pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Will OpenSSL 1.1l be back ported to 2021Q2?



"Lai, Peter C PW" <peter.lai2%prattwhitney.com@localhost> writes:

> Actually it is not. It's 1.0.2k in order to maintain support for FIPS
> compliance, but RH backports important security fixes.
> Here's the mk.conf snippet to force linking to RH 1.0.2k

There was an API change from 1.0 and 1.1.  Many upstream packages
autodetect and cope.  Some things in pkgsrc have been patched for 1.1.
My impression is that we don't require packages to build with 1.0.

> # required to build against RHEL FIPS OpenSSL
> PREFER_NATIVE=          openssl curl zlib
> USE_BUILTIN.openssl=    yes
> PREFER.openssl=         native
> USE_BUILTIN.zlib=       yes
> USE_BUILTIN.ncurses=    yes
> PREFER.zlib=            native
>
> Works for everything I've built so far (curl, git-base, python, pgsql, perl/p5 ssl modules, nginx)

Interesting that this works without doing something to allow 1.0.

Perfectly ok for you to do that if it works for you.  But I'd say if
some package doesn't build, that's not a pkgsrc bug since pkgsrc is on
1.1 But maybe there is some expanded notion and I am unaware of it.

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index