> On Dec 13, 2016, at 11:09 AM, Jeffrey Johnson <n3...@me.com> wrote: > >> >> On Dec 13, 2016, at 8:34 AM, Alexander Kanavin >> <alexander.kana...@linux.intel.com >> <mailto:alexander.kana...@linux.intel.com>> wrote: >> >> On 12/09/2016 06:11 PM, Jeffrey Johnson wrote: >>> Good: you appear to have +beecrypt (for digests) and +libtomcrypt >>> (recommended >>> because of ECDSA and stable) and +openssl (what Yocto wants last I heard). >> >> Speaking of openssl, it was actually quietly being disabled, because I >> didn't have the -dev package installed. After the openssl headers appeared, >> there's a bunch of new errors: >> >> rpmssl.c: In function ‘rpmsslGenerate’: >> rpmssl.c:629:29: error: dereferencing pointer to incomplete type ‘EVP_PKEY >> {aka struct evp_pkey_st}’ >> if (EVP_PKEY_type(ssl->pkey->type) == EVP_PKEY_EC) { >> ^~ >> What this means is that rpm needs to be ported to openssl 1.1 - they made a >> lot of previously open structures opaque in that version, with accessor >> functions (and maybe there are other issues). >> > > Likely: Fedora/Centos tend to back port fixes rather than upgrade versions: > > $ rpm -q openssl > openssl-1.0.2j-1.fc24.x86_64 > > FWIW, the versions of pre-reqs are listed in INSTALL. >
FYI: most of the openssl-1.1.0 port in rpm is now done. I’ve done “Do no harm testing.” with openssl-1.0.2j, will get to detailed openssl-1.1.0 testing as soon as I see a platform that distributes with openssl-1.1.0 (likely Fedora 26, not yet Fedora 25). AFAIK, what remains on my todo++ list is 1) the amalgamated mongo-c-driver needs to be updated I disabled openssl support with openssl-1.1.0 for now. 2) libtpm needs to be updated Nothing in rpm needs/uses libtpm atm: libtpm is included with rpm for scan.coverity.com static analysis and portability canary testing. 3_ implicit dependencies in various embeddings like paso-mqtt and ruby etc. None of these are critical to RPM. 73 de Jeff