<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 7, 2021 at 5:02 PM Andreas Wacknitz <<a href="mailto:A.Wacknitz@gmx.de">A.Wacknitz@gmx.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>Am 07.02.21 um 14:09 schrieb Aurélien
Larcher:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Feb 7, 2021 at 1:21
PM Andreas Wacknitz <<a href="mailto:A.Wacknitz@gmx.de" target="_blank">A.Wacknitz@gmx.de</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>Am 06.02.21 um 21:56 schrieb Aurélien Larcher:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">OpenSSL
1.1 is now merged:</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">1.
The mediator is default set to 1.0 but can be safely
set to 1.1.<br>
</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">2.
illumos-gate is patched to accept
library/security/openssl-11 as dependency so that it
builds when the mediator version is 1.1.</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">3.
oi-userland has now a switch USE_OPENSSL10=yes or
USE_OPENSSL11=yes which should be placed before <a href="http://shared-macros.mk" target="_blank">shared-macros.mk</a> is
included.</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">4.
If 'gmake update' is executed in a component
depending on OpenSSL then the switch is made to
OpenSSL 1.1 unless USE_OPENSSL10=yes is set.</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">Now
the fun begins:</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">3. Move all the components
supporting OpenSSL 1.1 or update them.
<div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">4.
Deprecate possible rotting components which
cannot be updated and may cause security
issues.</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">and...
the more, the merrier!</div>
<br>
</div>
<div><br>
</div>
<div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">Cheers</div>
<br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
oi-dev mailing list
<a href="mailto:oi-dev@openindiana.org" target="_blank">oi-dev@openindiana.org</a>
<a href="https://openindiana.org/mailman/listinfo/oi-dev" target="_blank">https://openindiana.org/mailman/listinfo/oi-dev</a>
</pre>
</blockquote>
Hi,<br>
<br>
do we have a problem with missing engine files in the
openssl-11 package?<br>
<br>
╰─➤ cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc<br>
prefix=/usr/openssl/1.1<br>
exec_prefix=${prefix}<br>
libdir=${exec_prefix}/lib/<br>
includedir=${prefix}/include<br>
enginesdir=${libdir}/engines-1.1<br>
<br>
Name: OpenSSL-libcrypto<br>
Description: OpenSSL cryptography library<br>
Version: 1.1.1i<br>
Libs: -L${libdir} -lcrypto<br>
Libs.private: -lsocket -lnsl -ldl -pthread<br>
Cflags: -I${includedir}<br>
<br>
So, libcrypto.pc states that there shall be
/usr/openssl/1.1/lib/engine files but there aren't any
(same for 64-bit):<br>
</div>
</blockquote>
<div><br>
</div>
<div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">It seems like they did not bother to
remove the enginesdir variable from the .pc file if
engines are not built...</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">We could ship an empty directory or
patch the .pc files but if you think that it is better to
ship the engines we can do that also.</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:small">I do not really know who consumes
them...<br>
</div>
<br>
</div>
</div>
</div>
</blockquote>
I don't know, too. But letting a .pc file pointing to something
non-existing is the worst way imo.<br></div></blockquote><div> </div><div><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">But there is no support for them in any case so the probability that a broken build system would use that path after detecting that engines are not shipped is thin...</span></div><div><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
Best would probably be to ship them where they are expected.<br></div></blockquote><div> </div></div><div class="gmail_quote"><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">If you have time you could just enable them and publish a new openssl, but even then we do not ship pk11 unless someone takes time to look at it.</div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">There are no consumers so it is likely not going to make much difference but at least consistency is restored.<br></div><div><br></div><div><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"></span><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Do want you think is best.</span><br></div><div><br></div><div><br>
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
_______________________________________________<br>
oi-dev mailing list<br>
<a href="mailto:oi-dev@openindiana.org" target="_blank">oi-dev@openindiana.org</a><br>
<a href="https://openindiana.org/mailman/listinfo/oi-dev" rel="noreferrer" target="_blank">https://openindiana.org/mailman/listinfo/oi-dev</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font style="font-family:courier new,monospace" size="1">---<br>Praise the Caffeine embeddings<br></font></div></div></div></div></div>