From 05052a2af982cde28d06ac225c182f22360ace9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Mon, 1 Dec 2025 10:24:17 +0100 Subject: [PATCH] - post GA fixes (RHEL-100125) - Resolves: RHEL-100125 --- openssl-ibmca-2.5.0-fixes.patch | 137 ++++++++++++++++++++++++++++++++ openssl-ibmca.spec | 8 +- 2 files changed, 143 insertions(+), 2 deletions(-) diff --git a/openssl-ibmca-2.5.0-fixes.patch b/openssl-ibmca-2.5.0-fixes.patch index e69de29..f2da0ad 100644 --- a/openssl-ibmca-2.5.0-fixes.patch +++ b/openssl-ibmca-2.5.0-fixes.patch @@ -0,0 +1,137 @@ +From 7f798a4a525fcd4cc03360ad8867a856961b8556 Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 16 Apr 2025 10:43:23 +0200 +Subject: [PATCH 1/2] TRAVIS: Make sure to produce output for long taking steps + +Avoid errors like "No output has been received in the last 10m0s, this +potentially indicates a stalled build or something wrong with the build +itself." + +Signed-off-by: Ingo Franzki +--- + .travis.yml | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/.travis.yml b/.travis.yml +index 42fc99f..a7d6e53 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -5,7 +5,7 @@ language: c + + before_install: + - sudo apt-get -qq update +- - sudo apt-get install -y libica3 libica-dev ++ - sudo apt-get install -y libica3 libica-dev pv + + jobs: + include: +@@ -19,26 +19,26 @@ before_script: + - git clone https://github.com/openssl/openssl.git + - pushd openssl + - git checkout master +- - ./config -w +- - make -j 5 -s ++ - ./config -w 2> >(tee) ++ - make -j 5 -s | pv -t -i 1 -f 2> >(tee) + - export OPENSSL_DIR=$PWD + - export PATH=$OPENSSL_DIR/apps/:$PATH + - export LD_LIBRARY_PATH=$OPENSSL_DIR/:$LD_LIBRARY_PATH + - popd +- - openssl version ++ - openssl version 2> >(tee) + - git clone https://github.com/opencryptoki/libica.git + - pushd libica +- - ./bootstrap.sh +- - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR" +- - make -j 5 V=0 ++ - ./bootstrap.sh 2> >(tee) ++ - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR" 2> >(tee) ++ - make -j 5 V=0 2> >(tee) + - export LIBICA_DIR=$PWD + - export LD_LIBRARY_PATH=$LIBICA_DIR/src/.libs:$LD_LIBRARY_PATH + - popd +- - $LIBICA_DIR/src/icainfo ++ - $LIBICA_DIR/src/icainfo 2> >(tee) + + script: +- - ./bootstrap.sh +- - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR -I$LIBICA_DIR/include -L$LIBICA_DIR/src/.libs" $CONFIG_OPTS +- - make -j 5 V=0 +- - make check V=0 ++ - ./bootstrap.sh 2> >(tee) ++ - ./configure CFLAGS="-I$OPENSSL_DIR/include -L$OPENSSL_DIR -I$LIBICA_DIR/include -L$LIBICA_DIR/src/.libs" $CONFIG_OPTS 2> >(tee) ++ - make -j 5 V=0 2> >(tee) ++ - make check V=0 | pv -t -i 1 -f 2> >(tee) + +-- +2.52.0 + + +From 5c569950da3a592ba77974bb0cd1ffe7ad03372e Mon Sep 17 00:00:00 2001 +From: Ingo Franzki +Date: Wed, 14 May 2025 15:22:11 +0200 +Subject: [PATCH 2/2] configure: Check for openssl/engine.h and disable engine + if not available + +Newer distributions do not install the include file openssl/engine.h anymore +to actively hinder one from building and using engines. + +Check if openssl/engine.h exists, and only enable the engine build if so. +If the engine is explicitly enabled via '--enable-engine' then the configure +step fails with an error message. Otherwise the engine is silently disabled. + +Signed-off-by: Ingo Franzki +--- + configure.ac | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c1b16f8..f8a435c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -31,13 +31,13 @@ AC_ARG_ENABLE([sanitizer], + [enable_sanitizer=no]) + + AC_ARG_ENABLE([engine], +- [AS_HELP_STRING([--enable-engine], [build IBMCA engine (OpenSSL 1.1.1, default is yes)])], ++ [AS_HELP_STRING([--enable-engine], [build IBMCA engine (OpenSSL >= 1.1.1, default is yes, if openssl/engine.h is available, else the default is false)])], + [if test "x$enableval" = "xyes" ; then + enable_engine="yes" + else + enable_engine="no" + fi], +- [enable_engine="yes"]) ++ [enable_engine="check"]) + + AC_ARG_ENABLE([provider], + [AS_HELP_STRING([--enable-provider], [build IBMCA provider (OpenSSL >= 3.0, default is yes if built against OpenSSL 3.0 or later, else the default is false)])], +@@ -75,6 +75,7 @@ AC_CHECK_LIB([crypto], [OSSL_LIB_CTX_new], [openssl_3_0="yes"], [openssl_3_0="no + AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stddef.h stdlib.h \ + string.h strings.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h unistd.h]) + AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 3.6.0 is required ***])) ++AC_CHECK_HEADER([openssl/engine.h], [has_engine_h="yes"], [has_engine_h="no"]) + + + # Checks for typedefs, structures, and compiler characteristics. +@@ -137,6 +138,18 @@ else + enable_provider=no + fi + ++# If is not available, do not build the engine ++if test "x$has_engine_h" = xyes; then ++ if test "x$enable_engine" != xno; then ++ enable_engine=yes ++ fi ++else ++ if test "x$enable_engine" = xyes; then ++ AC_MSG_ERROR([*** openssl/engine.h is required to build the IBMCA engine ***]); ++ fi ++ enable_engine=no ++fi ++ + AM_CONDITIONAL([IBMCA_ENGINE], [test "x$enable_engine" == xyes]) + AM_CONDITIONAL([IBMCA_PROVIDER], [test "x$enable_provider" == xyes]) + +-- +2.52.0 + diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index e3833cf..c46c94e 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -9,14 +9,14 @@ Summary: OpenSSL engine and provider for IBMCA Name: openssl-ibmca Version: 2.5.0 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 URL: https://github.com/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz # warn the user about engine being deprecated Patch1: %{name}-2.3.1-engine-warning.patch # post GA fixes -#Patch2: %%{name}-%%{version}-fixes.patch +Patch2: %{name}-%{version}-fixes.patch Requires: libica >= 4.0.0 BuildRequires: make BuildRequires: gcc @@ -79,6 +79,10 @@ make check %changelog +* Tue Dec 09 2025 Dan Horák - 2.5.0-2 +- post GA fixes (RHEL-100125) +- Resolves: RHEL-100125 + * Thu Jun 05 2025 Dan Horák - 2.5.0-1 - rebased to 2.5.0 (RHEL-73354) - Resolves: RHEL-73354