[Re-sending ...]
I would like to ask why upstream and CentOS provide no compat-openssl packages like Novell does in SUSE.
We are trying to install binaries for gLite (a huge toolkit for grid computing linked against upstream v4 libraries) on CentOS 5. I was under the impression that this would be possible because v5 is "binary-compatible" with v4. But it seems this "binary compatibility" doesn't extend to OpenSSL. What, then, is the scope of the upstream and CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; is this significant?)
We will probably want to roll our own compat-openssl packages to provide the relevant libssl and libcrypto .so files, using e.g. compat-openldap as an example. Is this something we could contribute? It doesn't seem to exist yet in any repositories linked from http://wiki.centos.org/HowToContribute/Packages.
Assuming it makes sense to contribute this, we'd want to do it right. Could anyone outline steps to make the packages secure and compatible? For example, is it sufficient to roll up the .so files from the CentOS 4.xopenssl packages into rpms and add Requires tags for .so files from compat-glibc?
Thanks in advance for any help!
-- Ed
Ed Schofield wrote:
Assuming it makes sense to contribute this, we'd want to do it right. Could anyone outline steps to make the packages secure and compatible? For example, is it sufficient to roll up the .so files from the CentOS 4.x openssl packages into rpms and add Requires tags for .so files from compat-glibc?
Thanks in advance for any help!
you need a clean .spec file that builds from pristine sources + patches. One option would be to base your spec off what is in openssl-centos4, that way you should just be able to follow upstream for bugfix and security issues.
once you have this done, post the .spec file and any patches you have to the centos-devel list. We'd then pick it up and move it via qa to the testing repo and then finally the Extras/ repo.
If you have any further questions, feel free to ask.
Ed Schofield wrote:
We are trying to install binaries for gLite (a huge toolkit for grid computing linked against upstream v4 libraries) on CentOS 5. I was under the impression that this would be possible because v5 is "binary-compatible" with v4. But it seems this "binary compatibility" doesn't extend to OpenSSL. What, then, is the scope of the upstream and CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; is this significant?)
btw, does openssl097a in centos5 not give you what you need ?
On Dec 13, 2007 11:23 AM, Karanbir Singh mail-lists@karan.org wrote:
btw, does openssl097a in centos5 not give you what you need ?
Thanks to both you and Scott for pointing this out. I had completely missed this. This will give us exactly what we need.
By the way, do you know why yum sees only the x86_64 version of this package? It seems necessary to fetch the i386 .rpm from a mirror as a workaround.
-- Ed
on 12/12/2007 4:56 PM Ed Schofield spake the following:
On Dec 13, 2007 11:23 AM, Karanbir Singh mail-lists@karan.org wrote:
btw, does openssl097a in centos5 not give you what you need ?
Thanks to both you and Scott for pointing this out. I had completely missed this. This will give us exactly what we need.
By the way, do you know why yum sees only the x86_64 version of this package? It seems necessary to fetch the i386 .rpm from a mirror as a workaround.
-- Ed
Yum tries to load packages that match your running architecture.
On Dec 13, 2007 12:00 PM, Scott Silva ssilva@sgvwater.com wrote:
on 12/12/2007 4:56 PM Ed Schofield spake the following:
On Dec 13, 2007 11:23 AM, Karanbir Singh mail-lists@karan.org wrote:
btw, does openssl097a in centos5 not give you what you need ?
Thanks to both you and Scott for pointing this out. I had completely missed this. This will give us exactly what we need.
By the way, do you know why yum sees only the x86_64 version of this package? It seems necessary to fetch the i386 .rpm from a mirror as a workaround.
Yum tries to load packages that match your running architecture.
What I'm wondering is why, although most packages have both i386 and x86_64 versions visible to my yum client, this isn't true for the openssl packages.
-- Ed
Ed Schofield wrote:
What I'm wondering is why, although most packages have both i386 and x86_64 versions visible to my yum client, this isn't true for the openssl packages.
in most cases, the backword or compat packages wont be multilib ok, and are only published for the arch they are hosted in. there are some exceptions, but this rule is mostly true.
if you look at http://mirror.centos.org/centos/5/os/x86_64/CentOS/ you can see all the packages included in the distro itself, not including any external repositories, and openssl097a is only published for x86_64 in the x86_64 tree.
btw, if you primary app is 32bit, why are you even running a x86_64 environment ?
On Dec 13, 2007 12:30 PM, Karanbir Singh mail-lists@karan.org wrote:
Ed Schofield wrote:
What I'm wondering is why, although most packages have both i386 and x86_64 versions visible to my yum client, this isn't true for the openssl packages.
in most cases, the backword or compat packages wont be multilib ok, and are only published for the arch they are hosted in. there are some exceptions, but this rule is mostly true.
if you look at http://mirror.centos.org/centos/5/os/x86_64/CentOS/ you can see all the packages included in the distro itself, not including any external repositories, and openssl097a is only published for x86_64 in the x86_64 tree.
Perfect. Thanks for the information.
btw, if you primary app is 32bit, why are you even running a x86_64 environment ?
I think it's because we're masochists and fools. ;)
-- Ed
on 12/12/2007 4:07 PM Ed Schofield spake the following:
[Re-sending ...]
I would like to ask why upstream and CentOS provide no compat-openssl packages like Novell does in SUSE.
We are trying to install binaries for gLite (a huge toolkit for grid computing linked against upstream v4 libraries) on CentOS 5. I was under the impression that this would be possible because v5 is "binary-compatible" with v4. But it seems this "binary compatibility" doesn't extend to OpenSSL. What, then, is the scope of the upstream and CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; is this significant?)
I don't think v5 is binary compatible with v4. CentOS only strives for binary compatibility with the upstream vendor's same release (IE... CentOS 4 with RHEL 4, etc...) Different versions usually include compatibility libraries to some older versions. Look at openssl097a rpm. It might have what you need.
We will probably want to roll our own compat-openssl packages to provide the relevant libssl and libcrypto .so files, using e.g. compat-openldap as an example. Is this something we could contribute? It doesn't seem to exist yet in any repositories linked from http://wiki.centos.org/HowToContribute/Packages.
Assuming it makes sense to contribute this, we'd want to do it right. Could anyone outline steps to make the packages secure and compatible? For example, is it sufficient to roll up the .so files from the CentOS 4.x openssl packages into rpms and add Requires tags for .so files from compat-glibc?
Thanks in advance for any help!
-- Ed
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Ed Schofield -
Karanbir Singh -
Scott Silva