git-crypt
git-crypt copied to clipboard
AGWA
git-crypt 0.7.0 does not build with openssl 3.1.0
I was trying to build git-crypt with OpenSSL 3.1.0 on Alpine 3.18.
Steps to reproduce:
- Create Dockerfile:
FROM alpine:3.18
ARG VERSION=0.7.0
RUN apk --no-cache add \
bash \
curl \
git \
g++ \
make \
openssh \
openssl \
openssl-dev
RUN curl -L https://github.com/AGWA/git-crypt/archive/${VERSION}.tar.gz | tar zxv -C /tmp
RUN cd /tmp/git-crypt-${VERSION} && make && make install
CMD ["/bin/git-crypt"]
- Run
docker build - < Dockerfile
Result:
/tmp/git-crypt-0.7.0 # make
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o git-crypt.o git-crypt.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o commands.o commands.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o crypto.o crypto.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o gpg.o gpg.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o key.o key.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o util.o util.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o parse_options.o parse_options.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o coprocess.o coprocess.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o fhstream.o fhstream.cpp
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -c -o crypto-openssl-10.o crypto-openssl-10.cpp
crypto-openssl-10.cpp: In constructor 'Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)':
crypto-openssl-10.cpp:59:32: warning: 'int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declaration]
59 | if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto-openssl-10.cpp:38:
/usr/include/openssl/aes.h:51:5: note: declared here
51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
| ^~~~~~~~~~~~~~~~~~~
crypto-openssl-10.cpp: In member function 'void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)':
crypto-openssl-10.cpp:74:20: warning: 'void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
74 | AES_encrypt(plain, cipher, &(impl->key));
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/aes.h:57:6: note: declared here
57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
| ^~~~~~~~~~~
crypto-openssl-10.cpp: At global scope:
crypto-openssl-10.cpp:78:18: error: field 'ctx' has incomplete type 'HMAC_CTX' {aka 'hmac_ctx_st'}
78 | HMAC_CTX ctx;
| ^~~
In file included from /usr/include/openssl/evp.h:26,
from /usr/include/openssl/hmac.h:21,
from crypto-openssl-10.cpp:40:
/usr/include/openssl/types.h:135:16: note: forward declaration of 'HMAC_CTX' {aka 'struct hmac_ctx_st'}
135 | typedef struct hmac_ctx_st HMAC_CTX;
| ^~~~~~~~~~~
crypto-openssl-10.cpp: In destructor 'Hmac_sha1_state::~Hmac_sha1_state()':
crypto-openssl-10.cpp:92:9: error: 'HMAC_cleanup' was not declared in this scope; did you mean 'RAND_cleanup'?
92 | HMAC_cleanup(&(impl->ctx));
| ^~~~~~~~~~~~
| RAND_cleanup
make: *** [<builtin>: crypto-openssl-10.o] Error 1
Build works with Alpine 3.16, but starting with Alpine 3.17 it doesn't work. That happens because Alpine 3.16 is shipped with OpenSSL 1.1.1t 7 Feb 2023 and Alpine 3.17 uses OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023). Just in case, Alpine 3.18 uses OpenSSL 3.1.0 14 Mar 2023 (Library: OpenSSL 3.1.0 14 Mar 2023).
After applying patch from the PR #249, it works.
cd "/tmp/git-crypt-${VERSION}" && \
curl -L https://patch-diff.githubusercontent.com/raw/AGWA/git-crypt/pull/249.patch | git apply -v
Btw, there are still some deprecation warnings left after applying the patch, but they do not break the build.
crypto-openssl-11.cpp: In constructor 'Aes_ecb_encryptor::Aes_ecb_encryptor(const unsigned char*)':
crypto-openssl-11.cpp:58:32: warning: 'int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
58 | if (AES_set_encrypt_key(raw_key, KEY_LEN * 8, &(impl->key)) != 0) {
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto-openssl-11.cpp:38:
/usr/include/openssl/aes.h:51:5: note: declared here
51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
| ^~~~~~~~~~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Aes_ecb_encryptor::encrypt(const unsigned char*, unsigned char*)':
crypto-openssl-11.cpp:73:20: warning: 'void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
73 | AES_encrypt(plain, cipher, &(impl->key));
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/aes.h:57:6: note: declared here
57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
| ^~~~~~~~~~~
crypto-openssl-11.cpp: In constructor 'Hmac_sha1_state::Hmac_sha1_state(const unsigned char*, size_t)':
crypto-openssl-11.cpp:84:33: warning: 'HMAC_CTX* HMAC_CTX_new()' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
84 | impl->ctx = HMAC_CTX_new();
| ~~~~~~~~~~~~^~
In file included from crypto-openssl-11.cpp:31:
/usr/include/openssl/hmac.h:33:33: note: declared here
33 | OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
| ^~~~~~~~~~~~
crypto-openssl-11.cpp:85:21: warning: 'int HMAC_Init_ex(HMAC_CTX*, const void*, int, const EVP_MD*, ENGINE*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
85 | HMAC_Init_ex(impl->ctx, key, key_len, EVP_sha1(), nullptr);
| ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:43:27: note: declared here
43 | OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
| ^~~~~~~~~~~~
crypto-openssl-11.cpp: In destructor 'Hmac_sha1_state::~Hmac_sha1_state()':
crypto-openssl-11.cpp:90:22: warning: 'void HMAC_CTX_free(HMAC_CTX*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
90 | HMAC_CTX_free(impl->ctx);
| ~~~~~~~~~~~~~^~~~~~~~~~~
/usr/include/openssl/hmac.h:35:28: note: declared here
35 | OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx);
| ^~~~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Hmac_sha1_state::add(const unsigned char*, size_t)':
crypto-openssl-11.cpp:95:20: warning: 'int HMAC_Update(HMAC_CTX*, const unsigned char*, size_t)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
95 | HMAC_Update(impl->ctx, buffer, buffer_len);
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:45:27: note: declared here
45 | OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
| ^~~~~~~~~~~
crypto-openssl-11.cpp: In member function 'void Hmac_sha1_state::get(unsigned char*)':
crypto-openssl-11.cpp:101:19: warning: 'int HMAC_Final(HMAC_CTX*, unsigned char*, unsigned int*)' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
101 | HMAC_Final(impl->ctx, digest, &len);
| ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/hmac.h:47:27: note: declared here
47 | OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
| ^~~~~~~~~~
g++ -Wall -pedantic -Wno-long-long -O2 -std=c++11 -o git-crypt git-crypt.o commands.o crypto.o gpg.o key.o util.o parse_options.o coprocess.o fhstream.o crypto-openssl-10.o crypto-openssl-11.o -lcrypto