Bug 2022907

Summary: Review Request: openssl3 - openssl 3.0 for EPEL8 (and possibly older Fedora releases)
Product: [Fedora] Fedora Reporter: Michel Lind <michel>
Component: Package ReviewAssignee: Neal Gompa <ngompa13>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: davide, markus.falb, ngompa13, package-review
Target Milestone: ---Flags: ngompa13: fedora-review+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-19 00:37:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michel Lind 2021-11-12 23:13:46 UTC 
Spec URL: https://salimma.fedorapeople.org/specs/libs/openssl3.spec
SRPM URL: https://salimma.fedorapeople.org/specs/libs/openssl3-3.0.0-3.el9.1.src.rpm
Description: openssl 3.0 for epel8, parallel installable with the default openssl 1.x. Meant to be kept in sync with c9s' openssl, see https://gitlab.com/michel-slm/openssl3/-/tree/epel8
Fedora Account System Username: salimma
Comment 1 Neal Gompa 2021-11-13 00:52:08 UTC 
Taking this review.
Comment 2 Michel Lind 2021-11-13 00:58:06 UTC 
dropping epoch in https://gitlab.com/michel-slm/openssl3/-/commit/b9a3ae826849e8a0dd40744c63973252616548bd per Neal's suggestion, as this is a new package
Comment 3 Neal Gompa 2021-11-13 12:36:52 UTC 
Conflicts with base packages are not allowed in EPEL, so you're going to need to make adjustments to eliminate the conflicts in all the generated packages.

That includes renaming the binaries to have a "3" suffix, adjusting all the file paths to not conflict, etc.

You can see an incomplete example of this for the EPEL7 openssl11 package: https://src.fedoraproject.org/rpms/openssl11/blob/db04e041f681575aab2a322512dd612c53b1106f/f/openssl11.spec#_420-456

In your case, you'll also need to deal with the Perl stuff too, since it's different in OpenSSL 3.
Comment 4 Michel Lind 2021-11-16 21:56:18 UTC 
(In reply to Neal Gompa from comment #3)
> Conflicts with base packages are not allowed in EPEL, so you're going to
> need to make adjustments to eliminate the conflicts in all the generated
> packages.
> 
> That includes renaming the binaries to have a "3" suffix, adjusting all the
> file paths to not conflict, etc.
> 
> You can see an incomplete example of this for the EPEL7 openssl11 package:
> https://src.fedoraproject.org/rpms/openssl11/blob/
> db04e041f681575aab2a322512dd612c53b1106f/f/openssl11.spec#_420-456
> 
> In your case, you'll also need to deal with the Perl stuff too, since it's
> different in OpenSSL 3.

Thanks, I'll rework this
Comment 5 Michel Lind 2021-11-17 21:48:46 UTC 
@Neal ok, updated now, borrowed the renaming code from openssl11. Confirmed that all the packages can now be installed in parallel. delta: https://gitlab.com/michel-slm/openssl3/-/commit/334ce5921b82294622c2a198b6b5f6c186c0a767

Installed:                                                                                                                                                         
  openssl3-3.0.0-3.el8.1.x86_64       openssl3-debuginfo-3.0.0-3.el8.1.x86_64       openssl3-debugsource-3.0.0-3.el8.1.x86_64  openssl3-devel-3.0.0-3.el8.1.x86_64 
  openssl3-libs-3.0.0-3.el8.1.x86_64  openssl3-libs-debuginfo-3.0.0-3.el8.1.x86_64

Installed:
  keyutils-libs-devel-1.5.10-9.el8.x86_64     krb5-devel-1.18.2-14.el8.x86_64     libcom_err-devel-1.45.6-2.el8.x86_64     libkadm5-1.18.2-14.el8.x86_64          
  libselinux-devel-2.9-5.el8.x86_64           libsepol-devel-2.9-3.el8.x86_64     libverto-devel-0.3.0-5.el8.x86_64        openssl-devel-1:1.1.1k-4.el8.x86_64    
  pcre2-devel-10.32-2.el8.x86_64              pcre2-utf16-10.32-2.el8.x86_64      pcre2-utf32-10.32-2.el8.x86_64           zlib-devel-1.2.11-17.el8.x86_64
Comment 6 Neal Gompa 2021-11-17 21:53:08 UTC 
Instead of using "%exclude" to exclude files from all subpackages, please delete them in %install phase. That keeps it compatible with latest versions of RPM which do not allow that behavior anymore.
Comment 7 Michel Lind 2021-11-17 22:26:50 UTC 
Oh, just realized I have two excludes left. Yanked. https://gitlab.com/michel-slm/openssl3/-/commit/b2de50c5285f46693912b932a1fbd8cfad83f0de
Comment 8 Neal Gompa 2021-11-17 23:03:43 UTC 
Review notes:

- Packaging follows naming guidelines
- Package licensing is indicated correctly
- Packaging builds and installs
- Packages do not conflict with base RHEL packages
- No serious issues from rpmlint

PACKAGE APPROVED.
Comment 9 Michel Lind 2021-11-17 23:07:29 UTC 
thanks!

$ fedpkg request-repo openssl3 2022907         
https://pagure.io/releng/fedora-scm-requests/issue/37609
Comment 10 Gwyn Ciesla 2021-11-18 16:48:12 UTC 
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/openssl3
Comment 11 Michel Lind 2021-11-18 18:07:37 UTC 
$ fedpkg request-branch epel8                    
https://pagure.io/releng/fedora-scm-requests/issue/37626
Comment 12 Fedora Update System 2021-11-18 20:26:35 UTC 
FEDORA-EPEL-2021-ff6e908f7e has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-ff6e908f7e
Comment 13 Fedora Update System 2021-11-19 00:37:44 UTC 
FEDORA-EPEL-2021-ff6e908f7e has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.