Ed Schofield
2007-Dec-13 00:07 UTC
[CentOS] OpenSSL binary compatibility between CentOS 4 and 5
[Re-sending ...] I would like to ask why upstream and CentOS provide no compat-openssl packages like Novell does in SUSE. We are trying to install binaries for gLite (a huge toolkit for grid computing linked against upstream v4 libraries) on CentOS 5. I was under the impression that this would be possible because v5 is "binary-compatible" with v4. But it seems this "binary compatibility" doesn't extend to OpenSSL. What, then, is the scope of the upstream and CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; is this significant?) We will probably want to roll our own compat-openssl packages to provide the relevant libssl and libcrypto .so files, using e.g. compat-openldap as an example. Is this something we could contribute? It doesn't seem to exist yet in any repositories linked from http://wiki.centos.org/HowToContribute/Packages. Assuming it makes sense to contribute this, we'd want to do it right. Could anyone outline steps to make the packages secure and compatible? For example, is it sufficient to roll up the .so files from the CentOS 4.xopenssl packages into rpms and add Requires tags for .so files from compat-glibc? Thanks in advance for any help! -- Ed -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071213/cf20f3dd/attachment-0002.html>
Karanbir Singh
2007-Dec-13 00:19 UTC
[CentOS] OpenSSL binary compatibility between CentOS 4 and 5
Ed Schofield wrote:> Assuming it makes sense to contribute this, we'd want to do it right. > Could anyone outline steps to make the packages secure and compatible? > For example, is it sufficient to roll up the .so files from the CentOS > 4.x openssl packages into rpms and add Requires tags for .so files from > compat-glibc? > > Thanks in advance for any help!you need a clean .spec file that builds from pristine sources + patches. One option would be to base your spec off what is in openssl-centos4, that way you should just be able to follow upstream for bugfix and security issues. once you have this done, post the .spec file and any patches you have to the centos-devel list. We'd then pick it up and move it via qa to the testing repo and then finally the Extras/ repo. If you have any further questions, feel free to ask. -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
Karanbir Singh
2007-Dec-13 00:23 UTC
[CentOS] OpenSSL binary compatibility between CentOS 4 and 5
Ed Schofield wrote:> We are trying to install binaries for gLite (a huge toolkit for grid > computing linked against upstream v4 libraries) on CentOS 5. I was under > the impression that this would be possible because v5 is > "binary-compatible" with v4. But it seems this "binary compatibility" > doesn't extend to OpenSSL. What, then, is the scope of the upstream and > CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; > is this significant?)btw, does openssl097a in centos5 not give you what you need ? -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
Scott Silva
2007-Dec-13 00:27 UTC
[CentOS] Re: OpenSSL binary compatibility between CentOS 4 and 5
on 12/12/2007 4:07 PM Ed Schofield spake the following:> [Re-sending ...] > > I would like to ask why upstream and CentOS provide no compat-openssl > packages like Novell does in SUSE. > > We are trying to install binaries for gLite (a huge toolkit for grid > computing linked against upstream v4 libraries) on CentOS 5. I was under > the impression that this would be possible because v5 is > "binary-compatible" with v4. But it seems this "binary compatibility" > doesn't extend to OpenSSL. What, then, is the scope of the upstream and > CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB; > is this significant?)I don't think v5 is binary compatible with v4. CentOS only strives for binary compatibility with the upstream vendor's same release (IE... CentOS 4 with RHEL 4, etc...) Different versions usually include compatibility libraries to some older versions. Look at openssl097a rpm. It might have what you need.> > We will probably want to roll our own compat-openssl packages to provide > the relevant libssl and libcrypto .so files, using e.g. compat-openldap > as an example. Is this something we could contribute? It doesn't seem to > exist yet in any repositories linked from > http://wiki.centos.org/HowToContribute/Packages. > > Assuming it makes sense to contribute this, we'd want to do it right. > Could anyone outline steps to make the packages secure and compatible? > For example, is it sufficient to roll up the .so files from the CentOS > 4.x openssl packages into rpms and add Requires tags for .so files from > compat-glibc? > > Thanks in advance for any help! > > -- Ed > > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!