HomeWildfire Games

Build gloox with GnuTLS on macOS, refs #4705.

Description

Build gloox with GnuTLS on macOS, refs #4705.

This includes GMP and nettle, that are dependencies of GnuTLS.
On versions of OSX/macOS up to 10.11, TLS handshakes can still fail and crash, so users of those older versions should disable TLS on the lobby in the options screen, and will still be able to use it.

Differential Revision: https://code.wildfiregames.com/D1654
Tested By: Tobbi, trompetin17, and testers of their bundles.

Details

Committed
ItmsSun, Dec 2, 9:52 PM
Differential Revision
D1654: Build gloox with GnuTLS on macOS
Parents
rP21939: Minor change to the libcurl macOS compilation.
Branches
Unknown
Tags
Unknown
Build Status
Buildable 6488
Build 10739: Post-Commit BuildJenkins

Event Timeline

elexis added a subscriber: elexis.Fri, Dec 7, 2:10 PM

On versions of OSX/macOS up to 10.11, TLS handshakes can still fail and crash?

Stan added a subscriber: Stan.EditedFri, Dec 7, 2:34 PM

If I compile on 10.9.5 I can access the lobby with tls without issues.

I need the --without-ssl flag (which doesn't do what it says and only disables system TLS) and to change the libsodium url (because their website doesn't load on OsX 10.9.5)

That RC is available on the forums and people who tested it so far with later versions of Mac says it works

Itms added a comment.Fri, Dec 7, 2:55 PM

@elexis Yeah, it's the clock_gettime thing...

In rP21940#31688, @Stan wrote:

I need the --without-ssl flag (which doesn't do what it says and only disables system TLS) and to change the libsodium url (because their website doesn't load on OsX 10.9.5)

You are mixing things up. The missing flag is for curl, and the libsodium is also curl (but the system one).

In rP21940#31688, @Stan wrote:

That RC is available on the forums and people who tested it so far with later versions of Mac says it works

@elexis We can rely on Stan for the RCs generation, so that there is no crash on old OSX, but honestly I'd rather rely on trompetin so that our build system on Mac really catches up, and make up for the lost time: that implies letting things break on old versions of OSX, because Apple is not really into retrocompatibility 😕 It is possible to circumvent the crash with the TLS option, so I think it's an acceptable compromise between the comfort of users and the sanity of our macOS development environment.

Stan added a comment.Fri, Dec 7, 2:57 PM

Ah right.

As for the TLS option I have it enabled on my build. So there is no need to circumvent anything.

elexis added a comment.Fri, Dec 7, 5:15 PM

If it crashes for everyone on 10.9, 10.10, 10.11, we can disable TLS in the config and remove that one TLS sentence for OSX.

(The relevant GDPR article is 32 and it says

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk

which I interpret as us having to enable TLS if we just have to tick a box, but not if the entire software stack is broken and there not being any private personal data processed other than the pw.)

The question I have is just: What crash?

Stan added a comment.Fri, Dec 7, 5:31 PM

It doesn't crash on any of those platforms if I build the game.

It crashes only because trompetin17 is building on 10.14 and that gnutls is detecting special kernel functions that were introduced in 10.12. such as __clock_gettime(), look on the forums for the crashlog I posted.

If I build the game I'm able to

  • Log on the lobby with TLS.
  • Log on the lobby without TLS.
  • Log on Modio.

If I use trompetin17's bundle,

  • Logging on the lobby with TLS crashes because it fails to load the symbols. (GnuTLS uses stuff that isn't present on my kernel such as __clock_gettime())
  • Logging on the lobby without TLS works.
  • Logging on Modio fails because of the certificate. (Because libcurl was built without the --without-ssl flag)

Tell me if I'm not clear.

Itms added a comment.Fri, Dec 7, 5:56 PM

Clarifying a small thing in Stan's answer (which is correct): when D1687 is committed (tonight probably, as trompetin is testing it as we speak), mod.io will work for everyone, regardless of who built the game.

Also, none of the users who tested in the forums PM convo had a version below 10.12, which is probably why you didn't remember us having the clock_gettime bug.