[oi-dev] OpenSSL update process

Aurélien Larcher aurelien.larcher at gmail.com
Sun Feb 7 00:13:17 UTC 2021 

On Sun, Feb 7, 2021 at 12:33 AM Tim Mooney via oi-dev <
oi-dev at openindiana.org> wrote:

> In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher
> said...:
>
> > OpenSSL 1.1 is now merged:
> >
> > 1. The mediator is default set to 1.0 but can be safely set to 1.1.
>
> Is changing the mediator supposed to make /usr/include/openssl/<whatever>
> available, or is that supposed to be done by shared-macros.mk after
> setting USE_OPENSSL11=yes, or do we now need to specify
> -I$(OPENSSL_PREFIX)/include in the component Makefile?
>
> I've changed the mediator and done a git pull to get the latest
> oi-userland bits.  'gmake update' now works in e.g.
> components/perl/net-ssleay/ but the build step doesn't know where to look
> for the headers.
>

If /usr/include/openssl does not point anywhere probably the mediator is
not set to a right version or openssl-11 is not installed:

narval> pkg mediator openssl
MEDIATOR            VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
openssl             local     1.1     local      openssl

narval> ls -lha /usr/include/openssl
lrwxrwxrwx 1 root staff 30 Feb  5 22:54 /usr/include/openssl ->
../openssl/1.1/include/openssl

But you should not need to change the mediator to build the package unless
the component's own build system is buggy.

In any case openssl-11 should install automatically at your next update
since I pushed a new wget package depending on it.

Do not hesitate if you have any other questions.
Also you can report if the 'gmake update' trick does not work for some
components, it is after all based on a hastily written piece of python by a
non-python developer :P

Kind regards,

Aurélien


> > 2. illumos-gate is patched to accept library/security/openssl-11 as
> > dependency so that it builds when the mediator version is 1.1.
> > 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> > which should be placed before shared-macros.mk is included.
> > 4. If 'gmake update' is executed in a component depending on OpenSSL then
> > the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
> >
> > Now the fun begins:
> >
> > 3. Move all the components supporting OpenSSL 1.1 or update them.
> >> 4. Deprecate possible rotting components which cannot be updated and may
> >> cause security issues.
> >>
> >
> > and... the more, the merrier!
>
> Tim
> --
> Tim Mooney                                             Tim.Mooney at ndsu.edu
> Enterprise Computing & Infrastructure /
> Division of Information Technology    /                701-231-1076 (Voice)
> North Dakota State University, Fargo, ND
> 58105-5164_______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>


-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/7d23910c/attachment-0001.html>

More information about the oi-dev mailing list