Mail archive
alpine-devel

Re: [alpine-devel] Re: openssl 1.1 support

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 25 Oct 2018 11:29:49 +0200

On Wed, 24 Oct 2018 20:38:10 +0300
Timo Teras <timo.teras_at_iki.fi> wrote:

> > I have currently disabled weak crypto in openssl configure, I am not
> > sure we need any of those, so I would appreciate some feedback there.
> > I have also built it with no-async for now, but I think we may need
> > enable it for nodejs.
>
> Ok. no-async should work with libucontext. Need to figure out how to
> ship libucontext - as per-package dependency+extra LIBS flag; or
> somehow sneak it in to libc-dev?

I don't think we want sneak it in to libc-dev. I prefer handle it
per-package.

I think we can remove the no-async and link with libucontext when the
need arises.

> > Timo, Do you think you can help with add support for openssl 1.1 to
> > apk-tools? Can you also look over the patch list[1] and see if there
> > are some of those patches that we need? I suspect we need
> > 0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if
> > you can confirm that.
>
> Ok. Yes, they made some structs hidden, so need to go through the code
> to allocate those dynamically. I'll work on this. Not sure if I get it
> done this week - I'll try, but it may be early next week at worst case
> when I get to this.
>
> I'll look at the patches too. From top of my head, I think we don't
> need 100[1-4], they target VIA Padlock. I used to do them for specific
> need, but I don't need them anymore.
>
> 0003-use-termios.patch is not needed if it builds.

It builds without it.
 
> 0004 we may need. To double check.

Ok, this is then only one left that needs checking then.

> 0009 we may need, it can be verified by checking rpath of
> libraries/openssl binary with readelf. Though, they seemed to revamped
> the build system so this needs to be checked.

Seems like its not needed:

ncopa-edge-x86_64:~/aports/testing/openssl$ scanelf -Rr pkg/
 TYPE RPATH FILE
ET_DYN - pkg/openssl/usr/bin/openssl
ET_DYN - pkg/libssl1.1/lib/libssl.so.1.1
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/libssl.so.1.1.debug
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/libcrypto.so.1.1.debug
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/capi.so.debug
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/padlock.so.debug
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/afalg.so.debug
ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/bin/openssl.debug
ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/capi.so
ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/padlock.so
ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/afalg.so
ET_DYN - pkg/libcrypto1.1/lib/libcrypto.so.1.1

 
-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Oct 25 2018 - 11:29:49 GMT