Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't compile on arch linux #604

Closed
Gigas002 opened this issue Jun 18, 2023 · 15 comments · Fixed by #648
Closed

Can't compile on arch linux #604

Gigas002 opened this issue Jun 18, 2023 · 15 comments · Fixed by #648

Comments

@Gigas002
Copy link 

libs/ssl/ssl.c: In function ‘ssl_cert_get_altnames’:
libs/ssl/ssl.c:463:16: error: ‘mbedtls_x509_crt’ has no member named ‘ext_types’
  463 |         if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
      |                ^~
libs/ssl/ssl.c: In function ‘ssl_key_from_der’:
libs/ssl/ssl.c:596:21: error: too few arguments to function ‘mbedtls_pk_parse_key’
  596 |                 r = mbedtls_pk_parse_key(pk, (const unsigned char*)data, len, NULL, 0);
      |                     ^~~~~~~~~~~~~~~~~~~~
In file included from libs/ssl/ssl.c:30:
/usr/include/mbedtls/pk.h:830:5: note: declared here
  830 | int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
      |     ^~~~~~~~~~~~~~~~~~~~
libs/ssl/ssl.c: In function ‘ssl_key_from_pem’:
libs/ssl/ssl.c:622:21: error: too few arguments to function ‘mbedtls_pk_parse_key’
  622 |                 r = mbedtls_pk_parse_key(pk, buf, len, NULL, 0);
      |                     ^~~~~~~~~~~~~~~~~~~~
/usr/include/mbedtls/pk.h:830:5: note: declared here
  830 | int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
      |     ^~~~~~~~~~~~~~~~~~~~
libs/ssl/ssl.c:624:21: error: too few arguments to function ‘mbedtls_pk_parse_key’
  624 |                 r = mbedtls_pk_parse_key(pk, buf, len, (const unsigned char*)pass, strlen((char*)pass));
      |                     ^~~~~~~~~~~~~~~~~~~~
/usr/include/mbedtls/pk.h:830:5: note: declared here
  830 | int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
      |     ^~~~~~~~~~~~~~~~~~~~
libs/ssl/ssl.c: In function ‘ssl_dgst_sign’:
libs/ssl/ssl.c:681:96: warning: passing argument 6 of ‘mbedtls_pk_sign’ makes integer from pointer without a cast [-Wint-conversion]
  681 |         if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
      |                                                                                 ~~~~~~~~~~~~~~~^~~~~~~
      |                                                                                                |
      |                                                                                                size_t * {aka long unsigned int *}
/usr/include/mbedtls/pk.h:576:48: note: expected ‘size_t’ {aka ‘long unsigned int’} but argument is of type ‘size_t *’ {aka ‘long unsigned int *’}
  576 |                     unsigned char *sig, size_t sig_size, size_t *sig_len,
      |                                         ~~~~~~~^~~~~~~~
libs/ssl/ssl.c:681:105: warning: passing argument 7 of ‘mbedtls_pk_sign’ from incompatible pointer type [-Wincompatible-pointer-types]
  681 |         if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
      |                                                                                                         ^~~~~~~~~~~~~~~~~~~~~~~
      |                                                                                                         |
      |                                                                                                         int (*)(void *, unsigned char *, size_t) {aka int (*)(void *, unsigned char *, long unsigned int)}
/usr/include/mbedtls/pk.h:576:66: note: expected ‘size_t *’ {aka ‘long unsigned int *’} but argument is of type ‘int (*)(void *, unsigned char *, size_t)’ {aka ‘int (*)(void *, unsigned char *, long unsigned int)’}
  576 |                     unsigned char *sig, size_t sig_size, size_t *sig_len,
      |                                                          ~~~~~~~~^~~~~~~
libs/ssl/ssl.c:681:130: warning: passing argument 8 of ‘mbedtls_pk_sign’ from incompatible pointer type [-Wincompatible-pointer-types]
  681 |         if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
      |                                                                                                                                  ^~~~~~~~~
      |                                                                                                                                  |
      |                                                                                                                                  mbedtls_ctr_drbg_context *
/usr/include/mbedtls/pk.h:577:27: note: expected ‘int (*)(void *, unsigned char *, size_t)’ {aka ‘int (*)(void *, unsigned char *, long unsigned int)’} but argument is of type ‘mbedtls_ctr_drbg_context *’
  577 |                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
      |                     ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libs/ssl/ssl.c:681:18: error: too few arguments to function ‘mbedtls_pk_sign’
  681 |         if ((r = mbedtls_pk_sign(key->k, mbedtls_md_get_type(md), hash, 0, out, (size ? &ssize : NULL), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0){
      |                  ^~~~~~~~~~~~~~~
/usr/include/mbedtls/pk.h:574:5: note: declared here
  574 | int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
      |     ^~~~~~~~~~~~~~~
make: *** [Makefile:257: libs/ssl/ssl.o] Error 1
make: *** Waiting for unfinished jobs....
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: hashlink-git-exit status 4
 -> Failed to install the following packages. Manual intervention is required:
hashlink-git - exit status 4
@TheBjoel2
Copy link

same

@TheBjoel2
Copy link

idk seems like it's not compatible with arch's extra/mbedtls 3.4.0-3 package

@TheBjoel2
Copy link

TheBjoel2 commented Jul 3, 2023
edited
Loading

File x509_crt.h
Bubuntu package in sid:

    int ext_types;              /**< Bit string containing detected and parsed extensions */
    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */

    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */

    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */

Rach linuhh:

    int MBEDTLS_PRIVATE(ext_types);              /**< Bit string containing detected and parsed extensions */
    int MBEDTLS_PRIVATE(ca_istrue);              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
    int MBEDTLS_PRIVATE(max_pathlen);            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */

    unsigned int MBEDTLS_PRIVATE(key_usage);     /**< Optional key usage extension value: See the values in x509.h */

    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */

    unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */

See? MBEDTLS_PRIVATE!!!!!!!

@TheBjoel2
Copy link

Oh, I see
Mbed-TLS/mbedtls#4372

@TheBjoel2
Copy link

Conclusion: hashlink fix your thing that breaks encapsulation

@TheBjoel2
Copy link

@Gigas002 u sure turning on/off didn't work?

@TheBjoel2
Copy link

😜

@TheBjoel2
Copy link

Аниме на аве мать в канаве

@TheBjoel2
Copy link

Mbed-TLS/mbedtls#5887

@IceDragon200
Copy link

Maintainer of the hashlink AUR package here.

Just an fyi, I won't be removing mbedtls as a dependency as it still can't compile under that condition due to:
https://github.com/HaxeFoundation/hashlink/blob/1.13/libs/CMakeLists.txt#L43-L48

And if I do remove it from the list:

libs/ssl/ssl.c:25:10: fatal error: mbedtls/platform.h: No such file or directory
   25 | #include "mbedtls/platform.h"

And assuming I somehow address that, doesn't change the fact that the included mbedtls isn't built under linux, leading to it still being broken.

I'm sure there is some fiddling to be had here, in particular convincing hashlink to build a version of its mbedtls under linux, but I'm not about to fight with patches to make that work as is.

hashlink-git also suffers from the exact same problem so it still exists even in HEAD.

@Apprentice-Alchemist
Copy link
Contributor

The simplest solution for the AUR package would be to depend on the mbedtls2 package instead and fiddle with the compiler flags:

diff --git a/Makefile b/Makefile
index 52c46e3..1763c8a 100644
--- a/Makefile
+++ b/Makefile
@@ -110,9 +110,11 @@ LIB += ${HL_DEBUG}
 else
 
 # Linux
-CFLAGS += -m$(MARCH) -fPIC -pthread -fno-omit-frame-pointer
+CFLAGS += -m$(MARCH) -fPIC -pthread -fno-omit-frame-pointer -I /usr/include/mbedtls2
 LFLAGS += -lm -Wl,-rpath,.:'$$ORIGIN':$(INSTALL_LIB_DIR) -Wl,--export-dynamic -Wl,--no-undefined
 
+LIBFLAGS+=-L/usr/lib/mbedtls2
+
 ifeq ($(MARCH),32)
 CFLAGS += -I /usr/include/i386-linux-gnu
 LIBFLAGS += -L/opt/libjpeg-turbo/lib

@IceDragon200
Copy link

Good news to all, Makefile has been patched, thanks @Apprentice-Alchemist https://aur.archlinux.org/packages/hashlink

@fuzhouch
Copy link

fuzhouch commented Sep 12, 2023
edited
Loading

Hey, just a quick comment, that the AUR patch above does not work for CMake scenario. I use CMake to build Hashlink across platforms. The reason is CMake depends on its find_package statement for building, and the system-wise Cmake uses configuration file from package mbedtls v3.4.1, which sets /usr/lib/cmake/MbedTLS/MbedTLSConfigVersion.cmake to 3.4.1. I won't ask for an upgrade to mbedtls 3.x because I know some systems like ubuntu is still on 2.28.x.

I work-arounded it by disabling SSL (build command: cmake .. -DWITH_SSL=off). It works for me because I don't use SSL at all, but not a true fix.

So my question is: is it possible we just always use the checked-in source code under include/mbedtls/ folder for all platforms? This can completely remove the external dependency, which benefits when we compile hashlink that portable across Linux builds (a typical scenario is to build a Hashlink for Steam runtime), which may be a good idea.

Or, is there any reason that we prefer system provided over checked-in dependencies?

// See libs/ssl/CMakeList.txt
if (WIN32)
    ...
else()
    find_package(MbedTLS REQUIRED)  // Here it goes to /usr/lib/cmake/MbedTLS/MbedTLSConfigVersion.cmake
    add_library(ssl.hdll SHARED
        ssl.c)
endif

@Apprentice-Alchemist
Copy link
Contributor

Using the checked in deps would indeed fix this issue, but I would only recommend that if the checked in version of mbedtls was up to date (at the moment its 5 years out of date).

There is a PR to update it, but it hasn't been merged yet: #594

@fuzhouch
Copy link

Thanks. Yes, it makes sense we should update the code first. Will wait for the PR.

Merged
@Simn Simn closed this as completed in #648 Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for compiling against mbedtls 3.x. Apprentice-Alchemist/hashlink
5 participants
@fuzhouch @IceDragon200 @Gigas002 @Apprentice-Alchemist @TheBjoel2