git-crypt
git-crypt copied to clipboard
AGWA
git-crypt fails to build with openssl 3.0.0
git-crypt 1c905faeb595f5a64d460c923ec3401cd37b5acc fails to build with openssl 3.0.0 as OPENSSL_API_COMPAT is not defined since 1. Same result with tag 0.6.0 546664f152ec0441dd46700eb06e63a0414ec877. This causes the 1.0 code to be used which relies on functions no longer present in 3.0.0.
Output from build:
make ENABLE_MAN=yes PREFIX=/usr g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o git-crypt.o git-crypt.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o commands.o commands.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto.o crypto.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o gpg.o gpg.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o key.o key.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o util.o util.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o parse_options.o parse_options.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o coprocess.o coprocess.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o fhstream.o fhstream.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto-openssl-10.o crypto-openssl-10.cpp g++ -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -std=c++11 -D_FORTIFY_SOURCE=2 -c -o crypto-openssl-11.o crypto-openssl-11.cpp xsltproc --param man.output.in.separate.dir 1 --stringparam man.output.base.dir man/ --param man.output.subdirs.enabled 1 --param man.authors.section.enabled 1 http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl man/git-crypt.xml crypto-openssl-10.cpp: In constructor ‘Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)’: crypto-openssl-10.cpp:59:32: warning: ‘int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 59 | if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) { | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from crypto-openssl-10.cpp:38: /usr/include/openssl/aes.h:51:5: note: declared here 51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | ^~~~~~~~~~~~~~~~~~~ crypto-openssl-10.cpp: In member function ‘void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)’: crypto-openssl-10.cpp:74:20: warning: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 74 | AES_encrypt(plain, cipher, &(impl->key)); | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from crypto-openssl-10.cpp:38: /usr/include/openssl/aes.h:57:6: note: declared here 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | ^~~~~~~~~~~ crypto-openssl-10.cpp: At global scope: crypto-openssl-10.cpp:78:18: error: field ‘ctx’ has incomplete type ‘HMAC_CTX’ {aka ‘hmac_ctx_st’} 78 | HMAC_CTX ctx; | ^~~ In file included from /usr/include/openssl/evp.h:26, from /usr/include/openssl/hmac.h:21, from crypto-openssl-10.cpp:40: /usr/include/openssl/types.h:132:16: note: forward declaration of ‘HMAC_CTX’ {aka ‘struct hmac_ctx_st’} 132 | typedef struct hmac_ctx_st HMAC_CTX; | ^~~~~~~~~~~ crypto-openssl-10.cpp: In destructor ‘Hmac_sha1_state::~Hmac_sha1_state()’: crypto-openssl-10.cpp:92:9: error: ‘HMAC_cleanup’ was not declared in this scope; did you mean ‘EVP_cleanup’? 92 | HMAC_cleanup(&(impl->ctx)); | ^~~~~~~~~~~~ | EVP_cleanup make: *** [<builtin>: crypto-openssl-10.o] Error 1 make: *** Waiting for unfinished jobs.... Note: Writing man/man1/git-crypt.1
Issue can be worked around by defining OPENSSL_API_COMPAT to any valid value e.g. OPENSSL_API_COMPAT=0x30000000L
git-crypt 1c905faeb595f5a64d460c923ec3401cd37b5acc git-crypt 0.6.0 546664f152ec0441dd46700eb06e63a0414ec877 openssl 3.0.0 https://github.com/openssl/openssl/commit/89cd17a031e022211684eb7eb41190cf1910f9fa
Thanks for the report and also workaround : I gave it myself a tried and rebuilt it for CentOS Stream 9 with the different compile flag and seems to be working fine. For reference : https://bugzilla.redhat.com/show_bug.cgi?id=2022033
Setting CXXFLAGS environment variable helped, such as setting it only for the make command:
CXXFLAGS='-DOPENSSL_API_COMPAT=0x30000000L' make
