I would say that if we need this tool at *build*time only, we can just as well build it at that time itself, and that would solve the whole problem? It would require some patching of the Makefile, but no rocket science... That would introduce a dependency on libopenssl-devel instead but that's fine I would think (no specific version requirement in the dependency and it compiles fine under 1.0.2). best wishes, Mischa On Sat, Feb 10, 2018 at 7:02 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
09.02.2018 22:34, Michal Kubecek пишет:
On Fri, Feb 09, 2018 at 07:11:17PM +0100, Stefan Seyfried wrote:
Am 09.02.2018 um 15:51 schrieb Michal Kubecek:
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote>> is adding additional repo to Kernel:stable that builds against Leap an option? It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same.
Which would be quite a waste of resources.
Fully agreed.
After grepping the kernel sources, I'm not sure if the extract-certs tool is actually used for building external modules (which is what kernel-devel packages are mostly used for AFAICT).
So the simplest solution might be to just "rm scripts/extract-certs" in %install.
I must admit I'm not really sure what (and who) exactly is the utility useful for so that I can't say if someone is going to miss it. But I do agree that it's most likely not needed to build out of tree modules which is the main purpose of kernel-${flavor}-devel packages.
Also, it doesn't seem to depend on flavor so there is little reason for it to be in each kernel-${flavor}-devel; on the other hand, kernel-devel is noarch so it shouldn't go there either.
If that is deemed overly radical, we could split kernel-devel into two packages: kernel-devel and kernel-devel-extractcert.
People on pre-openSSL-1.1 systems could still install everything but the extractcert package. And I'd guess nobody would notice ;-)
This is what I suggested in bsc#1080250 comment 3. :-)
extract-certs is not optional. It is used in kernel Makefile; not having it will lead to missing dependencies.
I'm not sure whether exract-certs *must* be compiled binary. On the first glance it does not do more than converting PEM/PKCS#11 into DER. This probably can be done using wrapper around openssl or suitable perl module. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org