mbedtls breaks build

Glenn Strauss gstrauss at gluelogic.com
Tue Nov 15 14:44:58 PST 2022 

Hartmut, thanks for your report.

I was not aware of the use case where mbedtls is built as a side effect
of variant package builds *and* could occur without mbedtls being
selected and configured in `make menuconfig`

This addresses that use case:

libmbedtls: use defaults if no build opts selected
https://github.com/openwrt/openwrt/pull/11256

Cheers, Glenn

On Tue, Nov 15, 2022 at 05:30:27PM +0100, e9hack wrote:
> Hi,
> 
> the suggested steps doesn't solve the problem. I think, the main reason is, that I don't want to build mbedtls. It it isn't activated for build, but it will be build anyway. I assume, that after your commit some mandatory configuration settings are only set when the build is activated.
> 
> 'cat .config | grep -i mbedtls' shows
> 
> # CONFIG_PACKAGE_micropython-mbedtls is not set
> # CONFIG_PACKAGE_libzip-mbedtls is not set
> # CONFIG_PACKAGE_libuhttpd-mbedtls is not set
> # CONFIG_PACKAGE_libuwsc-mbedtls is not set
> # CONFIG_PACKAGE_libmbedtls is not set
> # CONFIG_LIBCURL_MBEDTLS is not set
> # CONFIG_LIBSSH2_MBEDTLS is not set
> # CONFIG_PACKAGE_libustream-mbedtls is not set
> # CONFIG_PACKAGE_libwebsockets-mbedtls is not set
> # CONFIG_PACKAGE_umurmur-mbedtls is not set
> # CONFIG_PACKAGE_openvpn-mbedtls is not set
> # CONFIG_PACKAGE_shairport-sync-mbedtls is not set
> # CONFIG_PACKAGE_px5g-mbedtls is not set
> # CONFIG_PACKAGE_rtty-mbedtls is not set
> # CONFIG_PACKAGE_cache-domains-mbedtls is not set
> # CONFIG_PACKAGE_mbedtls-util is not set
> 
> Regards,
> Hartmut
> 
> Am 15.11.2022 um 04:17 schrieb Glenn Strauss:
> > On Mon, Nov 14, 2022 at 08:16:26PM +0100, e9hack wrote:
> > > Hi,
> > > 
> > > I don't use mbedtls. Before this three commits
> > > 
> > > libmbedtls: disable older RSA ciphers
> > > libmbedtls: enable crypto algorithms for hostap
> > > libmbedtls: build option submenu
> > > 
> > > it did compile something, but no install package was generated. Now compilation fails:
> > > 
> > > FAILED: CMakeFiles/mbedtls_test.dir/tests/src/asn1_helpers.c.o
> > > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/staging_dir/toolchain-mips_74kc_gcc-12.2.0_musl/bin/mips-openwrt-linux-musl-gcc  -I/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/tests/include -I/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include -I/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/library -pipe -mno-branch-likely -mips32r2 -mtune=74kc -mdspr2 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -fmacro-prefix-map=/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1=mbedtls-2.28.1 -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections -Wall -Wextra -Wwrite-strings -Wformat=2 -Wno-format-nonliteral -Wvla -Wlogical-op -Wshadow -Wformat-signedness -Wformat-overflow=2 -Wformat-truncation -Werror -O2 -fPIC -MD -MT CMakeFiles/mbedtls_test.dir/tests/src/asn1_helpers.c.o -MF CMakeFiles/mbedtls_test.dir/tests/src/asn1_helpers.c.o.d -o CMakeFiles/mbedtls_test.dir/tests/src/asn1_helpers.c.o -c /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/tests/src/asn1_helpers.c
> > > In file included from /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/config.h:4125,
> > >                   from /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/tests/include/test/helpers.h:29,
> > >                   from /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/tests/src/asn1_helpers.c:23:
> > > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/check_config.h:76:2: error: #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
> > >     76 | #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
> > >        |  ^~~~~
> > > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/check_config.h:116:2: error: #error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
> > >    116 | #error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
> > >        |  ^~~~~
> > > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/check_config.h:164:2: error: #error "MBEDTLS_ECP_C defined, but not all prerequisites"
> > >    164 | #error "MBEDTLS_ECP_C defined, but not all prerequisites"
> > >        |  ^~~~~
> > > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/check_config.h:716:2: error: #error "One or more versions of the TLS protocol are enabled " "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
> > >    716 | #error "One or more versions of the TLS protocol are enabled " \
> > >        |  ^~~~~
> > > ninja: build stopped: subcommand failed.
> > > make[2]: *** [Makefile:171: /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/.built] Error 1
> > > make[2]: Leaving directory '/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/package/libs/mbedtls'
> > > time: package/libs/mbedtls/compile#0.94#0.36#3.04
> > >      ERROR: package/libs/mbedtls failed to build.
> > > make[1]: *** [package/Makefile:116: package/libs/mbedtls/compile] Error 1
> > > make[1]: Leaving directory '/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4'
> > > make: *** [/data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/include/toplevel.mk:231: package/libs/mbedtls/compile] Error 2
> > > 
> > > Please fix this!!!
> > 
> > Hartmut:
> > 
> > /data/src/LEDE/archer-C7-ath79-5.10.x-dsa-fw4/build_dir/target-mips_74kc_musl/mbedtls-2.28.1/include/mbedtls/check_config.h:76:2: error: #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
> >      76 | #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
> >         |  ^~~~~
> > That can only happen if MBEDTLS_AES_C is not defined, and that gets defined by default, so something is likely amiss in your environment.
> > 
> > Have you run
> >    make menuconfig
> > and saved config changes?
> > 
> > How how you updated your environment?
> >    git pull
> >    make -j 8 package/symlinks
> >    make -j 8 -k download
> >    make menuconfig
> > and saved config changes?
> > 
> > Have you tried a clean build of mbedtls?
> >    make V=s -j 4 -k package/libs/mbedtls/clean
> >    make V=s -j 4 -k package/libs/mbedtls/compile
> > 
> > Cheers, Glenn
>

More information about the openwrt-devel mailing list