Bug 1375361

Summary: Set enginesdir in libcrypto.pc
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-06 10:37:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description David Woodhouse 2016-09-12 20:38:59 UTC
From the next OpenSSL 1.0.2 and 1.1.0 release, libcrypto.pc will provide an 'enginesdir' variable.

Please make sure when we override enginesdir, we fix that too.

In fact we can fix things to provide enginesdir even before we update...

Comment 1 David Woodhouse 2016-09-24 18:26:30 UTC
This happened in 1.0.2i and it looks like openssl-1.0.2i-1.fc24 isn't fixed.

$ pkg-config --variable enginesdir libcrypto
/usr/lib64/engines

Comment 2 David Woodhouse 2016-09-24 19:45:02 UTC
I have pushed to git, but not built, a 1.0.2i-2 version for f23, f24, f25, master.

Comment 3 Tomas Mraz 2016-09-26 08:27:25 UTC
I think we should get the security update out and I'll make another update with this fix.

Comment 4 Tomas Mraz 2016-09-26 08:31:29 UTC
Or not. Let's do it at once.

Comment 5 David Woodhouse 2016-09-26 09:46:04 UTC
The latter was my intention when I preemptively filed the bug as soon as it landed in OpenSSL git :)

The point in having enginesdir in libcrypto.pc is that stuff can just trust it instead of having horrible distribution-specific hacks to find the right place.

I would be very sad if we ever shipped, even briefly, an update where it was present, but wrong. We really do need to *remove* it, or fix it. Preferably the latter.

I probably should have added a test case so that 'make check' fails if you forgot :)