[oi-dev] OpenSSL update process

Aurélien Larcher aurelien.larcher at gmail.com
Sat Feb 6 23:58:47 UTC 2021


> 1. The mediator is default set to 1.0 but can be safely set to 1.1.
>
> Is changing the mediator supposed to make /usr/include/openssl/<whatever>
> available, or is that supposed to be done by shared-macros.mk after
> setting USE_OPENSSL11=yes, or do we now need to specify
> -I$(OPENSSL_PREFIX)/include in the component Makefile?
>

The mediator can stay as it is on 1.0 for now.

Technically the switch with USE_OPENSSL1X:
1. preprends the directory $(OPENSSL_BINDIR) to PATH,
2. preprends $(OPENSSL_PKG_CONFIG_PATH) to PKG_CONFIG_PATH,
so that any build system relying on pkg-config files or the openssl binary
to detect the paths and the version would get the right one.

However if you change the mediator to 1.1 you should make sure that
library/security/openssl-11 is installed.


> I've changed the mediator and done a git pull to get the latest
> oi-userland bits.  'gmake update' now works in e.g.
> components/perl/net-ssleay/ but the build step doesn't know where to look
> for the headers.
>
> > 2. illumos-gate is patched to accept library/security/openssl-11 as
> > dependency so that it builds when the mediator version is 1.1.
> > 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> > which should be placed before shared-macros.mk is included.
> > 4. If 'gmake update' is executed in a component depending on OpenSSL then
> > the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
> >
> > Now the fun begins:
> >
> > 3. Move all the components supporting OpenSSL 1.1 or update them.
> >> 4. Deprecate possible rotting components which cannot be updated and may
> >> cause security issues.
> >>
> >
> > and... the more, the merrier!
>
> Tim
> --
> Tim Mooney                                             Tim.Mooney at ndsu.edu
> Enterprise Computing & Infrastructure /
> Division of Information Technology    /                701-231-1076 (Voice)
> North Dakota State University, Fargo, ND
> 58105-5164_______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>


-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/5b17c178/attachment.html>


More information about the oi-dev mailing list