emerge --sync emerge --update --deep --newuse @world
broke “dev-python/cryptography” on my development “server”. By server I mean Intel Celeron at 400Mhz with 768Mb of RAM. Currently running MySQL, Apache, Apache Tomcat, Samba and Deluge.
i686-pc-linux-gnu-gcc -O2 -march=pentium2 -pipe -fomit-frame-pointer -fno-ident -fPIC -I/usr/include/python2.7 -c /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c -o /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.o /var/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c:2096:15: error: ‘SSLv2_method’ redeclared as different kind of symbol SSL_METHOD* (*SSLv2_method)(void) = NULL;
As the build error says dev-python/cryptography is looking for SSLv2. Doing
equery u openssl [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for dev-libs/openssl-1.0.2h-r2: U I + + asm : Support assembly hand optimized crypto functions (i.e. faster run time) + + bindist : Disable EC algorithms (as they seem to be patented) -- note: changes the ABI - - cpu_flags_x86_sse2 : Use the SSE2 instruction set - - gmp : Add support for dev-libs/gmp (GNU MP library) - - kerberos : Add kerberos support - - rfc3779 : Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers) - - sctp : Support for Stream Control Transmission Protocol - - sslv2 : Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https + + sslv3 : Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https - - static-libs : Build static versions of dynamic libraries as well - - test : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore + + tls-heartbeat : Enable the Heartbeat Extension in TLS and DTLS - - vanilla : Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes drastically + + zlib : Add support for zlib (de)compression
Reveled that OpenSSL is build with ought SSLv2 suport. Adding sslv2 use flag for OpenSSL and rebuilding resolved the problem.
echo "dev-libs/openssl sslv2" > /etc/portage/package.use/openssl
According to me, this is a bug in “dev-python/cryptography“. The ebuild should do some kind of checking if sslv2 use flag is enabled, or it should introduce use flags controlling the version of ssl used.