Bug 440560

Summary: Review Request: openssl098b - The OpenSSL toolkit
Product: [Fedora] Fedora Reporter: Michel Alexandre Salim <michel>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-26 20:31:36 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 201449    
Attachments:
Description Flags
Result of rebuilding F8's openssl in F9/Rawhide none

Description Michel Alexandre Salim 2008-04-03 21:12:18 EDT
Spec URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b.spec
SRPM URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b-0.9.8b-1.fc9.src.rpm
Description:
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

This is a compatibility package, so that programs compiled against F8's openssl can be used on F9. Note that some of the tests have been disabled, because the X509 test failed on F9 (rebuilding F8's openssl also fails at the same point)

Spec diff:
--- openssl.spec	2007-10-15 11:20:47.000000000 -0400
+++ openssl098b.spec	2008-04-03 20:54:05.000000000 -0400
@@ -19,9 +19,9 @@
 %define optimize_arches i686
 
 Summary: The OpenSSL toolkit
-Name: openssl
+Name: openssl098b
 Version: 0.9.8b
-Release: 17%{?dist}
+Release: 1%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -106,7 +106,7 @@
 from other formats to the formats used by the OpenSSL toolkit.
 
 %prep
-%setup -q
+%setup -q -n openssl-%{version}
 
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
@@ -204,7 +204,7 @@
 # Verify that what was compiled actually works.
 LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
 export LD_LIBRARY_PATH
-make -C test apps tests
+make -C test apps # tests: commenting out, does not build on F9
 %{__cc} -o openssl-thread-test \
 	`krb5-config --cflags` \
 	-I./include \
@@ -332,6 +332,23 @@
 # Remove fips fingerprint script 
 rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 
+# Remove files not used by compatibility packages.
+rm -fr $RPM_BUILD_ROOT/%{_bindir}
+rm -fr $RPM_BUILD_ROOT/%{_sysconfdir}
+rm -fr $RPM_BUILD_ROOT/%{_datadir}/ssl
+rm -fr $RPM_BUILD_ROOT/%{_includedir}
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.a
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so.*
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/openssl
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+rm -fr $RPM_BUILD_ROOT/%{_mandir}
+
+# Fix CHANGES file: contains ISO-8859 characters
+sed -i 's|\xe4|ae|g' CHANGES
+sed -i 's|\xf6|oe|g' CHANGES
+
+
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
@@ -341,51 +358,17 @@
 %doc doc/README doc/c-indentation.el doc/openssl.txt
 %doc doc/openssl_button.html doc/openssl_button.gif
 %doc doc/ssleay.txt
-%dir %{_sysconfdir}/pki/tls
-%dir %{_sysconfdir}/pki/tls/certs
-%{_sysconfdir}/pki/tls/certs/make-dummy-cert
-%{_sysconfdir}/pki/tls/certs/Makefile
-%{_sysconfdir}/pki/tls/cert.pem
-%dir %{_sysconfdir}/pki/tls/misc
-%{_sysconfdir}/pki/tls/misc/CA
-%dir %{_sysconfdir}/pki/CA
-%dir %{_sysconfdir}/pki/CA/private
-%{_sysconfdir}/pki/tls/misc/c_*
-%{_sysconfdir}/pki/tls/private
-
-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
-
-%attr(0755,root,root) %{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.%{version}
 %attr(0755,root,root) /%{_lib}/*.so.%{soversion}
-%attr(0755,root,root) %{_libdir}/openssl
-%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
-%attr(0644,root,root) %{_mandir}/man5*/*
-%attr(0644,root,root) %{_mandir}/man7*/*
-
-%ifnarch %{optimize_arches}
-%files devel
-%defattr(-,root,root)
-%{_prefix}/include/openssl
-%attr(0644,root,root) %{_libdir}/*.a
-%attr(0755,root,root) %{_libdir}/*.so
-%attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
-
-%files perl
-%defattr(-,root,root)
-%attr(0755,root,root) %{_bindir}/c_rehash
-%attr(0644,root,root) %{_mandir}/man1*/*.pl*
-%dir %{_sysconfdir}/pki/tls/misc
-%{_sysconfdir}/pki/tls/misc/*.pl
-%endif
 
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Apr  3 2008 Michel Salim <salimma@fedoraproject.org> 0.9.8b-1
+- change to a compatibility package by renaming and cutting the files lists
+
 * Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
 - update to new CA bundle from mozilla.org
Comment 1 Michel Alexandre Salim 2008-04-03 21:13:21 EDT
Thomas, any idea what's causing the X509 test in openssl 0.9.8b to fail on F9?
Comment 2 Tomas Mraz 2008-04-04 05:16:51 EDT
I'm not sure - can you attach the log here?
Comment 3 Michel Alexandre Salim 2008-04-10 14:17:58 EDT
Created attachment 302039 [details]
Result of rebuilding F8's openssl in F9/Rawhide
Comment 4 Tomas Mraz 2008-04-11 05:45:07 EDT
If you look at the log you can see multiple warnings like this:
pem_x509.c: In function 'PEM_read_X509':
pem_x509.c:68: warning: function called through a non-compatible type
pem_x509.c:68: note: if this code is reached, the program will abort

This is the most probable culprit. You would have to backport the code from
0.9.8g but I am not sure it would not break the ABI. The other easier
possibility is to use the compat gcc compiler if it is allowed by package
guidelines.
Comment 5 Michel Alexandre Salim 2008-04-11 11:41:11 EDT
Downgrading to gcc34 requires turning off several options such as the stack
protector. Um. Not sure that's desirable.

The best option is to have a compat-gcc41, seeing as a lot of these problems are
due to the extra-strictness of GCC 4.3. What do you think?
Comment 6 Tomas Mraz 2008-04-11 11:53:23 EDT
(In reply to comment #5)
> Downgrading to gcc34 requires turning off several options such as the stack
> protector. Um. Not sure that's desirable.
But openssl098b as a compat library should be used only by third party software
anyway so I don't see it as a critical problem.
 
> The best option is to have a compat-gcc41, seeing as a lot of these problems are
> due to the extra-strictness of GCC 4.3. What do you think?
This is a question for someone else (jakub as he is the gcc maintainer perhaps).
Comment 7 Jason Tibbitts 2008-07-02 22:00:27 EDT
So has there been any progress?  Someone was asking for an openssl098b package
on IRC the other day, but I'm not sure its feasible.
Comment 8 Jason Tibbitts 2008-08-10 16:36:19 EDT
It's been over a month since the last ping with no response; setting NEEDINFO.  I'll close ticket soon if there is no response.
Comment 9 Michel Alexandre Salim 2008-08-26 20:31:36 EDT
Can't actually remember what package I needed openssl098b for, so I'll just close the bug. Someone else can pick it up.