latest truffleruby-head case. But the compiler warning still happens.
Here is the log. |
Even when skipping the compiler warning check in the CI case, the compiler error happens in my tests. https://github.com/junaruga/openssl/actions/runs/5621718703/job/15233027951#step:9:101
However I found the workaround for this issue. It seems that the problem is |
I'm confident TruffleRuby doesn't do this. So is this repo/the extconf.rb adding openssl in CPPFLAGS or so? |
It's related to this code: https://github.com/oracle/truffleruby/blob/16db2e64472e5f4d88176ae122815b6b291c0947/lib/truffle/rbconfig.rb#L97-L107 Maybe we should prefer libssl 3 to 1.1 in https://github.com/oracle/truffleruby/blob/16db2e64472e5f4d88176ae122815b6b291c0947/lib/truffle/truffle/openssl-prefix.rb Do you know what picks openssl 3 over 1.1 on macOS so that this repo CI's fail? |
I think the problem is that truffleruby-head is built on macos 11 but in that CI run is used on macos 12. And probably one of them has openssl 1.1 and the other not. |
According to Because where does openssl 3 come from then? |
FYI, using https://github.com/MSP-Greg/actions-image-testing/actions, but installing MRI Ruby may install another version?
|
With https://github.com/eregon/actions-shell/actions/runs/5623122665/job/15237147385
So something is quite weird here, the TruffleRuby logic should always consistently pick 1.1. |
Also it seemed to work fine on the last CI run on master: https://github.com/ruby/openssl/actions/runs/5532198527/job/14981073682 |
The difference between master and the PR is the runner image version: |
In this command line:
This part is from mkmf or openssl extconf.rb:
This part is from TruffleRuby:
This part is from mkmf or openssl extconf.rb:
Probably it's openssl/ext/openssl/extconf.rb Line 97 in e379cc0
and that somehow changed with the new macos image. I'll check. |
I wonder if it can use
|
https://github.com/eregon/actions-shell/actions/runs/5623553265/job/15238480143
So pkg-config prefers libssl 3 and that's how it's found. And somehow that pkg-config knows about Homebrew. In the bundled openssl gem in TruffleRuby there is https://github.com/oracle/truffleruby/blob/16db2e64472e5f4d88176ae122815b6b291c0947/src/main/c/openssl/extconf.rb#L16-L21 Maybe we can upstream piece of code here, @rhenium WDYT? |
Fix in #653 Regarding FYI the approach taken in TruffleRuby is similar to what happens on CRuby when using |
Even if there are both OpenSSL 1.1.1 and 3.1 in the paths, I find it a bit odd that Looking at the
This seems to be a change in I don't know what was the motivation behind the change as it doesn't have a link to the issue tracker, or if this situation should even be supported. |
Indeed, that sounds quite problematic for any usage of |
I've filed https://bugs.ruby-lang.org/issues/19778 for mkmf's |
I don't see a technical reason it can't just set I think this is a good idea. Having |
…enssl-prefix on TruffleRuby * See ruby/openssl#650 (comment) ruby/openssl@ca738e7e13
Ah you're right, we could set it on macOS like we do for *FLAGS, and then we wouldn't need https://github.com/oracle/truffleruby/blob/16db2e64472e5f4d88176ae122815b6b291c0947/src/main/c/openssl/extconf.rb#L16-L21 |
I'm trying that approach in oracle/truffleruby#3174, if it works and when it's merged we can revert #653. |
I found one warning in macOS truffleruby-head case at #618 (comment).
In the case, OpenSSL 3.1.1 is used.
https://github.com/ruby/openssl/actions/runs/5580792815/jobs/10198185535#step:8:94
In the last success case, the OpenSSL 1.1.1u was used in the macOS truffleruby-head case.
https://github.com/ruby/openssl/actions/runs/5532198527/jobs/10093943683#step:9:17
The text was updated successfully, but these errors were encountered: