Spec URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b.spec SRPM URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b-0.9.8b-1.fc9.src.rpm Description: The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This is a compatibility package, so that programs compiled against F8's openssl can be used on F9. Note that some of the tests have been disabled, because the X509 test failed on F9 (rebuilding F8's openssl also fails at the same point) Spec diff: --- openssl.spec 2007-10-15 11:20:47.000000000 -0400 +++ openssl098b.spec 2008-04-03 20:54:05.000000000 -0400 @@ -19,9 +19,9 @@ %define optimize_arches i686 Summary: The OpenSSL toolkit -Name: openssl +Name: openssl098b Version: 0.9.8b -Release: 17%{?dist} +Release: 1%{?dist} Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -106,7 +106,7 @@ from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q +%setup -q -n openssl-%{version} %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -204,7 +204,7 @@ # Verify that what was compiled actually works. LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH -make -C test apps tests +make -C test apps # tests: commenting out, does not build on F9 %{__cc} -o openssl-thread-test \ `krb5-config --cflags` \ -I./include \ @@ -332,6 +332,23 @@ # Remove fips fingerprint script rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint +# Remove files not used by compatibility packages. +rm -fr $RPM_BUILD_ROOT/%{_bindir} +rm -fr $RPM_BUILD_ROOT/%{_sysconfdir} +rm -fr $RPM_BUILD_ROOT/%{_datadir}/ssl +rm -fr $RPM_BUILD_ROOT/%{_includedir} +rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.a +rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so +rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so.* +rm -fr $RPM_BUILD_ROOT/%{_libdir}/openssl +rm -fr $RPM_BUILD_ROOT/%{_libdir}/pkgconfig +rm -fr $RPM_BUILD_ROOT/%{_mandir} + +# Fix CHANGES file: contains ISO-8859 characters +sed -i 's|\xe4|ae|g' CHANGES +sed -i 's|\xf6|oe|g' CHANGES + + %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT @@ -341,51 +358,17 @@ %doc doc/README doc/c-indentation.el doc/openssl.txt %doc doc/openssl_button.html doc/openssl_button.gif %doc doc/ssleay.txt -%dir %{_sysconfdir}/pki/tls -%dir %{_sysconfdir}/pki/tls/certs -%{_sysconfdir}/pki/tls/certs/make-dummy-cert -%{_sysconfdir}/pki/tls/certs/Makefile -%{_sysconfdir}/pki/tls/cert.pem -%dir %{_sysconfdir}/pki/tls/misc -%{_sysconfdir}/pki/tls/misc/CA -%dir %{_sysconfdir}/pki/CA -%dir %{_sysconfdir}/pki/CA/private -%{_sysconfdir}/pki/tls/misc/c_* -%{_sysconfdir}/pki/tls/private - -%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf -%config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt - -%attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) /%{_lib}/*.so.%{version} %attr(0755,root,root) /%{_lib}/*.so.%{soversion} -%attr(0755,root,root) %{_libdir}/openssl -%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]* -%attr(0644,root,root) %{_mandir}/man5*/* -%attr(0644,root,root) %{_mandir}/man7*/* - -%ifnarch %{optimize_arches} -%files devel -%defattr(-,root,root) -%{_prefix}/include/openssl -%attr(0644,root,root) %{_libdir}/*.a -%attr(0755,root,root) %{_libdir}/*.so -%attr(0644,root,root) %{_mandir}/man3*/* -%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc - -%files perl -%defattr(-,root,root) -%attr(0755,root,root) %{_bindir}/c_rehash -%attr(0644,root,root) %{_mandir}/man1*/*.pl* -%dir %{_sysconfdir}/pki/tls/misc -%{_sysconfdir}/pki/tls/misc/*.pl -%endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %changelog +* Thu Apr 3 2008 Michel Salim <salimma> 0.9.8b-1 +- change to a compatibility package by renaming and cutting the files lists + * Mon Oct 15 2007 Joe Orton <jorton> 0.9.8b-17 - update to new CA bundle from mozilla.org
Thomas, any idea what's causing the X509 test in openssl 0.9.8b to fail on F9?
I'm not sure - can you attach the log here?
Created attachment 302039 [details] Result of rebuilding F8's openssl in F9/Rawhide
If you look at the log you can see multiple warnings like this: pem_x509.c: In function 'PEM_read_X509': pem_x509.c:68: warning: function called through a non-compatible type pem_x509.c:68: note: if this code is reached, the program will abort This is the most probable culprit. You would have to backport the code from 0.9.8g but I am not sure it would not break the ABI. The other easier possibility is to use the compat gcc compiler if it is allowed by package guidelines.
Downgrading to gcc34 requires turning off several options such as the stack protector. Um. Not sure that's desirable. The best option is to have a compat-gcc41, seeing as a lot of these problems are due to the extra-strictness of GCC 4.3. What do you think?
(In reply to comment #5) > Downgrading to gcc34 requires turning off several options such as the stack > protector. Um. Not sure that's desirable. But openssl098b as a compat library should be used only by third party software anyway so I don't see it as a critical problem. > The best option is to have a compat-gcc41, seeing as a lot of these problems are > due to the extra-strictness of GCC 4.3. What do you think? This is a question for someone else (jakub as he is the gcc maintainer perhaps).
So has there been any progress? Someone was asking for an openssl098b package on IRC the other day, but I'm not sure its feasible.
It's been over a month since the last ping with no response; setting NEEDINFO. I'll close ticket soon if there is no response.
Can't actually remember what package I needed openssl098b for, so I'll just close the bug. Someone else can pick it up.