我试图在装有ARMv7处理器的Synology DS215j上安装ruby 2.2.4或2.3.0。我使用optware-ng来安装gcc,make,openssl,openssl-dev和zlib。我根据README中的说明安装了rbenv(版本1.0.0-19-g29b4da7)和ruby-build插件。
这些是使用optware-ng
安装的软件包及其版本binutils - 2.25.1-1
gcc - 5.3.0-6
gconv-modules - 2.21-3
glibc-opt - 2.21-4
libc-dev - 2.21-1
libgmp - 6.0.0a-1
libmpc - 1.0.2-1
libmpfr - 3.1.3-1
libnsl - 2.21-3
libstdc++ - 6.0.21-6
make - 4.1-1
ncurses - 5.7-4
openssl - 1.0.2f-1
openssl-dev - 1.0.2f-1
readline - 6.1-2
ruby - 2.2.0-1
screen - 4.2.1-2
termcap - 1.3.1-3
zlib - 1.2.8-2
当我在两种情况下运行rbenv install 2.2.4
或rbenv install 2.3.0
时,构建失败并显示错误消息"未定义的符号:SSLv2_method"。这是2.2.4版本的错误:
installing bundle gems: /var/services/homes/florian/.rbenv/versions/2.2.4/lib/ruby/gems/2.2.0 (build_info, cache, doc, extensions, gems, specifications)
/tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require': /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/armv7l-linux-eabihf/openssl.so: undefined symbol: SSLv2_method - /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/armv7l-linux-eabihf/openssl.so (LoadError)
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/common/openssl.rb:17:in `<top (required)>'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/security.rb:11:in `<top (required)>'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/package.rb:43:in `<top (required)>'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/dependency_installer.rb:3:in `<top (required)>'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems.rb:556:in `install'
from ./tool/rbinstall.rb:722:in `block (2 levels) in <main>'
from ./tool/rbinstall.rb:721:in `each'
from ./tool/rbinstall.rb:721:in `block in <main>'
from ./tool/rbinstall.rb:757:in `call'
from ./tool/rbinstall.rb:757:in `block in <main>'
from ./tool/rbinstall.rb:754:in `each'
from ./tool/rbinstall.rb:754:in `<main>'
uncommon.mk:246: recipe for target 'do-install-all' failed
make: *** [do-install-all] Error 1
这似乎与rubygems中的某些内容有关。
有趣的是,我自己尝试构建ruby的原因是,当我尝试安装gem时,Synology 6提供的ruby版本会返回类似的错误:
florian@synology:~/.rbenv/plugins$ /usr/bin/gem install rails
ERROR: Loading command: install (LoadError)
/usr/lib/ruby/2.3.0/armle-linux-gnu/openssl.so: undefined symbol: SSLv2_method - /usr/lib/ruby/2.3.0/armle-linux-gnu/openssl.so
ERROR: While executing gem ... (NoMethodError)
undefined method `invoke_with_build_args' for nil:NilClass
什么可能导致这些问题,我该如何解决?
答案 0 :(得分:6)
当我在两种情况下运行rbenv install 2.2.4或rbenv install 2.3.0时,构建失败并显示错误消息
"undefined symbol: SSLv2_method"
...可能导致这些问题的原因......
由于CVE-2016-0800(DROWN Attack),3月份SSLv2设备已从OpenSSL中完全删除。
我认为由于您遇到的影响,完全删除有点苛刻。应该有警告和过渡期。它应该发生在10年前左右。
我认为SSLv2_method
,SSLv2_client_method
和SSLv2_server_method
应该设置一个适当的错误代码,例如ERR_R_REMOVED_INSECURE
,而不是由于DROWN完全删除,并返回NULL。 <openssl/opensslconf.h>
也应该无条件地设置OPENSSL_NO_SSL2
。
OpenSSL意识到他们破坏了ABI兼容性并将符号添加回1.0.2 Commit 133138569f37d149。签入时再次提供符号SSLv2_method
,SSLv2_client_method
和SSLv2_server_method
,但它们返回NULL而不设置错误代码。他们也没有定义OPENSSL_NO_SSL2
。另请参阅[openssl.org #4398] BUG / 1.0.2g breaks CURL extension。
SSLv2已经15或20年不安全了。 Ruby之类的软件包不应该引用这些符号。您应该针对Ruby提交安全错误报告以引用该符号。
......我怎么解决它们?
要解决此问题,我相信您需要(1)等待OpenSSL 1.0.2h,(2),手动修补OpenSSL 1.0.2g,或(3)删除对SSLv2_method
的所有Ruby引用,{ {1}}和SSLv2_client_method
。
这里是您需要的补丁(2),手动修补OpenSSL 1.0.2g:
SSLv2_server_method
您还应该使用至少diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index b312f17..d46e2f5 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method,
ssl2_accept, ssl2_connect, ssl2_get_method)
#else /* !OPENSSL_NO_SSL2 */
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }
#endif
标志配置和编译OpenSSL,因为它们是已知的安全问题。配置选项定义no-ssl2 no-ssl3 no-comp
中的OPENSSL_NO_SSL2
,OPENSSL_NO_SSL3
和OPENSSL_NO_COMP
。
答案 1 :(得分:3)
经过多次尝试和大量搜索后,我发现了ruby-build issue并重新阅读ruby-build wiki中的建议,这些说明建议其他平台安装autoconf。我安装了automaker,autoconf和gdbm(我在ruby-build日志中发现了一些警告),ipkg没有直接帮助。只有在我将rbenv与RUBY_CONFIGURE_OPTS=--with-openssl-dir=/opt
作为前缀之后才有效。
作为参考,这些是我用ipkg安装的软件包
autoconf - 2.69-1
automake - 1.15-3
binutils - 2.25.1-1
gcc - 5.3.0-6
gconv-modules - 2.21-3
gdbm - 1.8.3-4
glibc-opt - 2.21-4
libc-dev - 2.21-1
libgmp - 6.0.0a-1
libmpc - 1.0.2-1
libmpfr - 3.1.3-1
libnsl - 2.21-3
libstdc++ - 6.0.21-6
m4 - 1.4.17-1
make - 4.1-1
ncurses - 5.7-4
openssl - 1.0.2f-1
openssl-dev - 1.0.2f-1
readline - 6.1-2
ruby - 2.2.0-1
screen - 4.2.1-2
termcap - 1.3.1-3
zlib - 1.2.8-2
这是最终为我工作的rbenv命令
RUBY_CONFIGURE_OPTS=--with-openssl-dir=/opt rbenv install 2.3.0 -v