[oi-dev] OpenSSL update process

Tim Mooney Tim.Mooney at ndsu.edu
Sat Feb 6 23:33:23 UTC 2021


In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher said...:

> OpenSSL 1.1 is now merged:
>
> 1. The mediator is default set to 1.0 but can be safely set to 1.1.

Is changing the mediator supposed to make /usr/include/openssl/<whatever>
available, or is that supposed to be done by shared-macros.mk after
setting USE_OPENSSL11=yes, or do we now need to specify
-I$(OPENSSL_PREFIX)/include in the component Makefile?

I've changed the mediator and done a git pull to get the latest
oi-userland bits.  'gmake update' now works in e.g.
components/perl/net-ssleay/ but the build step doesn't know where to look
for the headers.

> 2. illumos-gate is patched to accept library/security/openssl-11 as
> dependency so that it builds when the mediator version is 1.1.
> 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> which should be placed before shared-macros.mk is included.
> 4. If 'gmake update' is executed in a component depending on OpenSSL then
> the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
>
> Now the fun begins:
>
> 3. Move all the components supporting OpenSSL 1.1 or update them.
>> 4. Deprecate possible rotting components which cannot be updated and may
>> cause security issues.
>>
>
> and... the more, the merrier!

Tim
-- 
Tim Mooney                                             Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology    /                701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164


More information about the oi-dev mailing list