[CentOS] Can we trust RedHat encryption tools?

Tue Jan 7 14:14:54 UTC 2014
James B. Byrne <byrnejb at harte-lyne.ca>

On Mon, January 6, 2014 16:51, m.roth at 5-cent.us wrote:

>
> Looks like it's rtrying to install it, not just build it. In the first
> example, you're trying to replace the existing /usr/bin/strip, which only
> root can do. Are you doing make, or make install?
>

I started out by using the openssl.spec file for openssl-1.0.1f directly from
openssl.org. The contents of that file are provided at
http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=openssl.spec;hb=HEAD.
 What I then do download the source from openssl.org and put that into
~/rpmbuild/SOURCES and extract it. I then copy
~/rpmbuild/SOURCES/openssl-1.0.1f/openssl.spec into ~/rpmbuild/SPECS and run
the following commands:

mock --buildsrpm   --sources=./rpmbuild/SOURCES  
--spec=./rpmbuild/SPECS/openssl.spec

mock --no-clean --rebuild --root=default 
/var/lib/mock/epel-6-x86_64/result/openssl-1.0.1f-1.src.rpm

This gives the error reported above.  I realize that this is a naive approach
but I after looking at the Redhat openssl.spec file I thought it best to start
with the base files provided by the origin and work out any build problems one
by one making the absolute minimum number of changes possible.

The nearest equivalent Redhat openssl.spec file that I found is that used by
Fedora 20 for openssl-1.0.1e and its contents are displayed here:
http://pkgs.fedoraproject.org/cgit/openssl.git/tree/openssl.spec?h=f20

>From what I have read elsewhere, Fedora/Redhat openssl begins with a set of
modified source files.  The spec file additionally applies about 43 patch
files of which 27 alter the functionality of the package.  It is not within my
ability to determine what effect of the modifications to the source and these
additional patches have on the integrity of the openssl provided with RHEL. 
Is there any third party in our community which does?


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3