Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TASK: Drop all openssl-devel-engine dependencies #202

Open
10 of 11 tasks
yselkowitz opened this issue Sep 27, 2024 · 11 comments
Open
10 of 11 tasks

TASK: Drop all openssl-devel-engine dependencies #202

yselkowitz opened this issue Sep 27, 2024 · 11 comments
Assignees
Labels
blocked This ticket cannot proceed until a dependency is met cleanup Removal of deprecated or unwanted packages

Comments

@yselkowitz
Copy link
Member

yselkowitz commented Sep 27, 2024

What does the ELN SIG need to do?

  • In RHEL 10, the OpenSSL ENGINE API is deprecated, the <openssl/engine.h> header is not provided, and OPENSSL_NO_ENGINE is defined by default.
  • In Fedora 41, the ENGINE API is deprecated, the header is shipped in a separate subpackage, and (currently) as of Fedora 42, OPENSSL_NO_ENGINE is defined if engine.h is absent. (The latter is on its way to F41 as well.)
  • ELN is currently following Fedora rather than RHEL in this matter.
  • The following packages BuildRequires: openssl-devel-engine in ELN. Some of these may not need that when OPENSSL_NO_ENGINE is defined, but others may still need patches to build or work without ENGINE.
  • Once nothing depends on ENGINE anymore, the -devel-engine subpackage should be disabled in ELN.

https://tiny.distro.builders/view-rpm--view-eln--openssl-devel-engine.html

  • asio
  • ceph
  • curl
  • freeradius
  • openssl-pkcs11 (UNWANTED)
  • python-awscrt
  • qatengine (convert to provider)
  • rsyslog
  • systemd
  • tpm2-tss
  • xmlsec1

(TODO: check ELN Extras build dependencies)

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/qatengine/pull-request/4

@yselkowitz yselkowitz added help wanted Extra attention is needed cleanup Removal of deprecated or unwanted packages labels Oct 22, 2024
@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/asio/pull-request/7

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/curl/pull-request/37

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/freeradius/pull-request/6

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/python-awscrt/pull-request/207

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/systemd/pull-request/169

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/xmlsec1/pull-request/6

@yselkowitz
Copy link
Member Author

rsyslog upstream discussion: rsyslog/rsyslog#5429

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/ceph/pull-request/17

@yselkowitz
Copy link
Member Author

https://src.fedoraproject.org/rpms/tpm2-tss/pull-request/13

@yselkowitz yselkowitz removed the help wanted Extra attention is needed label Dec 12, 2024
@yselkowitz
Copy link
Member Author

The last openssl-devel-engine build dependent is openssl-pkcs11, which is itself an engine and therefore by definition unwanted in ELN. Removing that means porting the IPA stack to bind 9.20: https://gitlab.com/redhat/centos-stream/rpms/bind-dyndb-ldap/-/merge_requests/15#note_2271421326

@yselkowitz yselkowitz added the blocked This ticket cannot proceed until a dependency is met label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked This ticket cannot proceed until a dependency is met cleanup Removal of deprecated or unwanted packages
Projects
None yet
Development

No branches or pull requests

2 participants