On 11/15/2018 09:46 AM, renodr via blfs-dev wrote:
On 2018-11-15 09:34, Jean-Marc Pigeon via blfs-dev wrote:
Hello,
On 11/15/2018 10:04 AM, Stephen Berman wrote:
[....]
Trouble ahead compiling sendmail (and other?)
using opessl-1.1.1?
Comments?, something I am overlooking?
I don't think so but do try to compile sendmail with openssl-1.0.2p.
I'm pretty sure it will work fine :)
No.
I am very doubtful you can have both openssl-1.0.2p and openssl-1.1.1
within the same system.
I can dispell your doubts. As I reported in response to your OP (see
http://lists.linuxfromscratch.org/pipermail/blfs-dev/2018-November/035071.html),
I have built and use sendmail in BLFS 8.3, i.e. sendmail-8.15 with
openssl-1.0.2p. I've also installed openssl-1.1.1. I've noticed no
problems.
(My reply also went to [email protected] but it bounced, so it if Jean-Marc is
not following the list, he'll have missed it; perhaps someone can point
him to the list archive.)
Steve Berman
Ok...
Hmmm, rather reluctant to have 2 libraries named openssl
and as critical to applications.
Meaning (lets say) sendmail is using openssl-1.0 and
openssh using openssl-1.1 within the same packaging
set. As you don't know which application is using
what, difficult to assess a library bug impact on
application.
According my understanding, openssl-1.0 won't be
"alive" after 2019 (one year from now).
Better to move to openssl-1.1. no?
A year is a long time for things to change.
Some applications still don't support the API and ABI changes that
OpenSSL made with little notice to downstreams yet. It takes time for
things to move. Sendmail isn't the only package in the book that
requires a patch for this. Some others include liboauth and cyrus-sasl
(IIRC), and the liboauth patch already needs updating.
Our instructions for the openssl-1.0 API make it so that we only install
the headers and libraries, and we do so in a separate location from
where the standard libraries would be installed. We solve this problem
by installing symbolic links to the older versions of the libraries that
*only* use 1.0.0 at the end for the version, so that they do not
conflict with the newer version. As I said before, we only install the
headers and libraries, it's safe. We also modify the pkg-config .pc
files to report /usr/include/openssl-1.0 instead of /usr/include to
prevent clobbering of the new version. Since we don't install any
executables, it makes that easy too.
It appears that Jean-Marc did not look a the sendmail instructions in
BLFS. To me it is pretty obvious that everything is installed in
/usr/{lib,include}/openssl-1.0.
I would like to remove openssl-1.0 from BLFS, but currently it is still
needed for qca, kf5, mailx, and sendmail. Of these, mailx is the oldest
at April 2011 and sendmail is from March 2016.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
