Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PowerDNS builds broken #67601

Closed
Shados opened this issue Aug 28, 2019 · 6 comments
Closed

PowerDNS builds broken #67601

Shados opened this issue Aug 28, 2019 · 6 comments
Labels
0.kind: bug

Comments

@Shados
Copy link
Member

Shados commented Aug 28, 2019

I've found powerdns builds are currently broken in unstable, due to a test failure. Bisecting shows c18167c to be the culprit.

Changing it to use openssl_1_0_2 again would be the obvious fix, but powerdns has apparently had OpenSSL 1.1.0 compatibility since 2016, so it appears something else is going on here. Any ideas @Mic92 @disassembler?
@Shados
Copy link
Member Author

Shados commented Aug 28, 2019

Or, actually, it's not built against openssl to begin with, but libressl... why is changing the default openssl causing it to fail tests, then...?

@rnhmjoj
Copy link
Contributor

rnhmjoj commented Sep 4, 2019
edited
Loading

I guess libressl is based on an older openssl version, which doesn't have whatever breaking change is causing that build to fail agains openssl 1.1

EDIT: I see it doesn't explicitely depend on openssl... strange.

EDIT: pdns_server somehow contains a reference to openssl:

/nix/store/11pl3z7qplgrjwxnm4x1k8qzrah3yz5s-powerdns-4.1.9
╚═══bin/pdns_server: ….2-dev/lib/pkgconfig:/nix/store/mml743c5sx09rv57yq76ab5y28fq7xcb-openssl-1.0.2r-dev/lib/pkgconfi…
    => /nix/store/mml743c5sx09rv57yq76ab5y28fq7xcb-openssl-1.0.2r-dev
    ╚═══nix-support/propagated-build-inputs: … /nix/store/zxakqgh34j062xbw52mm67as0prgrfda-openssl-1.0.2r-bin /nix/store/m…
        => /nix/store/zxakqgh34j062xbw52mm67as0prgrfda-openssl-1.0.2r-bin

@Mic92
Copy link
Member

Mic92 commented Sep 4, 2019

I think @andir was changing it from openssl to libressl because some crypto algorithm where not implemented in openssl.

@andir
Copy link
Member

andir commented Sep 4, 2019

I have no recollection of doing so… I quick search through the commit log brought up:
15c6293

Turns out @flokli is responsible…

@vcunat vcunat mentioned this issue Sep 4, 2019
Merged
10 tasks
@vcunat
Copy link
Member

vcunat commented Sep 4, 2019
edited
Loading

When I build with plain openssl:

configure: Features enabled
configure: ----------------
configure: Built-in modules: bind gmysql geoip godbc gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote
configure: Dynamic modules: pipe
configure: 
configure: OpenSSL ecdsa: yes
configure: ed25519: yes
configure: ed448: no
configure: gost: yes
configure: SQLite3: yes
configure: Lua: lua5.2
configure: systemd: no

i.e. all important algos are shown there (ed448 is quite rare in practice). 13=ECDSAP256SHA256 mentioned in that PR is especially important – I think it's the most popular choice for new deployments now.
EDIT: nix build -f nixos/release.nix tests.powerdns.x86_64-linux ☑️

BTW, interested people might consider the systemd: no part (probably just notify support).

I'll wait a bit for reactions before pushing anything, as usual.

@Mic92
Copy link
Member

Mic92 commented Sep 6, 2019

@vcunat sounds reasonable to me.

@vcunat vcunat closed this as completed in 014ffdf Sep 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Mic92 @Shados @andir @vcunat @rnhmjoj