FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-12-2007, 11:07 PM
"Ed Schofield"
 
Default OpenSSL binary compatibility between CentOS 4 and 5

[Re-sending ...]

I would like to ask why upstream and CentOS provide no compat-openssl packages like Novell does in SUSE.

We
are trying to install binaries for gLite (a huge toolkit for grid
computing linked against upstream v4 libraries) on CentOS 5. I was
under the impression that this would be possible because v5 is
"binary-compatible" with v4. But it seems this "binary compatibility"
doesn't extend to OpenSSL. What, then, is the scope of the upstream and
CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB;
is this significant?)


We will probably want to roll our own compat-openssl packages
to provide the relevant libssl and libcrypto .so files, using e.g.
compat-openldap as an example. Is this something we could contribute?
It doesn't seem to exist yet in any repositories linked from http://wiki.centos.org/HowToContribute/Packages.

Assuming
it makes sense to contribute this, we'd want to do it right. Could
anyone outline steps to make the packages secure and compatible? For
example, is it sufficient to roll up the .so files from the CentOS 4.x
openssl packages into rpms and add Requires tags for .so files from
compat-glibc?

Thanks in advance for any help!

-- Ed
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 11:19 PM
Karanbir Singh
 
Default OpenSSL binary compatibility between CentOS 4 and 5

Ed Schofield wrote:
> Assuming it makes sense to contribute this, we'd want to do it right.
> Could anyone outline steps to make the packages secure and compatible?
> For example, is it sufficient to roll up the .so files from the CentOS
> 4.x openssl packages into rpms and add Requires tags for .so files from
> compat-glibc?
>
> Thanks in advance for any help!

you need a clean .spec file that builds from pristine sources + patches.
One option would be to base your spec off what is in openssl-centos4,
that way you should just be able to follow upstream for bugfix and
security issues.

once you have this done, post the .spec file and any patches you have to
the centos-devel list. We'd then pick it up and move it via qa to the
testing repo and then finally the Extras/ repo.

If you have any further questions, feel free to ask.

--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 11:23 PM
Karanbir Singh
 
Default OpenSSL binary compatibility between CentOS 4 and 5

Ed Schofield wrote:
> We are trying to install binaries for gLite (a huge toolkit for grid
> computing linked against upstream v4 libraries) on CentOS 5. I was under
> the impression that this would be possible because v5 is
> "binary-compatible" with v4. But it seems this "binary compatibility"
> doesn't extend to OpenSSL. What, then, is the scope of the upstream and
> CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB;
> is this significant?)


btw, does openssl097a in centos5 not give you what you need ?

--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 11:27 PM
Scott Silva
 
Default OpenSSL binary compatibility between CentOS 4 and 5

on 12/12/2007 4:07 PM Ed Schofield spake the following:

[Re-sending ...]

I would like to ask why upstream and CentOS provide no compat-openssl
packages like Novell does in SUSE.


We are trying to install binaries for gLite (a huge toolkit for grid
computing linked against upstream v4 libraries) on CentOS 5. I was under
the impression that this would be possible because v5 is
"binary-compatible" with v4. But it seems this "binary compatibility"
doesn't extend to OpenSSL. What, then, is the scope of the upstream and
CentOS binary compatibility guarantees? (OpenSSL is not yet in the LSB;
is this significant?)
I don't think v5 is binary compatible with v4. CentOS only strives for binary
compatibility with the upstream vendor's same release (IE... CentOS 4 with
RHEL 4, etc...) Different versions usually include compatibility libraries to
some older versions. Look at openssl097a rpm. It might have what you need.


We will probably want to roll our own compat-openssl packages to provide
the relevant libssl and libcrypto .so files, using e.g. compat-openldap
as an example. Is this something we could contribute? It doesn't seem to
exist yet in any repositories linked from
http://wiki.centos.org/HowToContribute/Packages.


Assuming it makes sense to contribute this, we'd want to do it right.
Could anyone outline steps to make the packages secure and compatible?
For example, is it sufficient to roll up the .so files from the CentOS
4.x openssl packages into rpms and add Requires tags for .so files from
compat-glibc?


Thanks in advance for any help!

-- Ed


------------------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2007, 11:56 PM
"Ed Schofield"
 
Default OpenSSL binary compatibility between CentOS 4 and 5

On Dec 13, 2007 11:23 AM, Karanbir Singh <mail-lists@karan.org> wrote:

> btw, does openssl097a in centos5 not give you what you need ?

Thanks to both you and Scott for pointing this out. I had completely
missed this. This will give us exactly what we need.

By the way, do you know why yum sees only the x86_64 version of this
package? It seems necessary to fetch the i386 .rpm from a mirror as a
workaround.

-- Ed
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2007, 12:00 AM
Scott Silva
 
Default OpenSSL binary compatibility between CentOS 4 and 5

on 12/12/2007 4:56 PM Ed Schofield spake the following:

On Dec 13, 2007 11:23 AM, Karanbir Singh <mail-lists@karan.org> wrote:


btw, does openssl097a in centos5 not give you what you need ?


Thanks to both you and Scott for pointing this out. I had completely
missed this. This will give us exactly what we need.

By the way, do you know why yum sees only the x86_64 version of this
package? It seems necessary to fetch the i386 .rpm from a mirror as a
workaround.

-- Ed

Yum tries to load packages that match your running architecture.

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2007, 12:12 AM
"Ed Schofield"
 
Default OpenSSL binary compatibility between CentOS 4 and 5

On Dec 13, 2007 12:00 PM, Scott Silva <ssilva@sgvwater.com> wrote:
> on 12/12/2007 4:56 PM Ed Schofield spake the following:
>
> > On Dec 13, 2007 11:23 AM, Karanbir Singh <mail-lists@karan.org> wrote:
> >
> >> btw, does openssl097a in centos5 not give you what you need ?
> >
> > Thanks to both you and Scott for pointing this out. I had completely
> > missed this. This will give us exactly what we need.
> >
> > By the way, do you know why yum sees only the x86_64 version of this
> > package? It seems necessary to fetch the i386 .rpm from a mirror as a
> > workaround.
>
> Yum tries to load packages that match your running architecture.

What I'm wondering is why, although most packages have both i386 and
x86_64 versions visible to my yum client, this isn't true for the
openssl packages.

-- Ed
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2007, 12:30 AM
Karanbir Singh
 
Default OpenSSL binary compatibility between CentOS 4 and 5

Ed Schofield wrote:
> What I'm wondering is why, although most packages have both i386 and
> x86_64 versions visible to my yum client, this isn't true for the
> openssl packages.

in most cases, the backword or compat packages wont be multilib ok, and
are only published for the arch they are hosted in. there are some
exceptions, but this rule is mostly true.

if you look at http://mirror.centos.org/centos/5/os/x86_64/CentOS/
you can see all the packages included in the distro itself, not
including any external repositories, and openssl097a is only published
for x86_64 in the x86_64 tree.

btw, if you primary app is 32bit, why are you even running a x86_64
environment ?

--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2007, 12:42 AM
"Ed Schofield"
 
Default OpenSSL binary compatibility between CentOS 4 and 5

On Dec 13, 2007 12:30 PM, Karanbir Singh <mail-lists@karan.org> wrote:
> Ed Schofield wrote:
> > What I'm wondering is why, although most packages have both i386 and
> > x86_64 versions visible to my yum client, this isn't true for the
> > openssl packages.
>
> in most cases, the backword or compat packages wont be multilib ok, and
> are only published for the arch they are hosted in. there are some
> exceptions, but this rule is mostly true.
>
> if you look at http://mirror.centos.org/centos/5/os/x86_64/CentOS/
> you can see all the packages included in the distro itself, not
> including any external repositories, and openssl097a is only published
> for x86_64 in the x86_64 tree.

Perfect. Thanks for the information.

> btw, if you primary app is 32bit, why are you even running a x86_64
> environment ?

I think it's because we're masochists and fools.

-- Ed
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org