使用rbenv和ruby-build构建ruby失败，并带有未定义的符号:SSLv2_method

本文介绍了使用rbenv和ruby-build构建ruby失败，并带有未定义的符号:SSLv2_method的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试在具有ARMv7处理器的Synology DS215j上安装ruby 2.2.4或2.3.0.我使用 optware-ng 来安装gcc，make，openssl，openssl-dev和zlib.我根据自述文件.

I'm trying to install ruby 2.2.4 or 2.3.0 on my Synology DS215j which has an ARMv7 processor. I used optware-ng to install gcc, make, openssl, openssl-dev and zlib. I installed rbenv (version 1.0.0-19-g29b4da7) and the ruby-build plugin according to the instructions in the README.

这些是与optware-ng一起安装的软件包及其版本

These are the package and their versions installed with optware-ng

binutils - 2.25.1-1
gcc - 5.3.0-6
gconv-modules - 2.21-3
glibc-opt - 2.21-4
libc-dev - 2.21-1
libgmp - 6.0.0a-1
libmpc - 1.0.2-1
libmpfr - 3.1.3-1
libnsl - 2.21-3
libstdc++ - 6.0.21-6
make - 4.1-1
ncurses - 5.7-4
openssl - 1.0.2f-1
openssl-dev - 1.0.2f-1
readline - 6.1-2
ruby - 2.2.0-1
screen - 4.2.1-2
termcap - 1.3.1-3
zlib - 1.2.8-2

在两种情况下都运行rbenv install 2.2.4或rbenv install 2.3.0时，构建失败，并显示错误消息未定义的符号:SSLv2_method".这是2.2.4版本的错误:

When I run rbenv install 2.2.4 or rbenv install 2.3.0 in both cases the build fails with the error message "undefined symbol: SSLv2_method". This is the error for the 2.2.4 build:

installing bundle gems:       /var/services/homes/florian/.rbenv/versions/2.2.4/lib/ruby/gems/2.2.0 (build_info, cache, doc, extensions, gems, specifications)
/tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require': /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/armv7l-linux-eabihf/openssl.so: undefined symbol: SSLv2_method - /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/armv7l-linux-eabihf/openssl.so (LoadError)
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/.ext/common/openssl.rb:17:in `<top (required)>'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/security.rb:11:in `<top (required)>'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/package.rb:43:in `<top (required)>'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/dependency_installer.rb:3:in `<top (required)>'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /tmp/ruby-build.20160329115213.2672/ruby-2.2.4/lib/rubygems.rb:556:in `install'
    from ./tool/rbinstall.rb:722:in `block (2 levels) in <main>'
    from ./tool/rbinstall.rb:721:in `each'
    from ./tool/rbinstall.rb:721:in `block in <main>'
    from ./tool/rbinstall.rb:757:in `call'
    from ./tool/rbinstall.rb:757:in `block in <main>'
    from ./tool/rbinstall.rb:754:in `each'
    from ./tool/rbinstall.rb:754:in `<main>'
uncommon.mk:246: recipe for target 'do-install-all' failed
make: *** [do-install-all] Error 1

这似乎与红宝石中的某物有关.

This seems to be related to something in rubygems.

有趣的是，我自己尝试构建ruby的原因是，当我尝试安装gems时，Synology 6随附的ruby版本返回了类似的错误:

Interestingly, the reason why I try to build ruby myself is, that the ruby version delivered with Synology 6 returns a similar error when I try to install gems:

florian@synology:~/.rbenv/plugins$ /usr/bin/gem install rails
ERROR:  Loading command: install (LoadError)
        /usr/lib/ruby/2.3.0/armle-linux-gnu/openssl.so: undefined symbol: SSLv2_method - /usr/lib/ruby/2.3.0/armle-linux-gnu/openssl.so
ERROR:  While executing gem ... (NoMethodError)
    undefined method `invoke_with_build_args' for nil:NilClass

什么可能导致这些问题，我该如何解决?

What could cause these issues and how could I resolve them?

推荐答案

什么可能导致这些问题...

What could cause these issues ...

由于 CVE-2016-0800 ( DROWN Attack ).

由于您所经历的影响，我认为完全清除操作有点苛刻.应该有一个警告和过渡期.它应该在10年前左右发生.

I think the complete removal was a bit harsh because of the effects like you are experiencing. There should have been a warning and transition period. And it should have occurred 10 years ago or so.

我认为SSLv2_method，SSLv2_client_method和SSLv2_server_method应该设置适当的错误代码(例如ERR_R_REMOVED_INSECURE)并返回NULL，而不是由于DROWN而导致无法完全删除. <openssl/opensslconf.h>应该也无条件设置OPENSSL_NO_SSL2.

Instead of complete removal due to DROWN, I think SSLv2_method, SSLv2_client_method and SSLv2_server_method should have set an appropriate error code like ERR_R_REMOVED_INSECURE and returned NULL. <openssl/opensslconf.h> should have unconditionally set OPENSSL_NO_SSL2 also.

OpenSSL意识到他们破坏了ABI兼容性，并使用提交133138569f37d149 .签入再次提供了符号SSLv2_method，SSLv2_client_method和SSLv2_server_method，但是它们返回NULL而不设置错误代码.它们也没有定义OPENSSL_NO_SSL2.另请参见> openssl.org#4398]错误/1.0.2g中断CURL扩展名.

OpenSSL realized they broke ABI compatibility and added the symbols back to 1.0.2 with Commit 133138569f37d149. The check-in provided the symbols SSLv2_method, SSLv2_client_method and SSLv2_server_method again, but they return NULL without setting an error code. They also do not define OPENSSL_NO_SSL2. Also see [openssl.org #4398] BUG / 1.0.2g breaks CURL extension.

SSLv2不安全已有15或20年.像Ruby这样的软件包不应该引用这些符号.您应该针对Ruby提交安全性错误报告，以引用该符号.

SSLv2 has been insecure for 15 or 20 years. Packages like Ruby should not have been referencing the symbols. You should file a security bug report against Ruby for referencing the symbol.

要解决此问题，我相信您需要(1)等待OpenSSL 1.0.2h，(2)，手动修补OpenSSL 1.0.2g，或(3)删除对SSLv2_method，SSLv2_client_method的所有Ruby引用和SSLv2_server_method.

To fix the issue, I believe you need either (1) wait for OpenSSL 1.0.2h, (2), manually patch OpenSSL 1.0.2g, or (3) remove all Ruby references to SSLv2_method, SSLv2_client_method and SSLv2_server_method.

这是您需要的补丁(2)，手动修补OpenSSL 1.0.2g:

Here's the patch you need for (2), manually patch OpenSSL 1.0.2g:

diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index b312f17..d46e2f5 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -74,8 +74,8 @@ IMPLEMENT_ssl2_meth_func(SSLv2_method,
                          ssl2_accept, ssl2_connect, ssl2_get_method)
 #else                           /* !OPENSSL_NO_SSL2 */

-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
+SSL_METHOD *SSLv2_method(void) { return NULL; }
+SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+SSL_METHOD *SSLv2_server_method(void) { return NULL; }

 #endif

您还应该至少使用no-ssl2 no-ssl3 no-comp标志配置和编译OpenSSL，因为它们是已知的安全问题.配置选项在<openssl/opensslconf.h>中定义OPENSSL_NO_SSL2，OPENSSL_NO_SSL3和OPENSSL_NO_COMP.

You should also configure and compile OpenSSL with at least no-ssl2 no-ssl3 no-comp flags because they are known security problems. The configure options define OPENSSL_NO_SSL2, OPENSSL_NO_SSL3 and OPENSSL_NO_COMP in <openssl/opensslconf.h>.

这篇关于使用rbenv和ruby-build构建ruby失败，并带有未定义的符号:SSLv2_method的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！