Hi Martin, I will fix the Origin today. I was not sure of the naming convention for the patches, so I kept the same name as in fedora but used the version of openssl that we were patching. If you prefer, I can instead use exact same name as fedora. I actually pulled my patches from Fedora Rawhide's source tree, https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/source/tree/Packages/o/ directory. I downloaded openssl source rpm and the fips patches were in the SOURCES directory. The SRPM is openssl-1.0.2g-3.fc25.src.rpm. I used this because it seem to be the most recent at the time.
I just did a diff with my ctor patch and the one in fedora's SRPM I used and is pretty much the same. Please advice if I should indicate above URL in Origin for DEP3 header and use the exact same patch names. Also, thanks so much Martin for helping me with all this!! :-) On Wed, Apr 13, 2016 at 1:48 AM, Martin Pitt <[email protected]> wrote: > > Dividing up the patch proved to be a challenge but was the right thing > to do. > > Many thanks for doing this! > > Can you please fix the "Origin: > http://dl.fedoraproject.org/pub/fedora/linux/development"; fields still? > They should point to a particular patch in a place like > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/, but that does > not have "openssl-1.0.2g-fips-ctor.patch", only "openssl-1.0.2a-fips- > ctor.patch". Although the patch there is almost identical, except for > some patch header noise. So I suppose pointing to those is fine (bonus > points if you just add the DEP-3 patch header but otherwise leave the > patch intact, but that's not a biggie). > > But e. g. your openssl-1.0.2g-fips-ec.patch has quite a lot of changes > compared to > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2a-fips-ec.patch (Note, Ubuntu modifications should go into openssl-1.0 > .2g-ubuntu-fips-cleanup.patch). Same for > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2f-new-fips-reqs.patch. > > Current Fedora rawhide's package is openssl1.0.2g as well, just like > our's, so these patches ought to be identical? > > Maybe you took them from a different branch, but the Fedora 24 version > http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/plain/openssl-1.0 > .2f-new-fips-reqs.patch?h=f24 is also different than your's. > > > Weird, but the fedora patches were not independent of each other. > > That's quite normal, and it would actually be a surprise if patches that > are this big were independent. > > I'll upload this now so that we can see the autopkgtests against this > version, and we have at least a few days of testing this in the wild > before the final release. But please still clean up the patches as above > (Origin: and patches differing from Fedora) with a follow-up upload. > > Thanks for bearing with me! > > ** Changed in: openssl (Ubuntu) > Status: Incomplete => In Progress > > ** Changed in: openssl (Ubuntu) > Assignee: (unassigned) => Joy Latten (j-latten) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1553309 > > Title: > [FFe]: Include FIPS 140-2 into openssl package > > Status in openssl package in Ubuntu: > In Progress > > Bug description: > This is a request for a Feature Freeze Exception to include FIPS 140-2 > selftest into the openssl package in preparation for the FIPS 140-2 > compliance for 16.0.4. > This patchset will : > - add ability to config, compile, run with fips option enabled > - add the selftest files to crypto/fips directory. > - minor changes to several algorithms in crypto directory to ensure the > selftest compile successfully when fips is enabled. > > The selftest will be initiated externally at this point and not > internally. > Hope to have a test package ready early next week. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
