Bug 1964825

Summary: rpm-ostree: Port to OpenSSL 3.0
Product: Red Hat Enterprise Linux 9 Reporter: Sahana Prasad <sahana>
Component: rpm-ostreeAssignee: Colin Walters <walters>
Status: CLOSED CURRENTRELEASE QA Contact: Micah Abbott <miabbott>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, fweimer, jistone, jlebon, jwboyer, miabbott, mnguyen, sahana, smilner
Target Milestone: betaKeywords: Triaged
Target Release: 9.0 Beta   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rpm-ostree-2021.5-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-24 12:04:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1958021    

Comment 1 Florian Weimer 2021-05-26 10:38:37 UTC 
To me it looks like the failure comes from the vendored openssl-sys crate. The rust package had a similar problem, maybe you can use the changes from there.
Comment 4 Colin Walters 2021-05-26 16:33:18 UTC 
> To me it looks like the failure comes from the vendored openssl-sys crate. The rust package had a similar problem, maybe you can use the changes from there.

xref https://bugzilla.redhat.com/show_bug.cgi?id=1948976
Comment 5 Colin Walters 2021-05-26 16:59:03 UTC 
Chasing a bunch of links here, it looks like there was a small patch here which implies the latest openssl crate supports this:
https://gitlab.com/redhat/centos-stream/rpms/rust/-/blob/c9s/rust-openssl-300.patch
Yet the PR in https://github.com/sfackler/rust-openssl/pull/1264 isn't merged?
Comment 6 Josh Stone 2021-05-26 18:06:57 UTC 
For the rust package, I added a new Source which is a git snapshot of that pr1264, and then in %prep I'm replacing vendor/openssl*/ with it.

The Cargo.lock version patch is needed because that pr is based on the master version, which is already ahead of what was vendored. You might be able to just remove the lock file to let it regenerate during the build, but I knew that wouldn't work well with Rust's own bootstrap build process.

There's also the pesky .cargo-checksum.json in each vendored crate, which rust.spec is already hacking to clear its file list. Note that my Cargo.lock patch did *not* change the crate checksum, which needs to match that json value.

It's all very hacky, but... it's temporary.