[oi-dev] OpenSSL update process

Aurélien Larcher aurelien.larcher at gmail.com
Sun Feb 7 13:09:18 UTC 2021


On Sun, Feb 7, 2021 at 1:21 PM Andreas Wacknitz <A.Wacknitz at gmx.de> wrote:

> Am 06.02.21 um 21:56 schrieb Aurélien Larcher:
>
>
> OpenSSL 1.1 is now merged:
>
> 1. The mediator is default set to 1.0 but can be safely set to 1.1.
> 2. illumos-gate is patched to accept library/security/openssl-11 as
> dependency so that it builds when the mediator version is 1.1.
> 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> which should be placed before shared-macros.mk is included.
> 4. If 'gmake update' is executed in a component depending on OpenSSL then
> the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
>
> Now the fun begins:
>
> 3. Move all the components supporting OpenSSL 1.1 or update them.
>> 4. Deprecate possible rotting components which cannot be updated and may
>> cause security issues.
>>
>
> and... the more, the merrier!
>
>
> Cheers
>
>
> _______________________________________________
> oi-dev mailing listoi-dev at openindiana.orghttps://openindiana.org/mailman/listinfo/oi-dev
>
> Hi,
>
> do we have a problem with missing engine files in the openssl-11 package?
>
> ╰─➤  cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc
> prefix=/usr/openssl/1.1
> exec_prefix=${prefix}
> libdir=${exec_prefix}/lib/
> includedir=${prefix}/include
> enginesdir=${libdir}/engines-1.1
>
> Name: OpenSSL-libcrypto
> Description: OpenSSL cryptography library
> Version: 1.1.1i
> Libs: -L${libdir} -lcrypto
> Libs.private: -lsocket -lnsl -ldl -pthread
> Cflags: -I${includedir}
>
> So, libcrypto.pc states that there shall be /usr/openssl/1.1/lib/engine
> files but there aren't any (same for 64-bit):
>

It seems like they did not bother to remove the enginesdir variable from
the .pc file if engines are not built...

We could ship an empty directory or patch the .pc files but if you think
that it is better to ship the engines we can do that also.
I do not really know who consumes them...



>
> ╭─andreas at skoll /usr/openssl/1.1/lib/pkgconfig
> ╰─➤  ls -l /usr/openssl/1.1/lib
> total 7445
> lrwxrwxrwx   1 root     root           1 Feb  6 11:17 32 -> ./
> lrwxrwxrwx   1 root     root           5 Feb  6 11:17 64 -> amd64/
> lrwxrwxrwx   1 root     root          12 Feb  6 11:17 CA.pl ->
> ../bin/CA.pl*
> drwxr-xr-x   3 root     sys            7 Feb  6 11:17 amd64/
> lrwxrwxrwx   1 root     root          16 Feb  6 11:17 libcrypto.so ->
> libcrypto.so.1.1*
> -r-xr-xr-x   1 root     bin      2947532 Feb  6 11:17 libcrypto.so.1.1*
> lrwxrwxrwx   1 root     root          13 Feb  6 11:17 libssl.so ->
> libssl.so.1.1*
> -r-xr-xr-x   1 root     bin       748144 Feb  6 11:17 libssl.so.1.1*
> drwxr-xr-x   2 root     sys            5 Feb  6 11:17 pkgconfig/
>
> "pkg contents openssl-11" doesn't show any engine files in the package.
>
>
> Maybe unrelated to this: At the moment I try to build remmina with
> openssl-1.1 but it fails to link:
>
> [100%] Linking C executable remmina
> Undefined            first referenced
>  symbol                  in file
> ERR_load_crypto_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ERR_free_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ld: fatal: symbol referencing errors. No output written to remmina
>
> Regards,
> Andreas
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>


-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/3cddf9ab/attachment-0001.html>


More information about the oi-dev mailing list