Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#50196 - [Pacman] Unclear configure option --with-openssl
Attached to Project:
Pacman
Opened by Flow It (FlowIt) - Friday, 29 July 2016, 15:44 GMT
Last edited by Allan McRae (Allan) - Wednesday, 13 September 2017, 03:19 GMT
Opened by Flow It (FlowIt) - Friday, 29 July 2016, 15:44 GMT
Last edited by Allan McRae (Allan) - Wednesday, 13 September 2017, 03:19 GMT
|
DetailsDescription:
configure --help in pacman says when passing --without-openssl pacman will use internal routines to perform crypto operations. Still pacman complains about missing openssl and cannot perform integrity checks. Additional info: * package version(s) Tested with latest pacman, at the time of writing 5.0.1-4 * config and/or log files etc. Steps to reproduce: Set up a small test system without openssl (curl and coreutils should be the only packages in base that depend on openssl, and both can be build without it). Compile pacman with the --without-openssl option. Run makepkg for a PKGBUILD of your choice. Pacman will error out complaining it needs the openssl binary to perform integrity checks. Running makepkg --skipinteg works, but the expected behaviour would be that pacman uses its internal routines to perform the integrity checks. |
This task depends upon
Closed by Allan McRae (Allan)
Wednesday, 13 September 2017, 03:19 GMT
Reason for closing: Fixed
Additional comments about closing: git commits 603f087c and 57770125
Wednesday, 13 September 2017, 03:19 GMT
Reason for closing: Fixed
Additional comments about closing: git commits 603f087c and 57770125
One can compile pacman fine using --without-openssl and it will work as expected. makepkg however does require openssl to work fully, but that's a separate thing. I'd still like to compile pacman without the need for openssl, and just use makepkg accordingly.
Sure, you can add a dependency on openssl in Arch's package "pacman" (it really should be there anyways, since it actually links it), but that has nothing to do with the --without-openssl configure option, correct?
For now I would be ok with removing the option because it clears up the confusion that you can build makepkg (as part of pacman) without openssl but makepkg itself has no internal replacements. For the future I would love to see a switch to decide between gnutls and openssl.
Crypto is always a personal, irrational topic so it would be nice to give users some choice in which library they want to pull in.
I just had a quick look. Pacman pulled in openssl as an alternative to coreutils to make pacman more portable and speed up the slow internal hashing routines. It is only used for checksums.
The attached patch allows building pacman (and makepkg) against nettle. Especially the makepkg part is really hacky but it works as a proof of concept for now. Tests are also not covered in this patch and need further attention.
https://lists.archlinux.org/pipermail/pacman-dev/2016-October/021579.html
https://lists.archlinux.org/pipermail/pacman-dev/2016-October/021580.html
I'll give you authorship on the first one as I mostly copied your work (assuming you are happy with the changes I made). I decided we should just stick to coreutils in makepkg rather than using openssl/nettle-hash.