[oi-dev] OpenSSL update process

Andreas Wacknitz A.Wacknitz at gmx.de
Sun Feb 7 16:02:26 UTC 2021 

Am 07.02.21 um 14:09 schrieb Aurélien Larcher:
>
>
> On Sun, Feb 7, 2021 at 1:21 PM Andreas Wacknitz <A.Wacknitz at gmx.de
> <mailto:A.Wacknitz at gmx.de>> wrote:
>
>     Am 06.02.21 um 21:56 schrieb Aurélien Larcher:
>>
>>     OpenSSL 1.1 is now merged:
>>
>>     1. The mediator is default set to 1.0 but can be safely set to 1.1.
>>     2. illumos-gate is patched to accept library/security/openssl-11
>>     as dependency so that it builds when the mediator version is 1.1.
>>     3. oi-userland has now a switch USE_OPENSSL10=yes or
>>     USE_OPENSSL11=yes which should be placed before shared-macros.mk
>>     <http://shared-macros.mk> is included.
>>     4. If 'gmake update' is executed in a component depending on
>>     OpenSSL then the switch is made to OpenSSL 1.1 unless
>>     USE_OPENSSL10=yes is set.
>>
>>     Now the fun begins:
>>
>>         3. Move all the components supporting OpenSSL 1.1 or update
>>         them.
>>         4. Deprecate possible rotting components which cannot be
>>         updated and may cause security issues.
>>
>>
>>     and... the more, the merrier!
>>
>>
>>     Cheers
>>
>>
>>     _______________________________________________
>>     oi-dev mailing list
>>     oi-dev at openindiana.org  <mailto:oi-dev at openindiana.org>
>>     https://openindiana.org/mailman/listinfo/oi-dev  <https://openindiana.org/mailman/listinfo/oi-dev>
>     Hi,
>
>     do we have a problem with missing engine files in the openssl-11
>     package?
>
>     ╰─➤  cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc
>     prefix=/usr/openssl/1.1
>     exec_prefix=${prefix}
>     libdir=${exec_prefix}/lib/
>     includedir=${prefix}/include
>     enginesdir=${libdir}/engines-1.1
>
>     Name: OpenSSL-libcrypto
>     Description: OpenSSL cryptography library
>     Version: 1.1.1i
>     Libs: -L${libdir} -lcrypto
>     Libs.private: -lsocket -lnsl -ldl -pthread
>     Cflags: -I${includedir}
>
>     So, libcrypto.pc states that there shall be
>     /usr/openssl/1.1/lib/engine files but there aren't any (same for
>     64-bit):
>
>
> It seems like they did not bother to remove the enginesdir variable
> from the .pc file if engines are not built...
>
> We could ship an empty directory or patch the .pc files but if you
> think that it is better to ship the engines we can do that also.
> I do not really know who consumes them...
>
I don't know, too. But letting a .pc file pointing to something
non-existing is the worst way imo.
Best would probably be to ship them where they are expected.

Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/af96c95a/attachment.html>

More information about the oi-dev mailing list