Bug 1825937 (OpenSSL3.0)
|
Description
Ben Cotton
2020-04-20 14:25:30 UTC
We need to retarget this to Fedora 34. Ben, what should I do with the change? I'll update the wiki page to reflect that. For this bug, I don't have a good way of handling Changes Tracking bugs for changes that shouldn't be branched at the mass branch point. I'll have to think about the best way to do that, so you can ignore this for now. If I accidentally branch this to F33 at the branch point, yell at me :-) We have reached the 'Code Complete (testable)' milestone in the Fedora 34 release cycle. If your Change is in a testable state, please set the status to MODIFIED. If this Change will not be ready for Fedora 34, please set the version to rawhide. The 100% code complete deadline is Tue 2021-02-23. Updating to F35 tracker Has anything happened in Fedora for this yet? There's not an openssl3 package? Presumably, there is a place that has our packages for openssl3, but I cannot find it. I expected a git branch at https://src.fedoraproject.org/rpms/openssl/branches but I don't see one. What I'm looking for is something like: "To test your software against openssl3, use these packages from this COPR, or from this koji scratch build, or..." OK I realized searching by package name is enough to turn up: https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=7906 And that RPM also installs in a f34 container FWIW. Hi Colin, For now, you could use this copr repo - https://copr.fedorainfracloud.org/coprs/saprasad/openssl-3.0/packages/ I haven't been able to update it to the latest alpha build yet, I'll do it soon. Yes, koji stream has the latest build. I will send out an email to fedora-devel, but it is better to do it after OpenSSL 3.0 upstream beta release. Thank you! hi @sahana, could you also share your package source git branch? (I don't see it in https://src.fedoraproject.org/fork/saprasad/rpms/openssl) thanks fwiw, swtpm update will need the following fix: https://github.com/openssl/openssl/pull/15589 OpenSSL3 beta is out, do we have some updated repository for testing in Fedora? What's the plan now? Hi Mark and Milan, I have updated my fork with Beta2 version https://src.fedoraproject.org/fork/saprasad/rpms/openssl/c/d75b7182b4d72123511204489c90f64895ca67ba?branch=rawhide Here is a scratch build you could try: https://koji.fedoraproject.org/koji/taskinfo?taskID=73207867 Just FYI: I have tested cryptsetup with OpenSSL3.0 (beta1+) on different distro that provides it as a separate installable package. (I had discussed some issues found directly with upstream). All changes needed for cryptsetup are in rawhide already, rebuild only is needed. It is quite complicated to test OpenSSL3 build on rawhide today if half of the system packages still depends on older OpenSSL. I would definitely prefer rawhide has OpenSSL3 by *default* but this is up to you (and yes, I read the discussion on list). But the situation will change once Argon2 hashing is merged to OpenSSL 3.1 (it is the current plan upstream and we are directly involved in this). We would like to switch to native Argon2 implementation in OpenSSL3.1 ASAP. It would be nice if OpenSSL3.1 appears in rawhide much sooner. Thanks. (In reply to Milan Broz from comment #14) > Just FYI: I have tested cryptsetup with OpenSSL3.0 (beta1+) on different > distro that provides it as a separate installable package. (I had discussed > some issues found directly with upstream). All changes needed for cryptsetup > are in rawhide already, rebuild only is needed. It is quite complicated to > test OpenSSL3 build on rawhide today if half of the system packages still > depends on older OpenSSL. > > I would definitely prefer rawhide has OpenSSL3 by *default* but this is up > to you (and yes, I read the discussion on list). The plan is to bring OpenSSL 3.0 around August 10th into rawhide. Does this timeline work for you? If not, I'll look into what else could be done. Let me know. > > But the situation will change once Argon2 hashing is merged to OpenSSL 3.1 > (it is the current plan upstream and we are directly involved in this). We > would like to switch to native Argon2 implementation in OpenSSL3.1 ASAP. It > would be nice if OpenSSL3.1 appears in rawhide much sooner. Noted, thanks for the heads up. > > Thanks. (In reply to Sahana Prasad from comment #15) > The plan is to bring OpenSSL 3.0 around August 10th into rawhide. > Does this timeline work for you? If not, I'll look into what else could be > done. As I said, for cryptsetup we are ready already today (in rawhide), just run rebuild with the updated OpenSSL, so it is ok for us. Deferring to F36, per Change owner. OpenSSL 3.0.0 is available in rawhide now. Kindly port your packages to build with OpenSSL 3.0.0. I will try a rebuild of all the failed packages after 2/3 weeks and report FTBFS bugs. Thank you. What is the name of the compat package? I'm looking for something like, "If you want to build against OpenSSL 3.0 you need to use this package as buildreq: openssl-devel… I you want to build against old OpenSSL 1.1 you need to use compat-openssl11-devel…" Ah, I think I found it. It is openssl1.1, correct?
dnf --disablerepo='*' --enablerepo=rawhide --releasever=36 repoquery --queryformat '%{name}.%{arch} : %{reponame}' openssl\*
openssl-devel.i686 : rawhide
openssl-devel.x86_64 : rawhide
openssl-gost-engine.x86_64 : rawhide
openssl-ibmpkcs11.x86_64 : rawhide
openssl-libs.i686 : rawhide
openssl-libs.x86_64 : rawhide
openssl-perl.x86_64 : rawhide
openssl-pkcs11.i686 : rawhide
openssl-pkcs11.x86_64 : rawhide
openssl.x86_64 : rawhide
openssl1.1-devel.i686 : rawhide
openssl1.1-devel.x86_64 : rawhide
openssl1.1.i686 : rawhide
openssl1.1.x86_64 : rawhide
yes it is openssl1.1 OpenSSL 3.0.0 build are blocked due to: https://bugzilla.redhat.com/show_bug.cgi?id=2047295 I would be great to get some help. I would like to merge this PR asap. https://src.fedoraproject.org/rpms/openssl/pull-request/19 This bug appears to have been reported against 'rawhide' during the Fedora Linux 36 development cycle. Changing version to 36. Today we reached the Code Complete (testable) milestone in the F36 schedule: https://fedorapeople.org/groups/schedule/f-36/f-36-key-tasks.html All code for this change should be complete enough for testing. You can indicate this by setting the bug status to MODIFIED. (If the code is fully complete, you can go ahead and set it to ON_QA.) If you need to defer this Change to F37, please needinfo bcotton. We have reached the 'Change complete (100% complete)' deadline in the Fedora Linux 36 release schedule. At this time, all Changes should be fully complete. Indicate this by setting this tracking bug to ON_QA. If you need to defer this Change to a subsequent release, please needinfo me. Looks like everything is fully implemented, so I'll set this to ON_QA. If that's not correct, please let me know ASAP. F36 was released today. If this Change did not land in the release, please notify bcotton as soon as possible. |