Bug 440560 - Review Request: openssl098b - The OpenSSL toolkit
Review Request: openssl098b - The OpenSSL toolkit
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-DEADREVIEW
  Show dependency treegraph
 
Reported: 2008-04-03 21:12 EDT by Michel Alexandre Salim
Modified: 2008-08-26 21:21 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-26 20:31:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Result of rebuilding F8's openssl in F9/Rawhide (344.81 KB, text/plain)
2008-04-10 14:17 EDT, Michel Alexandre Salim
no flags Details

  None (edit)
Description Michel Alexandre Salim 2008-04-03 21:12:18 EDT
Spec URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b.spec
SRPM URL: http://salimma.fedorapeople.org/for_review/compat/openssl098b-0.9.8b-1.fc9.src.rpm
Description:
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

This is a compatibility package, so that programs compiled against F8's openssl can be used on F9. Note that some of the tests have been disabled, because the X509 test failed on F9 (rebuilding F8's openssl also fails at the same point)

Spec diff:
--- openssl.spec	2007-10-15 11:20:47.000000000 -0400
+++ openssl098b.spec	2008-04-03 20:54:05.000000000 -0400
@@ -19,9 +19,9 @@
 %define optimize_arches i686
 
 Summary: The OpenSSL toolkit
-Name: openssl
+Name: openssl098b
 Version: 0.9.8b
-Release: 17%{?dist}
+Release: 1%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -106,7 +106,7 @@
 from other formats to the formats used by the OpenSSL toolkit.
 
 %prep
-%setup -q
+%setup -q -n openssl-%{version}
 
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
@@ -204,7 +204,7 @@
 # Verify that what was compiled actually works.
 LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
 export LD_LIBRARY_PATH
-make -C test apps tests
+make -C test apps # tests: commenting out, does not build on F9
 %{__cc} -o openssl-thread-test \
 	`krb5-config --cflags` \
 	-I./include \
@@ -332,6 +332,23 @@
 # Remove fips fingerprint script 
 rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 
+# Remove files not used by compatibility packages.
+rm -fr $RPM_BUILD_ROOT/%{_bindir}
+rm -fr $RPM_BUILD_ROOT/%{_sysconfdir}
+rm -fr $RPM_BUILD_ROOT/%{_datadir}/ssl
+rm -fr $RPM_BUILD_ROOT/%{_includedir}
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.a
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/*.so.*
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/openssl
+rm -fr $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
+rm -fr $RPM_BUILD_ROOT/%{_mandir}
+
+# Fix CHANGES file: contains ISO-8859 characters
+sed -i 's|\xe4|ae|g' CHANGES
+sed -i 's|\xf6|oe|g' CHANGES
+
+
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
@@ -341,51 +358,17 @@
 %doc doc/README doc/c-indentation.el doc/openssl.txt
 %doc doc/openssl_button.html doc/openssl_button.gif
 %doc doc/ssleay.txt
-%dir %{_sysconfdir}/pki/tls
-%dir %{_sysconfdir}/pki/tls/certs
-%{_sysconfdir}/pki/tls/certs/make-dummy-cert
-%{_sysconfdir}/pki/tls/certs/Makefile
-%{_sysconfdir}/pki/tls/cert.pem
-%dir %{_sysconfdir}/pki/tls/misc
-%{_sysconfdir}/pki/tls/misc/CA
-%dir %{_sysconfdir}/pki/CA
-%dir %{_sysconfdir}/pki/CA/private
-%{_sysconfdir}/pki/tls/misc/c_*
-%{_sysconfdir}/pki/tls/private
-
-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
-
-%attr(0755,root,root) %{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.%{version}
 %attr(0755,root,root) /%{_lib}/*.so.%{soversion}
-%attr(0755,root,root) %{_libdir}/openssl
-%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
-%attr(0644,root,root) %{_mandir}/man5*/*
-%attr(0644,root,root) %{_mandir}/man7*/*
-
-%ifnarch %{optimize_arches}
-%files devel
-%defattr(-,root,root)
-%{_prefix}/include/openssl
-%attr(0644,root,root) %{_libdir}/*.a
-%attr(0755,root,root) %{_libdir}/*.so
-%attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
-
-%files perl
-%defattr(-,root,root)
-%attr(0755,root,root) %{_bindir}/c_rehash
-%attr(0644,root,root) %{_mandir}/man1*/*.pl*
-%dir %{_sysconfdir}/pki/tls/misc
-%{_sysconfdir}/pki/tls/misc/*.pl
-%endif
 
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Apr  3 2008 Michel Salim <salimma@fedoraproject.org> 0.9.8b-1
+- change to a compatibility package by renaming and cutting the files lists
+
 * Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
 - update to new CA bundle from mozilla.org
Comment 1 Michel Alexandre Salim 2008-04-03 21:13:21 EDT
Thomas, any idea what's causing the X509 test in openssl 0.9.8b to fail on F9?
Comment 2 Tomas Mraz 2008-04-04 05:16:51 EDT
I'm not sure - can you attach the log here?
Comment 3 Michel Alexandre Salim 2008-04-10 14:17:58 EDT
Created attachment 302039 [details]
Result of rebuilding F8's openssl in F9/Rawhide
Comment 4 Tomas Mraz 2008-04-11 05:45:07 EDT
If you look at the log you can see multiple warnings like this:
pem_x509.c: In function 'PEM_read_X509':
pem_x509.c:68: warning: function called through a non-compatible type
pem_x509.c:68: note: if this code is reached, the program will abort

This is the most probable culprit. You would have to backport the code from
0.9.8g but I am not sure it would not break the ABI. The other easier
possibility is to use the compat gcc compiler if it is allowed by package
guidelines.
Comment 5 Michel Alexandre Salim 2008-04-11 11:41:11 EDT
Downgrading to gcc34 requires turning off several options such as the stack
protector. Um. Not sure that's desirable.

The best option is to have a compat-gcc41, seeing as a lot of these problems are
due to the extra-strictness of GCC 4.3. What do you think?
Comment 6 Tomas Mraz 2008-04-11 11:53:23 EDT
(In reply to comment #5)
> Downgrading to gcc34 requires turning off several options such as the stack
> protector. Um. Not sure that's desirable.
But openssl098b as a compat library should be used only by third party software
anyway so I don't see it as a critical problem.
 
> The best option is to have a compat-gcc41, seeing as a lot of these problems are
> due to the extra-strictness of GCC 4.3. What do you think?
This is a question for someone else (jakub as he is the gcc maintainer perhaps).
Comment 7 Jason Tibbitts 2008-07-02 22:00:27 EDT
So has there been any progress?  Someone was asking for an openssl098b package
on IRC the other day, but I'm not sure its feasible.
Comment 8 Jason Tibbitts 2008-08-10 16:36:19 EDT
It's been over a month since the last ping with no response; setting NEEDINFO.  I'll close ticket soon if there is no response.
Comment 9 Michel Alexandre Salim 2008-08-26 20:31:36 EDT
Can't actually remember what package I needed openssl098b for, so I'll just close the bug. Someone else can pick it up.

Note You need to log in before you can comment on or make changes to this bug.