[oi-dev] review openssl-1.0

Bayard Bell buffer.g.overflow at gmail.com
Tue Apr 15 09:17:39 UTC 2014


If you want to keep 0.9.8, you'll want to get the post-0.9.8y changes that
were meant to be part of the 0.9.8za phantom release:

http://git.openssl.org/gitweb/?p=openssl.git;a=shortlog;h=refs/heads/OpenSSL_0_9_8-stable

When you say you massaged openssl 1.0 to build with gcc, were the only
changes made to the build infrastructure in the form included in your mail,
or did you have to make code changes? Are you not able to include the
linker options, including the maps, with gcc? Why omit the frame pointer?

If you want to continue shipping different release series with 0.9.8, I'd
strongly recommend putting it in a separate package so that it can be
tracked as a separate dependency for packaged software and can be removed
by anyone who doesn't need it and/or judges keeping the older code a
greater liability.


On 14 April 2014 16:31, Alexander Pyhalov <alp at rsu.ru> wrote:

> Hello.
> I'm working on enabling openssl-1.0 in oi-userland.
>
> Please, review this work:
> https://github.com/pyhalov/oi-userland/compare/openssl
>
> The main issue is that we
> a) should support legacy software which depends on openssl 0.9.8,
> b) can't rebuild the whole OI /hipster .
> So, we should provide compatibility package.
>
> The things I've done:
> 1) resync our code with userland one,
> 2) added openssl 0.9.8 auxiliary component (the only target used is
> "build").
> It's used to build libssl.so.0.9.8 and libcrypto.so.0.9.8 after compiling
> openssl 1.0.
> 3) massaged openssl 1.0 so that it uses gcc.
>
> I'm a bit worried that gcc and sun cc build options in Configure script
> are different. I can't predict how it affects resulting binaries.
>
> Old Sun Studio config:
> "solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -g -Xa::-D_REENTRANT::-lsocket
> -lnsl -lc:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL
> BF_PTR:${x86_elf_asm_sunw}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text
> -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign
> -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> "solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -g -xstrconst -Xa
> -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHAR
> RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm_sunw}:
> dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore
> -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.
> so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>
> default gcc config:
> "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall
> -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl
> -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}
> :dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
> "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN
> -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG
> RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64
> -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>
> "-ldl" and "-lc" difference doesn't matter, as libdl is just a proxy
> library for libc. However I can't estimate the influence of other options.
>
> Testing done:
> 1) successfully run apache 2.2 (not recompiled) with new openssl 0.9.8
> bits,
> 2) rebuilt and successfully booted latest illumos-gate
> 3) oi-build rebuild on-going now, so far no surprises
> 4) found out that apache 2.4 https doesn't work with any openssl (so it's
> a serious separate issue)
>
> Waiting for your comments. If I don't receive any negative feedback and
> userland build completes without issues, I'm going to commit these bits in
> several few days.
> --
> Best regards,
> Alexander Pyhalov,
> system administrator of Computer Center of Southern Federal University
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20140415/ffd814ab/attachment-0005.html>


More information about the oi-dev mailing list