Bug 440560 - Review Request: openssl098b - The OpenSSL toolkit
Summary: Review Request: openssl098b - The OpenSSL toolkit
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-04-04 01:12 UTC by Michel Alexandre Salim
Modified: 2008-08-27 01:21 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-08-27 00:31:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Result of rebuilding F8's openssl in F9/Rawhide (344.81 KB, text/plain)
2008-04-10 18:17 UTC, Michel Alexandre Salim
no flags Details

Description Michel Alexandre Salim 2008-04-04 01:12:18 UTC
Spec URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b.spec
SRPM URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b-0.9.8b-1.fc9.src.rpm
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and

This is a compatibility package, so that programs compiled against F8's openssl can be used on F9. Note that some of the tests have been disabled, because the X509 test failed on F9 (rebuilding F8's openssl also fails at the same point)

Spec diff:
--- openssl.spec	2007-10-15 11:20:47.000000000 -0400
+++ openssl098b.spec	2008-04-03 20:54:05.000000000 -0400
@@ -19,9 +19,9 @@
 %define optimize_arches i686
 Summary: The OpenSSL toolkit
-Name: openssl
+Name: openssl098b
 Version: 0.9.8b
-Release: 17%{?dist}
+Release: 1%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -106,7 +106,7 @@
 from other formats to the formats used by the OpenSSL toolkit.
-%setup -q
+%setup -q -n openssl-%{version}
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
@@ -204,7 +204,7 @@
 # Verify that what was compiled actually works.
-make -C test apps tests
+make -C test apps # tests: commenting out, does not build on F9
 %{__cc} -o openssl-thread-test \
 	`krb5-config --cflags` \
 	-I./include \
@@ -332,6 +332,23 @@
 # Remove fips fingerprint script 
 rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
+# Remove files not used by compatibility packages.
+rm -fr $RPM_BUILD_ROOT/%{_bindir}
+rm -fr $RPM_BUILD_ROOT/%{_sysconfdir}
+rm -fr $RPM_BUILD_ROOT/%{_datadir}/ssl
+rm -fr $RPM_BUILD_ROOT/%{_includedir}
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.a
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so.*
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/openssl
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+rm -fr $RPM_BUILD_ROOT/%{_mandir}
+# Fix CHANGES file: contains ISO-8859 characters
+sed -i 's|\xe4|ae|g' CHANGES
+sed -i 's|\xf6|oe|g' CHANGES
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@@ -341,51 +358,17 @@
 %doc doc/README doc/c-indentation.el doc/openssl.txt
 %doc doc/openssl_button.html doc/openssl_button.gif
 %doc doc/ssleay.txt
-%dir %{_sysconfdir}/pki/tls
-%dir %{_sysconfdir}/pki/tls/certs
-%dir %{_sysconfdir}/pki/tls/misc
-%dir %{_sysconfdir}/pki/CA
-%dir %{_sysconfdir}/pki/CA/private
-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
-%attr(0755,root,root) %{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.%{version}
 %attr(0755,root,root) /%{_lib}/*.so.%{soversion}
-%attr(0755,root,root) %{_libdir}/openssl
-%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
-%attr(0644,root,root) %{_mandir}/man5*/*
-%attr(0644,root,root) %{_mandir}/man7*/*
-%ifnarch %{optimize_arches}
-%files devel
-%attr(0644,root,root) %{_libdir}/*.a
-%attr(0755,root,root) %{_libdir}/*.so
-%attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
-%files perl
-%attr(0755,root,root) %{_bindir}/c_rehash
-%attr(0644,root,root) %{_mandir}/man1*/*.pl*
-%dir %{_sysconfdir}/pki/tls/misc
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
+* Thu Apr  3 2008 Michel Salim <salimma@fedoraproject.org> 0.9.8b-1
+- change to a compatibility package by renaming and cutting the files lists
 * Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
 - update to new CA bundle from mozilla.org

Comment 1 Michel Alexandre Salim 2008-04-04 01:13:21 UTC
Thomas, any idea what's causing the X509 test in openssl 0.9.8b to fail on F9?

Comment 2 Tomas Mraz 2008-04-04 09:16:51 UTC
I'm not sure - can you attach the log here?

Comment 3 Michel Alexandre Salim 2008-04-10 18:17:58 UTC
Created attachment 302039 [details]
Result of rebuilding F8's openssl in F9/Rawhide

Comment 4 Tomas Mraz 2008-04-11 09:45:07 UTC
If you look at the log you can see multiple warnings like this:
pem_x509.c: In function 'PEM_read_X509':
pem_x509.c:68: warning: function called through a non-compatible type
pem_x509.c:68: note: if this code is reached, the program will abort

This is the most probable culprit. You would have to backport the code from
0.9.8g but I am not sure it would not break the ABI. The other easier
possibility is to use the compat gcc compiler if it is allowed by package

Comment 5 Michel Alexandre Salim 2008-04-11 15:41:11 UTC
Downgrading to gcc34 requires turning off several options such as the stack
protector. Um. Not sure that's desirable.

The best option is to have a compat-gcc41, seeing as a lot of these problems are
due to the extra-strictness of GCC 4.3. What do you think?

Comment 6 Tomas Mraz 2008-04-11 15:53:23 UTC
(In reply to comment #5)
> Downgrading to gcc34 requires turning off several options such as the stack
> protector. Um. Not sure that's desirable.
But openssl098b as a compat library should be used only by third party software
anyway so I don't see it as a critical problem.
> The best option is to have a compat-gcc41, seeing as a lot of these problems are
> due to the extra-strictness of GCC 4.3. What do you think?
This is a question for someone else (jakub as he is the gcc maintainer perhaps).

Comment 7 Jason Tibbitts 2008-07-03 02:00:27 UTC
So has there been any progress?  Someone was asking for an openssl098b package
on IRC the other day, but I'm not sure its feasible.

Comment 8 Jason Tibbitts 2008-08-10 20:36:19 UTC
It's been over a month since the last ping with no response; setting NEEDINFO.  I'll close ticket soon if there is no response.

Comment 9 Michel Alexandre Salim 2008-08-27 00:31:36 UTC
Can't actually remember what package I needed openssl098b for, so I'll just close the bug. Someone else can pick it up.

Note You need to log in before you can comment on or make changes to this bug.