"Lai, Peter C PW" <peter.lai2%prattwhitney.com@localhost> writes: > Actually it is not. It's 1.0.2k in order to maintain support for FIPS > compliance, but RH backports important security fixes. > Here's the mk.conf snippet to force linking to RH 1.0.2k There was an API change from 1.0 and 1.1. Many upstream packages autodetect and cope. Some things in pkgsrc have been patched for 1.1. My impression is that we don't require packages to build with 1.0. > # required to build against RHEL FIPS OpenSSL > PREFER_NATIVE= openssl curl zlib > USE_BUILTIN.openssl= yes > PREFER.openssl= native > USE_BUILTIN.zlib= yes > USE_BUILTIN.ncurses= yes > PREFER.zlib= native > > Works for everything I've built so far (curl, git-base, python, pgsql, perl/p5 ssl modules, nginx) Interesting that this works without doing something to allow 1.0. Perfectly ok for you to do that if it works for you. But I'd say if some package doesn't build, that's not a pkgsrc bug since pkgsrc is on 1.1 But maybe there is some expanded notion and I am unaware of it.
Attachment:
signature.asc
Description: PGP signature