Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] KDE with LibreSSL?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Tue Oct 03, 2017 1:55 am    Post subject: [SOLVED] KDE with LibreSSL? Reply with quote

Hi, I did a search and couldn't find anything (surprisingly) about a possible workaround for LibreSSL and KDE. Is it possible to use Okular and Krita while using LibreSSL? Anything I can try to perhaps force the compilation and ignore the openssl dependency? My C skills are alright and I don't mind giving a crack at trying to get those applications to build with LibreSSL installed. I don't care for anything else except those two applications as I only use LXDE.

Thanks!


Last edited by NTU on Thu Oct 05, 2017 1:17 am; edited 1 time in total
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Tue Oct 03, 2017 3:16 am    Post subject: Reply with quote

I'm using libressl, but haven't yet installed anything GUI related.

When I look for any open/libre ssl support in okular and krita, it doesn't show up. Are you sure there is an issue?

Code:
$ grep -i ssl /usr/portage/media-gfx/krita/krita-3.*.ebuild
$ grep -i ssl /usr/portage/kde-apps/okular/okular-17.0*.ebuild
$


You may have seen this, but if not, Project:LibreSSL demonstrates how an ebuild should accommodate libressl.
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5644

PostPosted: Tue Oct 03, 2017 4:24 am    Post subject: Reply with quote

Krita works fine for me with no OpenSSL on the system. I'm using Openbox.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3652
Location: Hamburg

PostPosted: Tue Oct 03, 2017 8:37 am    Post subject: Reply with quote

IMO not all of the nifty tools I'm using at my KDE desktop are LibreSSL-ready, eg.: curl and qtnetwork (or I didn't noticed it here: https://bugs.gentoo.org/showdependencytree.cgi?id=561854&hide_resolved=1). Furthermore I'm not sure if all affected ebuilds are switched accordingly to https://wiki.gentoo.org/wiki/Project:LibreSSL . But FWIW: is is one of my passion to change that state. Therefore I'm running every 3rd chroot image at my tinderbox with LibreSSL.
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Wed Oct 04, 2017 8:20 pm    Post subject: Reply with quote

I'm not sure what magic you guys pulled off that you're not telling me but Krita and Okular depend on qtnetwork with the ssl USE flag enabled (which depends on openssl) so I tried installing qtnetwork with --no-deps and it compiled against libressl. If this is the right fix, then the ebuild should be updated to support libressl. If this isn't the right fix and adjusting the ebuild in my local overlay for now is the wrong way to do it, then how did you two install krita/okular without installing openssl? dev-libs/qtnetwork is the culprit, not krita or okular directly, and you should both know this if you have it working on your system. Obviously krita and okular do not have an ssl USE flag, but it's dependencies do, which depends on openssl.

If I'm just lucky that qtnetwork compiled against libressl and what I just pulled off is a very bad idea, then what's the correct fix? If a package depends on OpenSSL, then the USE flag for qtnetwork should at least be renamed from ssl to openssl, not just surprise the person with an unexpected dependency when they try to install it.

Cheers, and hopefully I get some feedback on this.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5644

PostPosted: Wed Oct 04, 2017 11:37 pm    Post subject: Reply with quote

You should be using the libressl overlay...
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Thu Oct 05, 2017 1:16 am    Post subject: Reply with quote

Ant P. wrote:
You should be using the libressl overlay...


You mean replacing /usr/portage with https://github.com/gentoo/libressl ?

Everything in the official Gentoo repo works fine for me except the deps for qtnetwork being wonky, did someone not get the memo?

https://wiki.gentoo.org/wiki/Project:LibreSSL -> "Much of the preliminary work has been done on GitHub. There an overlay has been set up to test ebuilds for difficult packages before they land in the tree." It doesn't say that you should not use the regular Gentoo repo, as well as there not being any mention in the Gentoo news upon installation of LibreSSL saying to switch repos. No warning by the Gentoo developers sounds like fair game to me. I'll copy the qtnetwork ebuild over and use that. Also, this is what happens when things aren't properly documented, that is if what you say is true.

Thank you! Marking as solved.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Thu Oct 05, 2017 5:33 am    Post subject: Reply with quote

From the Project:LibreSSL page:
Quote:
Since this is still work in progress, converting a full blown system from openssl to libressl can be quite involved. [...] Right now, however, libressl is marked ~arch in the tree as are many packages that depend on it.
And from the git page
Quote:
This overlay serves as a testing ground and makes testing easier by providing an openssl dummy ebuild, so you can compile packages against LibreSSL which don't have the 'libressl' USE flag yet.

What it seems to say is that the regular Gentoo repo doesn't yet seupport LibreSSL. This seems pretty clear.
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Thu Oct 05, 2017 6:23 am    Post subject: Reply with quote

Quote:
This seems pretty clear.


Should, is the word you're looking for.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Thu Oct 05, 2017 2:33 pm    Post subject: Reply with quote

I'm not, but you appear to be. It is your system, so you are free to make whatever choice you like.

You seemed uncertain of that status of the regular Gentoo repo regarding libressl.
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Fri Oct 06, 2017 4:44 am    Post subject: Reply with quote

pjp wrote:
You seemed uncertain of that status of the regular Gentoo repo regarding libressl.
Because Ant P told me to not pair it with LibreSSL, and I believed him. We shouldn't be relying on a message in this thread as the official advice on what repo/overlay to use. If the standard gentoo repo isn't tested or whatever with LibreSSL, make that part obvious. If you're worried that it sounds too harsh, tag a "but do whatever you want, it's your choice" at the end. Just because everyone in this thread (now) knows how to properly use LibreSSL with Gentoo doesn't mean everyone else does, especially with how it's written in the official docs. I always read before opening up a thread and try to analyze a situation the best I can before asking someone else, but this comes down to semantics. I read every page that was posted in here before creating this thread, please update it or at least do something a bit more blunt than a "suh dude, there's an overlay here that you can try" because now I need to dissect my Gentoo system and rifle through all my installed packages and compare them to the contents in the LibreSSL overlay and re-emerge whatever I see fit, which wastes a lot of my time.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum