X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mx1.tetrasec.net (mx1.tetrasec.net [74.117.190.25]) by lists.alpinelinux.org (Postfix) with ESMTP id 31A1C5C5894 for ; Thu, 25 Oct 2018 09:29:56 +0000 (GMT) Received: from mx1.tetrasec.net (mail.local [127.0.0.1]) by mx1.tetrasec.net (Postfix) with ESMTP id E7BBB9E1D8D; Thu, 25 Oct 2018 09:29:55 +0000 (GMT) Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: alpine@tanael.org) by mx1.tetrasec.net (Postfix) with ESMTPSA id D34829E00F8; Thu, 25 Oct 2018 09:29:54 +0000 (GMT) Date: Thu, 25 Oct 2018 11:29:49 +0200 From: Natanael Copa To: Timo Teras Cc: William Pitcock , Alpine Development Subject: Re: [alpine-devel] Re: openssl 1.1 support Message-ID: <20181025112949.6f869895@ncopa-desktop.copa.dup.pw> In-Reply-To: <20181024203810.3970da20@vostro> References: <20181024171950.2343fefd@ncopa-desktop.copa.dup.pw> <20181024203810.3970da20@vostro> X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 24 Oct 2018 20:38:10 +0300 Timo Teras wrote: > > I have currently disabled weak crypto in openssl configure, I am not > > sure we need any of those, so I would appreciate some feedback there. > > I have also built it with no-async for now, but I think we may need > > enable it for nodejs. > > Ok. no-async should work with libucontext. Need to figure out how to > ship libucontext - as per-package dependency+extra LIBS flag; or > somehow sneak it in to libc-dev? I don't think we want sneak it in to libc-dev. I prefer handle it per-package. I think we can remove the no-async and link with libucontext when the need arises. > > Timo, Do you think you can help with add support for openssl 1.1 to > > apk-tools? Can you also look over the patch list[1] and see if there > > are some of those patches that we need? I suspect we need > > 0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if > > you can confirm that. > > Ok. Yes, they made some structs hidden, so need to go through the code > to allocate those dynamically. I'll work on this. Not sure if I get it > done this week - I'll try, but it may be early next week at worst case > when I get to this. > > I'll look at the patches too. From top of my head, I think we don't > need 100[1-4], they target VIA Padlock. I used to do them for specific > need, but I don't need them anymore. > > 0003-use-termios.patch is not needed if it builds. It builds without it. > 0004 we may need. To double check. Ok, this is then only one left that needs checking then. > 0009 we may need, it can be verified by checking rpath of > libraries/openssl binary with readelf. Though, they seemed to revamped > the build system so this needs to be checked. Seems like its not needed: ncopa-edge-x86_64:~/aports/testing/openssl$ scanelf -Rr pkg/ TYPE RPATH FILE ET_DYN - pkg/openssl/usr/bin/openssl ET_DYN - pkg/libssl1.1/lib/libssl.so.1.1 ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/libssl.so.1.1.debug ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/libcrypto.so.1.1.debug ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/capi.so.debug ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/padlock.so.debug ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/lib/engines-1.1/afalg.so.debug ET_DYN - pkg/openssl-dbg/usr/lib/debug/usr/bin/openssl.debug ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/capi.so ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/padlock.so ET_DYN - pkg/libcrypto1.1/usr/lib/engines-1.1/afalg.so ET_DYN - pkg/libcrypto1.1/lib/libcrypto.so.1.1 -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---