Bug 1375361 - Set enginesdir in libcrypto.pc
Summary: Set enginesdir in libcrypto.pc
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-12 20:38 UTC by David Woodhouse
Modified: 2017-02-06 10:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-06 10:37:44 UTC
Type: Bug


Attachments (Terms of Use)

Description David Woodhouse 2016-09-12 20:38:59 UTC
From the next OpenSSL 1.0.2 and 1.1.0 release, libcrypto.pc will provide an 'enginesdir' variable.

Please make sure when we override enginesdir, we fix that too.

In fact we can fix things to provide enginesdir even before we update...

Comment 1 David Woodhouse 2016-09-24 18:26:30 UTC
This happened in 1.0.2i and it looks like openssl-1.0.2i-1.fc24 isn't fixed.

$ pkg-config --variable enginesdir libcrypto
/usr/lib64/engines

Comment 2 David Woodhouse 2016-09-24 19:45:02 UTC
I have pushed to git, but not built, a 1.0.2i-2 version for f23, f24, f25, master.

Comment 3 Tomas Mraz 2016-09-26 08:27:25 UTC
I think we should get the security update out and I'll make another update with this fix.

Comment 4 Tomas Mraz 2016-09-26 08:31:29 UTC
Or not. Let's do it at once.

Comment 5 David Woodhouse 2016-09-26 09:46:04 UTC
The latter was my intention when I preemptively filed the bug as soon as it landed in OpenSSL git :)

The point in having enginesdir in libcrypto.pc is that stuff can just trust it instead of having horrible distribution-specific hacks to find the right place.

I would be very sad if we ever shipped, even briefly, an update where it was present, but wrong. We really do need to *remove* it, or fix it. Preferably the latter.

I probably should have added a test case so that 'make check' fails if you forgot :)


Note You need to log in before you can comment on or make changes to this bug.