For an example of missing critical functionality, see this comment:
https://github.com/systemd/systemd/pull/29539#issuecomment-1760243611
Aside from that, trying to use the pkcs11 and tpm2 providers just ended up with
unintelligible errors being vomited on the console. No, I did not keep a copy
Dear Jun,
On Thu, Mar 21, 2024 at 2:29 PM Jun Aruga (he / him)
wrote:
> On Thu, Mar 21, 2024 at 12:16 PM Dmitry Belyavskiy
> wrote:
> >
> > Dear Jun,
> >
> >
> >
> > On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
> wrote:
> >>
> >> On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy
>
Hi Jan,
> On 21. Mar 2024, at 14:28, Jun Aruga (he / him) wrote:
>
>
> * https://github.com/ruby/openssl/issues/722
>> The Engine API was deprecated in OpenSSL 3 and there seems to be
> no alternatives for it at the moment using Provider API. The providers
> can only be loaded, but there seems
On Thu, Mar 21, 2024 at 12:16 PM Dmitry Belyavskiy wrote:
>
> Dear Jun,
>
>
>
> On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
> wrote:
>>
>> On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy
>> wrote:
>> >
>> ...
>> >> > == Detailed Description ==
>> >> > We are going to build OpenSSL
Dear Zbyszek,
On Thu, Mar 21, 2024 at 12:41 PM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> On Thu, Mar 21, 2024 at 12:15:43PM +0100, Dmitry Belyavskiy wrote:
>
> > > Hi Dmitry,
> > > Could you provide the upstream OpenSSL project's issue ticket(s) or
> > > pull-request(s) about
On Thu, Mar 21, 2024 at 12:15:43PM +0100, Dmitry Belyavskiy wrote:
> Dear Jun,
>
>
>
> On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
> wrote:
>
> > On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy
> > wrote:
> > >
> > ...
> > >> > == Detailed Description ==
> > >> > We are going to
Dear Jun,
On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
wrote:
> On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy
> wrote:
> >
> ...
> >> > == Detailed Description ==
> >> > We are going to build OpenSSL without engine support. Engines are not
> >> > FIPS compatible and
On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy wrote:
>
...
>> > == Detailed Description ==
>> > We are going to build OpenSSL without engine support. Engines are not
>> > FIPS compatible and corresponding API is deprecated since OpenSSL 3.0.
>> > The engine functionality we are aware of
On Wed, Mar 20, 2024 at 07:15:56PM +0100, Clemens Lang wrote:
> Hi,
>
> > On 20. Mar 2024, at 18:11, Joe Orton wrote:
> >
> > On Wed, Mar 20, 2024 at 02:05:52PM +, Daniel Berrange wrote:
> >> Another alternative is to continue providing fully functional engine
> >> symbols, but remove the
Hi,
> On 20. Mar 2024, at 18:11, Joe Orton wrote:
>
> On Wed, Mar 20, 2024 at 02:05:52PM +, Daniel Berrange wrote:
>> Another alternative is to continue providing fully functional engine
>> symbols, but remove the header files so in practice you can't compile
>> something new that uses it.
On Wed, Mar 20, 2024 at 6:52 PM Ali Erdinc Koroglu
wrote:
>
>
>
> On 08/03/2024 22:37, Aoife Moloney wrote:
> > Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
> >
> > This is a proposed Change for Fedora Linux.
> > This document represents a proposed Change. As part of the Changes
On 08/03/2024 22:37, Aoife Moloney wrote:
Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community
On Wed, Mar 20, 2024 at 02:05:52PM +, Daniel Berrange wrote:
> Another alternative is to continue providing fully functional engine
> symbols, but remove the header files so in practice you can't compile
> something new that uses it. This is still forking the API, but at least
> has not forked
On Wed, Mar 20, 2024 at 11:24 AM Daniel P. Berrangé wrote:
>
> On Wed, Mar 20, 2024 at 03:27:34PM +0100, Petr Pisar wrote:
> > V Wed, Mar 20, 2024 at 02:05:52PM +, Daniel P. Berrangé napsal(a):
> > > Consider you've built your own app on Fedora 39 that uses these
> > > symbols, and now
On Wed, Mar 20, 2024 at 03:27:34PM +0100, Petr Pisar wrote:
> V Wed, Mar 20, 2024 at 02:05:52PM +, Daniel P. Berrangé napsal(a):
> > Consider you've built your own app on Fedora 39 that uses these
> > symbols, and now upgrade to F40. RPM will consider the dependency
> > still satisfied, as the
On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
> > > == Benefit to Fedora ==
> > > We get rid of deprecated functionality and enforce using up-to-date
> > > API. Engine support is deprecated in OpenSSL upstream, and after
> > > provider migration caused some deficiencies with
On Wed, Mar 20, 2024 at 1:36 PM Dmitry Belyavskiy wrote:
>
> As I understand, upstream is going to remove engines but it wouldn't happen
> before OpenSSL 4.0
> I don't think Fedora should wait for that. We definitely want to land
> no-engine in RHEL10 so Fedora should be ready for that.
>
Dear Daniel,
On Wed, Mar 20, 2024 at 3:06 PM Daniel P. Berrangé
wrote:
> On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
> > Dear Daniel,
> >
> > On Wed, Mar 20, 2024 at 1:44 PM Daniel P. Berrangé
> > wrote:
> >
> > > On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney
Dear Fabio,
On Wed, Mar 20, 2024 at 3:18 PM Fabio Valentini
wrote:
> On Wed, Mar 20, 2024 at 3:06 PM Daniel P. Berrangé
> wrote:
> >
> > On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
>
> (...)
>
> > > As I understand, upstream is going to remove engines but it wouldn't
>
V Wed, Mar 20, 2024 at 02:05:52PM +, Daniel P. Berrangé napsal(a):
> Consider you've built your own app on Fedora 39 that uses these
> symbols, and now upgrade to F40. RPM will consider the dependency
> still satisfied, as the SONAME hasn't changed on libcrypto. The
> app throws linker errors
On Wed, Mar 20, 2024 at 3:06 PM Daniel P. Berrangé wrote:
>
> On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
(...)
> > As I understand, upstream is going to remove engines but it wouldn't happen
> > before OpenSSL 4.0
>
> That makes sense, as it solves the ELF ABI / SONAME
On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
> Dear Daniel,
>
> On Wed, Mar 20, 2024 at 1:44 PM Daniel P. Berrangé
> wrote:
>
> > On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
> > > Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
> > >
> > >
Dear Daniel,
On Wed, Mar 20, 2024 at 1:44 PM Daniel P. Berrangé
wrote:
> On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
> > Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
> >
> > This is a proposed Change for Fedora Linux.
> > This document represents a proposed
On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
> Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
>
> This is a proposed Change for Fedora Linux.
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order
There are 2 major issues with this:
1) A lot of site-specific build systems implement signing via
private/local/proprietary engines, which means those build systems will no
longer be able to run on Fedora (and if this spreads to CentOS/RHEL, those too)
2) Even open source providers are still
On Wed, Mar 20, 2024 at 10:04:13AM +0100, Dmitry Belyavskiy wrote:
> > Hi,
> >
> > In systemd, we recently added support for engines in various tools:
> > - systemd-{repart,measure} have --private-key-source=file|engine|provider
> > (this is C code).
> >
>
> As `provider` is a possible source,
On Срд, 20 сак 2024, Zbigniew Jędrzejewski-Szmek wrote:
On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
On Wed, 20 Mar 2024 at 09:05, Dmitry Belyavskiy wrote:
>
> Hi!
>
> On Wed, Mar 20, 2024 at 9:50 AM Zbigniew Jędrzejewski-Szmek
> wrote:
>>
>> On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
>> > Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
>> >
>> > This is a
Hi!
On Wed, Mar 20, 2024 at 9:50 AM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
> > Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
> >
> > This is a proposed Change for Fedora Linux.
> > This document
On Fri, Mar 08, 2024 at 08:37:19PM +, Aoife Moloney wrote:
> Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
>
> This is a proposed Change for Fedora Linux.
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order
Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if
Wiki - https://fedoraproject.org/wiki/Changes/OpensslNoEngine
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if
32 matches
Mail list logo
