<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Am 07.02.21 um 14:09 schrieb Aurélien
Larcher:<br>
</div>
<blockquote type="cite"
cite="mid:CAHMq6q0UvgYYJ+OGj2q=6qZRRxORSoHRg1tFeDY2hDL=wAifAQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Feb 7, 2021 at 1:21
PM Andreas Wacknitz <<a href="mailto:A.Wacknitz@gmx.de"
moz-do-not-send="true">A.Wacknitz@gmx.de</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div>Am 06.02.21 um 21:56 schrieb Aurélien Larcher:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">OpenSSL
1.1 is now merged:</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">1.
The mediator is default set to 1.0 but can be safely
set to 1.1.<br>
</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">2.
illumos-gate is patched to accept
library/security/openssl-11 as dependency so that it
builds when the mediator version is 1.1.</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">3.
oi-userland has now a switch USE_OPENSSL10=yes or
USE_OPENSSL11=yes which should be placed before <a
href="http://shared-macros.mk" target="_blank"
moz-do-not-send="true">shared-macros.mk</a> is
included.</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">4.
If 'gmake update' is executed in a component
depending on OpenSSL then the switch is made to
OpenSSL 1.1 unless USE_OPENSSL10=yes is set.</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">Now
the fun begins:</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"><br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">3. Move all the components
supporting OpenSSL 1.1 or update them.
<div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">4.
Deprecate possible rotting components which
cannot be updated and may cause security
issues.</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">and...
the more, the merrier!</div>
<br>
</div>
<div><br>
</div>
<div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small">Cheers</div>
<br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
oi-dev mailing list
<a href="mailto:oi-dev@openindiana.org" target="_blank" moz-do-not-send="true">oi-dev@openindiana.org</a>
<a href="https://openindiana.org/mailman/listinfo/oi-dev" target="_blank" moz-do-not-send="true">https://openindiana.org/mailman/listinfo/oi-dev</a>
</pre>
</blockquote>
Hi,<br>
<br>
do we have a problem with missing engine files in the
openssl-11 package?<br>
<br>
╰─➤ cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc<br>
prefix=/usr/openssl/1.1<br>
exec_prefix=${prefix}<br>
libdir=${exec_prefix}/lib/<br>
includedir=${prefix}/include<br>
enginesdir=${libdir}/engines-1.1<br>
<br>
Name: OpenSSL-libcrypto<br>
Description: OpenSSL cryptography library<br>
Version: 1.1.1i<br>
Libs: -L${libdir} -lcrypto<br>
Libs.private: -lsocket -lnsl -ldl -pthread<br>
Cflags: -I${includedir}<br>
<br>
So, libcrypto.pc states that there shall be
/usr/openssl/1.1/lib/engine files but there aren't any
(same for 64-bit):<br>
</div>
</blockquote>
<div><br>
</div>
<div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"
class="gmail_default">It seems like they did not bother to
remove the enginesdir variable from the .pc file if
engines are not built...</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"
class="gmail_default"><br>
</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"
class="gmail_default">We could ship an empty directory or
patch the .pc files but if you think that it is better to
ship the engines we can do that also.</div>
<div
style="font-family:arial,helvetica,sans-serif;font-size:small"
class="gmail_default">I do not really know who consumes
them...<br>
</div>
<br>
</div>
</div>
</div>
</blockquote>
I don't know, too. But letting a .pc file pointing to something
non-existing is the worst way imo.<br>
Best would probably be to ship them where they are expected.<br>
<br>
Andreas<br>
</body>
</html>