Bug 788528

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

------- Comment From hellerda.com 2014-07-15 16:05 EDT-------
Hi Red Hat,

After reviewing this internally we think this may be a rpmbuild problem in your environment.  Note that the "openssl.cnf.sample.in" contains the following:

dynamic_path = @libdir@/libibmca.so

I took a look at your src rpm from RHEL6.5 GA, "openssl-ibmca-1.2.0-2.el6_2.1.src.rpm", and I see you are using the upstream "tarball openssl-ibmca-1.2.0.tar.gz" as a foundation.  And the "openssl.cnf.sample.in" file does contain the above line, so that looks good.

However, looking at your .spec file I do see a few differences from the sample .spec contained in the tarball.  Please compare your file to the one in the ./rpm/ directory of the tarball.  One difference that jumps out: the upstream spec has the following under the "%build" directive:

%build
autoreconf --force --install
export CFLAGS="$RPM_OPT_FLAGS"
export CPPFLAGS="$RPM_OPT_FLAGS"
./configure --with-engines-dir=%_libdir/engines
make

whereas your file has:

%build
%configure
make %{?_smp_mflags}

I'm guessing that the missing cmdline option for the "configure" is the culprit.  If not it is probably some similar problem in the rpmbuild.

Can you please review your .spec file to determine why your "openssl.cnf.sample" is getting built with the wrong path?

unfortunatelly the --with-engines-dir option is not understood by the configure script and also the Makefile.am template, it probably worked in the past

from build log:
...
+ ./configure --build=s390x-ibm-linux-gnu --host=s390x-ibm-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-engines-dir=/usr/lib64/openssl/engines
configure: WARNING: unrecognized options: --with-engines-dir
...

as a result %{_libdir} is used instead and the correct location must be fixed manually in the spec file

------- Comment From hannsj_uhl.com 2014-07-18 10:34 EDT-------
Comment from  Joy M. Latten :

Created commit dd408045bae1 on
http://sourceforge.net/p/opencryptoki/ibmca/ci/master/tree/.
This commit updates README and adds a comment in the openssl.cnf.sample that dynamic_path parameter must be set accordingly.

Hello Red Hat / Dan,
... will this bugzilla also be resolved with the coming RHEL6.7 ..?
Please advise ..
Thanks for your support.

Hello Red Hat / Dan,
... will this bugzilla still be resolved with RHEL6.7 ...?
Please confirm or advise ..
Thanks for your support.

(In reply to Hanns-Joachim Uhl from comment #9)
> Hello Red Hat / Dan,
> ... will this bugzilla still be resolved with RHEL6.7 ...?
> Please confirm or advise ..
> Thanks for your support.

no, only very limited set of changes was allowed for the fastrack erratum

Hello,
This was not able to be fixed in RHEL 6.8. This is now requested for RHEL 6.9.

Thank You
Joe Kachuck

Hello,
Due to where we are in the RHEL 6.9 release. This will not make RHEL 6.9. This is now requested for RHEL 6.10.

Thank You
Joe Kachuck

Hello,
RHEL 6 has entered Phase 3. In phase 3 only Critical impact Security Advisories and selected Urgent Priority Bug Fix Advisories will be accepted.
https://access.redhat.com/support/policy/updates/errata

At current this BZ does not meet these requirements. I am closing this BZ as WONTFIX.

Please reopen if this fix is required for RHEL 6. If so please also provide a justification for this fix.

Thank You
Joe Kachuck