Makoto Fujiwara <makoto%ki.nu@localhost> writes: > node-js issue: > http://www.ki.nu/pkgsrc/reports/current/NetBSD-9.0/20220524.1616/nodejs-18.2.0/build.log Also, nodejs is failing to build for me on macOS 10.13. I haven't figured out why and I'm not sure it is the same thing. > Probably, everybody know the problem, but let me confirm: > > It is the issue on openssl included in Release > (the symbol = definition is not in openssl in 9.0). > > If it is built on (at least) 9.1_STABLE > ---- > NetBSD pisa 9.1_STABLE NetBSD 9.1_STABLE (XEN3_DOM0) #0: Thu Mar 11 > 16:17:14 UTC 2021 > mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/xen/compile/XEN3_DOM0 amd64 > ---- > It builds fine. So we need to think hard about what we mean by pkgsrc and support for releases. There are three possibilities: a. the package should build on the original release (9.0_RELEASE) b. the package should build on the most recent point release (9.2_RELEASE) c. the package should build on the release branch (netbsd-9) (c) is not reasonable. We have generally meant (a) for building, and sort of (b) for working correctly when there is a bug in older formal releases. In other words, we support 9.0 for building, but we don't necessarily work around bugs. > Probably > 1. Update build server to 9.2 and use pkgtools/libkver to fake to be 9.0 > or That is more or less declaring option b > 2. Use (include) pkgsrc/security/openssl (by condition ?) I don't like this, because it drags in pkgsrc openssl when there is almost no reason. > 3. Just ignore these by the time -10.0 ready > or, > (we should think about for quarterly release build anyway ?) I don't understand this at all. pkgsrc is documented to support the most recent two formal releases. So after 10.0_RELEASE has happened -- and I'm pretty sure that's not before 2022Q2 is out -- then after some short interval there will likely be formal EOL of NetBSD 8. But de-supporting 9 will happen after 11 is out, and my crystal ball says that's in spring of 2025. So perhaps 2025Q2 might be the last to support 9. > I'm tempted to above 1, but upgrading is non-trivial work for me. Automating upgrades probably needs more work; this shouldn't be hard, but that's not really the main issue here. So back to the issue: nodejs 18.2.0 fails because it tries to use RSA_get0_pss_params. netbsd-9 reports "OpenSSL 1.1.1k 25 Mar 2021" and RSA_get0_pss_params and RSA_get0_crt_params are both present in /lib/libcrypto.so.14.0. (RSA_get0_pss_params and RSA_get0_crt_params are both not present in /lib/libcrypto.so.12.0 on my systems, dated April 2020 on one (stable system, upgraded slowly) and March 2019 on another (test, updated aggressively), and I'm guessing that is from netbsd-8.) Looking in src/crypto/external/bsd/openssl/dist/include/openssl/rsa.h I see that RSA_get0_pss_params was added from release on 2020-04-27, importing 1.1.1g, from CVS history, and I see this in CHANGES-9.1. So the big questions are What does nodejs document for an openssl prereq? Is there any way to patch nodejs to be ok with the earlier 1.1.1 that is in 9.0_RELEASE, without hurting those with newer openssl? Does marking that nodejs needs openssl >= 1.1.1g result in pulling in pkgsrc openssl on 9.0_RELEASE, and not on 9.1_RELEASE? Do people think we should document that pkgsrc only supports the most recent formal release of a branch (and the tip of stable branch beyond that)? And therefore have a rule that official build machines must be updated to that branch? And maybe that it's ok not to fake kver to 9.0, and maybe even that it's bad to do so? (Personally I think we can fix the nodejs issue without opening the can of worms, but I'm also not personally interested in supporting versions for which there is a stable upgrade that people should have updated to.) This is in my view a major shift, and needs a new thread on tech-pkg@. Please feel free to tell me offlist to start that discussion, or start it yourself.
Attachment:
signature.asc
Description: PGP signature