> On Dec 13, 2016, at 11:09 AM, Jeffrey Johnson <n3...@me.com> wrote:
>
>>
>> On Dec 13, 2016, at 8:34 AM, Alexander Kanavin
>> <alexander.kana...@linux.intel.com
>> <mailto:alexander.kana...@linux.intel.com>> wrote:
>>
>> On 12/09/2016 06:11 PM, Jeffrey Johnson wrote:
>>> Good: you appear to have +beecrypt (for digests) and +libtomcrypt
>>> (recommended
>>> because of ECDSA and stable) and +openssl (what Yocto wants last I heard).
>>
>> Speaking of openssl, it was actually quietly being disabled, because I
>> didn't have the -dev package installed. After the openssl headers appeared,
>> there's a bunch of new errors:
>>
>> rpmssl.c: In function ‘rpmsslGenerate’:
>> rpmssl.c:629:29: error: dereferencing pointer to incomplete type ‘EVP_PKEY
>> {aka struct evp_pkey_st}’
>> if (EVP_PKEY_type(ssl->pkey->type) == EVP_PKEY_EC) {
>> ^~
>> What this means is that rpm needs to be ported to openssl 1.1 - they made a
>> lot of previously open structures opaque in that version, with accessor
>> functions (and maybe there are other issues).
>>
>
> Likely: Fedora/Centos tend to back port fixes rather than upgrade versions:
>
> $ rpm -q openssl
> openssl-1.0.2j-1.fc24.x86_64
>
> FWIW, the versions of pre-reqs are listed in INSTALL.
>
FYI: most of the openssl-1.1.0 port in rpm is now done.
I’ve done “Do no harm testing.” with openssl-1.0.2j, will get to
detailed openssl-1.1.0 testing as soon as I see a platform that
distributes with openssl-1.1.0 (likely Fedora 26, not yet Fedora 25).
AFAIK, what remains on my todo++ list is
1) the amalgamated mongo-c-driver needs to be updated
I disabled openssl support with openssl-1.1.0 for now.
2) libtpm needs to be updated
Nothing in rpm needs/uses libtpm atm: libtpm is included with
rpm for scan.coverity.com static analysis and portability
canary testing.
3_ implicit dependencies in various embeddings like paso-mqtt and ruby
etc.
None of these are critical to RPM.
73 de Jeff
