We will temporarily need the compatibility version of the OpenSSL library with the 1.1.1 version. The package will be dropped once everything builds against the openssl-3.0 version. Spec URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01661303-compat-openssl11/compat-openssl11.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01661303-compat-openssl11/compat-openssl11-1.1.1g-1.fc34.src.rpm Description: The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Fedora Account System Username: tmraz
Note that the naming scheme for compat packages has been changed a few years ago. See: https://docs.fedoraproject.org/en-US/packaging-guidelines/Naming/#multiple So, the package name should probably be "openssl1.1", not "compat-openssl11".
We have compat-openssl10. Would it be less confusing to have compat-openssl10 and openssl1.1? I am not sure.
Following this argument, you'd have to keep doing the "old" way of naming packages in perpetuity, since compat-openssl10 and compat-openssl11 (and compat-openssl30, compat-openssl40, etc.) already exist, so this isn't going to change. You should switch to the new way of naming compat packages at some point, so why not start now?
These packages should be temporary so at some not so far in future point they should disappear. The 3.0 ABI should be stable for many years so when the openssl3.0 compat package would need to be introduced that will be the right point.
After discussion on Fedora devel I was persuaded to rename the package to openssl1.1 Spec URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01668161-openssl1.1/openssl1.1.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01668161-openssl1.1/openssl1.1-1.1.1g-1.fc34.src.rpm
Removed useless capi engine. Spec URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01683381-openssl1.1/openssl1.1.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/tmraz/openssl-3.0/fedora-rawhide-x86_64/01683381-openssl1.1/openssl1.1-1.1.1g-2.fc34.src.rpm
Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - Package installs properly. Note: Installation errors (see attachment) See: https://docs.fedoraproject.org/en-US/packaging-guidelines/ ===== MUST items ===== C/C++: [ ]: Package does not contain kernel modules. [ ]: Package contains no static executables. [ ]: Development (unversioned) .so files in -devel subpackage, if present. Note: Unversioned so-files in private %_libdir subdirectory (see attachment). Verify they are not in ld path. [x]: If your application is a C or C++ application you must list a BuildRequires against gcc, gcc-c++ or clang. [x]: Header files in -devel subpackage, if present. [x]: ldconfig not called in %post and %postun for Fedora 28 and later. [x]: Package does not contain any libtool archives (.la) [x]: Rpath absent or only used for internal libs. Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "OpenSSL License", "BSD 4-clause "Original" or "Old" License Apache License 1.0", "OpenSSL License BSD 2-clause "Simplified" License", "Apache License 2.0", "Public domain OpenSSL License", "OpenSSL License Apache License 2.0", "OpenSSL License BSD 3-clause "New" or "Revised" License", "GNU Lesser General Public License", "The Perl 5 License GPL (v2 or later) (with incorrect FSF address)". 1062 files have unknown license. Detailed output of licensecheck in /root/review-openssl1.1/licensecheck.txt [x]: License file installed when any subpackage combination is installed. [x]: If the package is under multiple licenses, the licensing breakdown must be documented in the spec. [x]: Package does not own files or directories owned by other packages. Note: Dirs in package are owned also by: /usr/lib64/engines-1.1(openssl-libs), /usr/include/openssl(openssl- devel) [x]: %build honors applicable compiler flags or justifies otherwise. [?]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [x]: Development files must be in a -devel package [?]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. {Note that the devel subpackage intentionally conflicts with main openssl-devel as simultaneous use of both openssl package cannot be encouraged } [-]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Useful -debuginfo package or justification otherwise. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 665600 bytes in 7 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. license(s) for the package is included in %license. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [!]: Uses parallel make %{?_smp_mflags} macro. [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [-]: Fully versioned dependency in subpackages if applicable. Note: No Requires: %{name}%{?_isa} = %{version}-%{release} in openssl1.1-devel [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [x]: Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SourceX tarball generation or download is documented. Note: Package contains tarball without URL, check comments [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [?]: Package should compile and build into binary rpms on all supported architectures. [?]: %check is present and all tests pass. [?]: Packages should try to preserve timestamps of original installed files. [?]: Spec use %global instead of %define unless justified. files. [?]: Spec use %global instead of %define unless justified. Note: %define requiring justification: %define soversion 1.1, %define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64, %define __spec_install_post %{?__debug_package:%{__debug_install_post}} %{__arch_install_post} %{__os_install_post} crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac %{nil}, %define __provides_exclude_from %{_libdir}/openssl [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: The placement of pkgconfig(.pc) files are correct. [x]: SourceX is a working URL. ===== EXTRA items ===== Generic: [!]: Rpmlint is run on all installed packages. Note: Mock build failed See: https://docs.fedoraproject.org/en-US/packaging- guidelines/#_use_rpmlint [ ]: Large data in /usr/share should live in a noarch subpackage if package is arched. Note: Arch-ed rpms have a total of 4454400 bytes in /usr/share [x]: Spec file according to URL is the same as in SRPM. Installation errors ------------------- INFO: mock.py version 2.6 starting (python version = 3.8.5)... Start: init plugins INFO: selinux enabled Finish: init plugins INFO: Signal handler active Start: run Start: chroot init INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache INFO: enabled root cache INFO: enabled package manager cache Start: cleaning package manager metadata Finish: cleaning package manager metadata INFO: enabled HW Info plugin Mock Version: 2.6 INFO: Mock Version: 2.6 Finish: chroot init INFO: installing package(s): /root/review-openssl1.1/results/openssl1.1-debugsource-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-devel-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-debuginfo-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-1.1.1g-2.fc34.x86_64.rpm ERROR: Command failed: # /usr/bin/dnf --installroot /var/lib/mock/fedora-rawhide-x86_64/root/ --releasever 34 --setopt=deltarpm=False --allowerasing --disableplugin=local --disableplugin=spacewalk install /root/review-openssl1.1/results/openssl1.1-debugsource-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-devel-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-debuginfo-1.1.1g-2.fc34.x86_64.rpm /root/review-openssl1.1/results/openssl1.1-1.1.1g-2.fc34.x86_64.rpm --setopt=tsflags=nocontexts {This is because it confilict with previous existing version of OpenSSL which is expected as mentioned in the above comment for package should not contain a conflict. Note that the devel subpackage intentionally conflicts with main openssl-devel as simultaneous use of both openssl package cannot be encouraged } Rpmlint ------- Checking: openssl1.1-1.1.1g-2.fc34.x86_64.rpm openssl1.1-devel-1.1.1g-2.fc34.x86_64.rpm openssl1.1-debuginfo-1.1.1g-2.fc34.x86_64.rpm openssl1.1-debugsource-1.1.1g-2.fc34.x86_64.rpm openssl1.1-1.1.1g-2.fc34.src.rpm openssl1.1.x86_64: W: incoherent-version-in-changelog 1.1.1g-2 ['1:1.1.1g-2.fc34', '1:1.1.1g-2'] openssl1.1.x86_64: W: hidden-file-or-dir /usr/lib64/.libcrypto.so.1.1.1g.hmac openssl1.1.x86_64: W: hidden-file-or-dir /usr/lib64/.libcrypto.so.1.1.hmac openssl1.1.x86_64: W: hidden-file-or-dir /usr/lib64/.libssl.so.1.1.1g.hmac openssl1.1.x86_64: W: hidden-file-or-dir /usr/lib64/.libssl.so.1.1.hmac openssl1.1.src: W: strange-permission hobble-openssl 775 openssl1.1.src:350: W: macro-in-comment %{_prefix} openssl1.1.src:174: W: mixed-use-of-spaces-and-tabs (spaces: line 7, tab: line 174) openssl1.1.src: W: invalid-url Source0: openssl-1.1.1g-hobbled.tar.xz 5 packages and 0 specfiles checked; 0 errors, 9 warnings. Unversioned so-files -------------------- openssl1.1: /usr/lib64/engines-1.1/afalg.so openssl1.1: /usr/lib64/engines-1.1/padlock.so Requires -------- openssl1.1 (rpmlib, GLIBC filtered): libc.so.6()(64bit) libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0i)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1)(64bit) libdl.so.2()(64bit) libpthread.so.0()(64bit) libz.so.1()(64bit) rtld(GNU_HASH) openssl1.1-devel (rpmlib, GLIBC filtered): /usr/bin/pkg-config libcrypto.so.1.1()(64bit) libssl.so.1.1()(64bit) openssl1.1-libs(x86-64) pkgconfig pkgconfig(libcrypto) pkgconfig(libssl) openssl1.1-debuginfo (rpmlib, GLIBC filtered): openssl1.1-debugsource (rpmlib, GLIBC filtered): Provides -------- openssl1.1: libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0a)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0c)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0d)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0f)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0g)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0h)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0i)(64bit) libcrypto.so.1.1(OPENSSL_1_1_0j)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1b)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1c)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1d)(64bit) libcrypto.so.1.1(OPENSSL_1_1_1e)(64bit) libssl.so.1.1()(64bit) libssl.so.1.1(OPENSSL_1_1_0)(64bit) libssl.so.1.1(OPENSSL_1_1_0d)(64bit) libssl.so.1.1(OPENSSL_1_1_1)(64bit) libssl.so.1.1(OPENSSL_1_1_1a)(64bit) openssl1.1 openssl1.1(x86-64) openssl1.1-devel: openssl1.1-devel: openssl1.1-devel openssl1.1-devel(x86-64) pkgconfig(libcrypto) pkgconfig(libssl) pkgconfig(openssl) openssl1.1-debuginfo: debuginfo(build-id) openssl1.1-debuginfo openssl1.1-debuginfo(x86-64) openssl1.1-debugsource: openssl1.1-debugsource openssl1.1-debugsource(x86-64) Generated by fedora-review 0.7.5 (5fa5b7e) last change: 2020-02-16 Command line :/usr/bin/fedora-review -u https://bugzilla.redhat.com/show_bug.cgi?id=1879067#c6 Buildroot used: fedora-rawhide-x86_64 Active plugins: Generic, C/C++, Shell-api Disabled plugins: PHP, Haskell, Python, SugarActivity, Perl, Ocaml, R, Java, fonts Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH Package LGTM!
(fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/openssl1.1
I can't manage to install it: [niko@fedora ~]$ sudo dnf install openssl1.1 Last metadata expiration check: 1:00:25 ago on Mon 10 May 2021 10:19:25 AM CEST. Error: Problem: problem with installed package openssl-libs-1:1.1.1k-1.fc34.x86_64 - package openssl1.1-1:1.1.1i-2.fc34.i686 conflicts with openssl-libs < 1:3.0 provided by openssl-libs-1:1.1.1k-1.fc34.x86_64 - conflicting requests - package openssl1.1-1:1.1.1i-2.fc34.x86_64 conflicts with openssl-libs < 1:3.0 provided by openssl-libs-1:1.1.1k-1.fc34.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages) [niko@fedora ~]$ sudo dnf list installed | grep openssl apr-util-openssl.x86_64 1.6.1-16.fc34 @anaconda openssl-libs.x86_64 1:1.1.1k-1.fc34 @anaconda openssl-pkcs11.x86_64 0.4.11-2.fc34 @anaconda xmlsec1-openssl.x86_64 1.2.29-3.fc34 @anaconda Any idea why?
Because there is no openssl-libs ≥ 1:3.0 in Fedora yet. The latest one is 1:1.1.1k-1.fc35.