Bug 2297642

Summary: Builds of rb_libtorrent fail after OpensslDeprecateEngine
Product: [Fedora] Fedora Reporter: Mikel Olasagasti Uranga <mikel>
Component: opensslAssignee: Clemens Lang <cllang>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: cllang, crypto-team, dbelyavs, denis.arnaud_fedora, jwakely, laurent.rineau__fedora, mcermak, mspacek, mturk, ppalka, rjones, shebburn, suraj.ghimire7, tm, trodgers
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-07-24 15:04:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2276420    
Bug Blocks:    

Description Mikel Olasagasti Uranga 2024-07-12 18:53:17 UTC 
As part of F41 changeset there are plans to deprecate Openssl engine support as described in: https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine 

Building fuse-btfs that depends on rb_libtorrent I see the following error:

In file included from /usr/include/boost/asio/ssl/context_base.hpp:19,
                 from /usr/include/boost/asio/ssl/context.hpp:23,
                 from /usr/include/boost/asio/ssl.hpp:18,
                 from /usr/include/libtorrent/ssl.hpp:67,
                 from /usr/include/libtorrent/tracker_manager.hpp:69,
                 from /usr/include/libtorrent/alert_types.hpp:69,
                 from btfs.cc:42:
/usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error: openssl/engine.h: No such file or directory
   26 | # include <openssl/engine.h>
      |           ^~~~~~~~~~~~~~~~~~
compilation terminated.
make[1]: *** [Makefile:419: btfs-btfs.o] Error 1

Errors can be seen in Koschei also:

https://koschei.fedoraproject.org/package/fuse-btfs?collection=f41

Checking lb_libtorrent I can see similar error:

In file included from /usr/include/boost/asio/ssl/context_base.hpp:19,
                 from /usr/include/boost/asio/ssl/context.hpp:23,
                 from /usr/include/boost/asio/ssl.hpp:18,
                 from /builddir/build/BUILD/rb_libtorrent-2.0.10-build/libtorrent-rasterbar-2.0.10/include/libtorrent/ssl.hpp:67,
                 from /builddir/build/BUILD/rb_libtorrent-2.0.10-build/libtorrent-rasterbar-2.0.10/include/libtorrent/tracker_manager.hpp:69,
                 from /builddir/build/BUILD/rb_libtorrent-2.0.10-build/libtorrent-rasterbar-2.0.10/include/libtorrent/alert_types.hpp:69,
                 from /builddir/build/BUILD/rb_libtorrent-2.0.10-build/libtorrent-rasterbar-2.0.10/src/alert.cpp:51:
/usr/include/boost/asio/ssl/detail/openssl_types.hpp:26:11: fatal error: openssl/engine.h: No such file or directory
   26 | # include <openssl/engine.h>
      |           ^~~~~~~~~~~~~~~~~~

https://koschei.fedoraproject.org/package/rb_libtorrent


One option would be to add a BuildRequire to lb_libtorrent to depend on openssl-engine-devel but I think it makes more sense to include it in boost, as other packages may be in the same situation.

The other option, that I'm not sure how to activate it, would be to build boost with OPENSSL_NO_ENGINE. In include/boost/asio/ssl/detail/openssl_types.hpp I can see there is a flag to toogle it:

(...)
#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif // !defined(OPENSSL_NO_ENGINE)
(...)


Reproducible: Always
Comment 1 Richard W.M. Jones 2024-07-19 11:18:59 UTC 
Also affects builds of nbdkit:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/LQK725374EXAD3XTYTYSKR3O23BTRAH4/
Comment 2 Jonathan Wakely 2024-07-19 14:01:15 UTC 
I'm not sure we want to add a hard dependency so that everything installing boost-devel also has to install an optional openssl package.

The boost asio header does:

#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif // !defined(OPENSSL_NO_ENGINE)

So this can be fixed in the packages that don't actually require that feature.
Comment 3 Richard W.M. Jones 2024-07-19 14:25:05 UTC 
The release notes of Boost 1.50 have:

 * Changed Asio's SSL wrapper to respect OpenSSL's OPENSSL_NO_ENGINE feature test #define (#6432). 

where the ticket points to a link which no longer works, so here's the IA link instead:

https://web.archive.org/web/20221206205741/https://svn.boost.org/trac10/ticket/6432

The bug mentions ENGINE_cleanup but that is also protected by #if !defined(OPENSSL_NO_ENGINE)
so we don't have to worry about that.

So it looks like rb_libtorrent should be changed to do something like this (untested)
in include/libtorrent/ssl.hpp:

+#define OPENSSL_NO_ENGINE
 #include <boost/asio.hpp>
 #include <boost/asio/buffer.hpp>
 #include <boost/system/error_code.hpp>
Comment 4 Richard W.M. Jones 2024-07-19 14:32:01 UTC 
Here's a scratch build of rb_libtorrent which makes the above change, for
testing only.  I did not suggest or send the patch upstream.

https://koji.fedoraproject.org/koji/taskinfo?taskID=120739958
Comment 5 Jonathan Wakely 2024-07-19 14:36:19 UTC 
See also https://lists.fedorahosted.org/archives/list/devel@lists.fedoraproject.org/thread/H3OOWA43BGEBTSM2GRBYDN3SLUTETFL5/

And https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/LQK725374EXAD3XTYTYSKR3O23BTRAH4/ where I've suggested that openssl should fix it like so:

--- /usr/include/openssl/conf.h 2023-08-31 01:00:00.000000000 +0100
+++ /tmp/conf.h 2024-07-19 15:29:43.754873277 +0100
@@ -31,6 +31,12 @@
 #  include <stdio.h>
 # endif
 
+# ifndef OPENSSL_NO_ENGINE
+#  if ! __has_include(<openssl/engine.h>)
+#   define OPENSSL_NO_ENGINE
+#  endif
+# endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif


This way any build on a system that doesn't have the openssl-devel-engine package installed will default to OPENSSL_NO_ENGINE.

That way, packages which don't want the deprecated engines don't have to do anything. Packages that actually want to use the engines can `BuildRequires: openssl-devel-engine`, which is as it should be.

Reassigning to openssl.
Comment 6 Jonathan Wakely 2024-07-19 14:44:38 UTC 
(In reply to Richard W.M. Jones from comment #3)
> The release notes of Boost 1.50 have:
> 
>  * Changed Asio's SSL wrapper to respect OpenSSL's OPENSSL_NO_ENGINE feature
> test #define (#6432). 
> 
> where the ticket points to a link which no longer works, so here's the IA
> link instead:
> 
> https://web.archive.org/web/20221206205741/https://svn.boost.org/trac10/
> ticket/6432

FWIW Boost moved to github years ago, the commit in the new repo is:
https://github.com/chriskohlhoff/asio/commit/1f65c999c626746e7f4568271470fe9d76e885a1
Comment 7 Clemens Lang 2024-07-24 15:04:44 UTC 
Has duplicate bug 2296114.

*** This bug has been marked as a duplicate of bug 2296114 ***