unable to compile with openssl-1.0.2

[blshkv]

I'm not sure if it's really the openssl issue, here is the log:

Preparing the osslsigncode build system...please wait

Found GNU Autoconf version 2.69
Found GNU Automake version 1.15.1
Found GNU Libtool version 2.4.6

Automatically preparing build ... done

The osslsigncode build system is now prepared.  To build here, run:
  ./configure
  make
/var/tmp/portage/app-crypt/osslsigncode-2.0/temp/environment: line 499: eautoreconf: command not found
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/app-crypt/osslsigncode-2.0/work/osslsigncode-2.0 ...
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/osslsigncode-2.0 --htmldir=/usr/share/doc/osslsigncode-2.0/html --libdir=/usr/lib64 --without-curl
configure: loading site script /usr/share/config.site
checking for a BSD-compatible install... /usr/lib/portage/python3.6/ebuild-helpers/xattr/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether x86_64-pc-linux-gnu-gcc accepts -g... yes
checking for x86_64-pc-linux-gnu-gcc option to accept ISO C89... none needed
checking whether x86_64-pc-linux-gnu-gcc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of x86_64-pc-linux-gnu-gcc... none
checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for x86_64-pc-linux-gnu-pkg-config... /usr/bin/x86_64-pc-linux-gnu-pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking for an ANSI C-conforming const... yes
checking for ANSI C header files... (cached) yes
checking whether time.h and sys/time.h may both be included... yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking for mmap... yes
checking windows.h usability... no
checking windows.h presence... no
checking for windows.h... no
checking for dlopen in -ldl... yes
checking termios.h usability... yes
checking termios.h presence... yes
checking for termios.h... yes
checking for getpass... yes
checking for libgsf-1... no
checking for libcrypto >= 1.1.0... no
checking for openssl >= 1.1.0... no
checking for RSA_verify in -lcrypto... yes
checking for libcurl >= 7.12.0... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
>>> Source configured.
>>> Compiling source in /var/tmp/portage/app-crypt/osslsigncode-2.0/work/osslsigncode-2.0 ...
make -j4 
make  all-am
make[1]: Entering directory '/var/tmp/portage/app-crypt/osslsigncode-2.0/work/osslsigncode-2.0'
x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I.       -march=native -O2 -pipe -frecord-gcc-switches -c -o osslsigncode.o osslsigncode.c
osslsigncode.c:923:1: warning: return type defaults to ‘int’ [-Wimplicit-int]
 DEFINE_STACK_OF(ASN1_OCTET_STRING)
 ^~~~~~~~~~~~~~~
osslsigncode.c: In function ‘DEFINE_STACK_OF’:
osslsigncode.c:925:1: error: expected declaration specifiers before ‘DEFINE_STACK_OF’
 DEFINE_STACK_OF(SpcAttributeTypeAndOptionalValue)
 ^~~~~~~~~~~~~~~
osslsigncode.c:980:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:1060:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:1092:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:1102:47: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 static unsigned char nib2val(unsigned char c) {
                                               ^
osslsigncode.c:1115:63: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 static int verify_leaf_hash(X509 *leaf, const char *leafhash) {
                                                               ^
osslsigncode.c:1207:67: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 static PKCS7 *pkcs7_get_nested_signature(PKCS7 *p7, int *has_sig) {
                                                                   ^
osslsigncode.c:1223:65: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 static int pkcs7_set_nested_signature(PKCS7 *p7, PKCS7 *p7nest) {
                                                                 ^
osslsigncode.c:1902:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:1938:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:1992:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2046:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2192:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2239:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2260:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2274:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2283:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2306:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2330:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:2368:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token
 {
 ^
osslsigncode.c:923:1: error: parameter name omitted
 DEFINE_STACK_OF(ASN1_OCTET_STRING)
 ^~~~~~~~~~~~~~~
osslsigncode.c:3423:1: error: expected ‘{’ at end of input
 }
 ^

[mtrojnar]

checking for libcrypto >= 1.1.0... no

Good point. This software requires OpenSSL 1.1.0 or later. I will fix the ./configure script to fail with older versions of OpenSSL.

[blshkv]

Is any way to support both? I'm porting this tool to Gentoo, and there is no easy way to migrate to the latest at this point of time, see https://bugs.gentoo.org/662246

Edit: The tracker is here https://bugs.gentoo.org/show_bug.cgi?id=openssl-1.1 The current major blocks are ruby, nodejs

[mtrojnar]

I'm afraid your approach to migrating OpenSSL won't work. The proper solution (already implemented in other distros, such as Arch Linux or Debian) is to have both OpenSSL 1.0 and OpenSSL 1.1 libraries installed, and gradually migrate dependent code to OpenSSL 1.1.

[blshkv]

I think you misread that my bug report (662246). That's the exact approach which Gentoo and other distros use all the time. Unfortunately, openssl-1.1 doesn't support it natively. For example, both 1.0 and 1.1 expect include files in the same location.
I'm not sure how Arch or Debian resolved it, I'll let Gentoo devs handle it.

[mtrojnar]

Arch installs OpenSSL 1.0 includes in /usr/include/openssl-1.0/ and libraries/engines in /usr/lib/openssl-1.0/.
AFAIR Debian has two conflicting -dev packages with headers, and different library versions.

[blshkv]

I think we are discussing an unrelated problem here, you can read the bug report regarding *.pc files (comment #4) and how the old software can be patched in order to still able to find the required version of openssl. The shortstoper is that openssl does not support simultaneous installation of both 1.0 and 1.1 by default and there is no legal way to do it.

But the question of this bug report: do you REALLY need a 1.1 specific feature or you can adjust the code and survive with 1.0 if only this library is available?

[mtrojnar]

I'm not supporting any "1.1 specific feature". The OpenSSL API has changed (a lot!), and I'm not going to include a bunch of conditional compilation just to support an obsolete library with end-of-life scheduled for 2019. Feel free to fork if you disagree.

[blshkv]

I totally agree if the change is significant (I did not expect that as I hit one error only). In fact, I won't care about openssl 1.0 once the remaining major packages are migrated to it. Unfortunately, this is not the case as of today.

Feel free to patch the code (to fail if 1.1 is not present) and close this bug.

Thanks!

[blshkv]

Thanks!