[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older

MacPorts noreply at macports.org
Sat Feb 3 05:03:35 UTC 2024 

#68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
------------------------+------------------------
  Reporter:  fhgwright  |      Owner:  neverpanic
      Type:  defect     |     Status:  closed
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:
Resolution:  fixed      |   Keywords:
      Port:  openssl3   |
------------------------+------------------------

Comment (by fhgwright):

 I hadn't planned to comment until I'd had time to run all my own tests,
 which can probably happen this weekend, but:

 Replying to [comment:81 neverpanic]:

 [...]
 > As a consequence, my first advice would be: Don't build universal if you
 can avoid it. It costs you twice the time and twice the disk space, and
 you're really only running one of the slices anyway. If you can't avoid
 it, the next steps would be to debug what the differences between those
 build directories are before and after the destroot phase runs.

 Personally, I don't build `+universal` unless it's either for specifically
 testing `+universal` or because it's forced by dependents, if for no other
 reason than that the universal build is usually guaranteed not to be
 available as a precompiled binary.  And if it uses `muniversal`, it
 typically takes a lot more than twice the build time, since there have to
 be two (or more) builds ''plus'' the expensive `muniversal` processing.

 One of the biggest offenders is `wine`.  Traditionally, `wine` could only
 run 32-bit Windows binaries when running 32-bit itself, which is probably
 why `wine` defaults to `+universal`.  That inflicts the `+universal`
 requirement on its 279 recursive dependencies (including `openssl3`).
 Recent versions of `wine` have implemented an internal 32/64-bit bridge
 mechanism so that 64-bit `wine` can run 32-bit Windows binaries, but the
 `wine` port hasn't been updated in almost four years.

 Another class of common offenders is toolchains such as `gcc*`, which
 can't manage to adequately separate target architectures from host
 architectures, so that they need to be built `+universal` themselves just
 to be able to build `+universal` targets.  And all 13 versions of`gcc`
 active here have `openssl3` as a dependency.

 > I did notice a couple of error messages in the log, which may or may not
 indicate and error. I'm not familiar enough with the muniversal PortGroup
 to say.
 [...]

 I'm familiar enough with `muniversal` to know that it's an ugly and
 fragile kludge. :-)

-- 
Ticket URL: <https://trac.macports.org/ticket/68766#comment:82>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list