[opensuse-factory] Re: Issue with Kernel 4.15.1 from the Kernel:stable Repo
On 02/09/2018, 09:42 AM, Patrick Finie wrote:
Well it turns out the header files for the new 4.15.2-1.1.gb34965a.x86_64 never got updated. I learned this after dropping into Runlevel 3 and executing dkms autoinstall --all which put out a message about not being able to find the kernel headers and source. So at this point I executed yast to see what the issue was and got this message when I tried to update the kernel devel.
"nothing provides libcrypto.so.1.1()(64bit) needed by kernel-default-devel-4.15.2-1.1.gb34965a.x86_64 " ... Hopefully this helps. Not sure if i should make a bug report on this so i look forward to hearing back from someone on this.
Yes, this was already reported on the list. The thing is (quoting seife): This is due to /usr/src/linux-4.15.0-1.ga348749-obj/x86_64/default/scripts/extract-cert being linked against openssl. Kernel-packagers: maybe this could be mitigated by BuildRequire'ing libopenssl-1_0_0-devel instead of libopenssl-devel? =============== Please create a bug report, but I am unsure what we can do about that -- openssl 1.0 won't be with us for a long time, I guess. thanks, -- js suse labs -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 9, 2018 at 11:50 AM, Jiri Slaby <jslaby@suse.cz> wrote:
Please create a bug report, but I am unsure what we can do about that -- openssl 1.0 won't be with us for a long time, I guess.
is adding additional repo to Kernel:stable that builds against Leap an option? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Jiri, others, (now properly in plain text mode, sorry) could you point me to the earlier reference on the list (a link somewhere in https://lists.opensuse.org/opensuse-factory/ ...), I couldn't find it. Also, why is extract-cert now build, which it wasn't before? I couldn't see it being used anywhere. It's a useful tool, although most people could probably do without, or build it on demand, or use the openssl x509 cmdline tool, or use the pkcs11-tool. I'm bitten by the same issue, running Leap (42.3) with stable kernel (4.4 is too old for my hardware). Having a reliable openssl-1.1 repo would be ok-ish, but certainly not my preference. I guess once Leap 15 is out, it would be ok to move to openssl 1.1 as requirement, now I would prefer if it simply wouldn't be build by default. Best wishes, Mischa On Fri, Feb 9, 2018 at 12:11 PM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Fri, Feb 9, 2018 at 11:50 AM, Jiri Slaby <jslaby@suse.cz> wrote:
Please create a bug report, but I am unsure what we can do about that -- openssl 1.0 won't be with us for a long time, I guess.
is adding additional repo to Kernel:stable that builds against Leap an option? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote:
On Fri, Feb 9, 2018 at 11:50 AM, Jiri Slaby <jslaby@suse.cz> wrote:
Please create a bug report, but I am unsure what we can do about that -- openssl 1.0 won't be with us for a long time, I guess.
is adding additional repo to Kernel:stable that builds against Leap an option?
It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, Am 09.02.2018 um 15:51 schrieb Michal Kubecek:
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote>> is adding additional repo to Kernel:stable that builds against Leap an option? It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same.
Which would be quite a waste of resources. After grepping the kernel sources, I'm not sure if the extract-certs tool is actually used for building external modules (which is what kernel-devel packages are mostly used for AFAICT). So the simplest solution might be to just "rm scripts/extract-certs" in %install. If that is deemed overly radical, we could split kernel-devel into two packages: kernel-devel and kernel-devel-extractcert. People on pre-openSSL-1.1 systems could still install everything but the extractcert package. And I'd guess nobody would notice ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 09, 2018 at 07:11:17PM +0100, Stefan Seyfried wrote:
Am 09.02.2018 um 15:51 schrieb Michal Kubecek:
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote>> is adding additional repo to Kernel:stable that builds against Leap an option? It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same.
Which would be quite a waste of resources.
Fully agreed.
After grepping the kernel sources, I'm not sure if the extract-certs tool is actually used for building external modules (which is what kernel-devel packages are mostly used for AFAICT).
So the simplest solution might be to just "rm scripts/extract-certs" in %install.
I must admit I'm not really sure what (and who) exactly is the utility useful for so that I can't say if someone is going to miss it. But I do agree that it's most likely not needed to build out of tree modules which is the main purpose of kernel-${flavor}-devel packages. Also, it doesn't seem to depend on flavor so there is little reason for it to be in each kernel-${flavor}-devel; on the other hand, kernel-devel is noarch so it shouldn't go there either.
If that is deemed overly radical, we could split kernel-devel into two packages: kernel-devel and kernel-devel-extractcert.
People on pre-openSSL-1.1 systems could still install everything but the extractcert package. And I'd guess nobody would notice ;-)
This is what I suggested in bsc#1080250 comment 3. :-) Michal Kubecek -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
09.02.2018 22:34, Michal Kubecek пишет:
On Fri, Feb 09, 2018 at 07:11:17PM +0100, Stefan Seyfried wrote:
Am 09.02.2018 um 15:51 schrieb Michal Kubecek:
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote>> is adding additional repo to Kernel:stable that builds against Leap an option? It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same.
Which would be quite a waste of resources.
Fully agreed.
After grepping the kernel sources, I'm not sure if the extract-certs tool is actually used for building external modules (which is what kernel-devel packages are mostly used for AFAICT).
So the simplest solution might be to just "rm scripts/extract-certs" in %install.
I must admit I'm not really sure what (and who) exactly is the utility useful for so that I can't say if someone is going to miss it. But I do agree that it's most likely not needed to build out of tree modules which is the main purpose of kernel-${flavor}-devel packages.
Also, it doesn't seem to depend on flavor so there is little reason for it to be in each kernel-${flavor}-devel; on the other hand, kernel-devel is noarch so it shouldn't go there either.
If that is deemed overly radical, we could split kernel-devel into two packages: kernel-devel and kernel-devel-extractcert.
People on pre-openSSL-1.1 systems could still install everything but the extractcert package. And I'd guess nobody would notice ;-)
This is what I suggested in bsc#1080250 comment 3. :-)
extract-certs is not optional. It is used in kernel Makefile; not having it will lead to missing dependencies. I'm not sure whether exract-certs *must* be compiled binary. On the first glance it does not do more than converting PEM/PKCS#11 into DER. This probably can be done using wrapper around openssl or suitable perl module. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I would say that if we need this tool at *build*time only, we can just as well build it at that time itself, and that would solve the whole problem? It would require some patching of the Makefile, but no rocket science... That would introduce a dependency on libopenssl-devel instead but that's fine I would think (no specific version requirement in the dependency and it compiles fine under 1.0.2). best wishes, Mischa On Sat, Feb 10, 2018 at 7:02 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
09.02.2018 22:34, Michal Kubecek пишет:
On Fri, Feb 09, 2018 at 07:11:17PM +0100, Stefan Seyfried wrote:
Am 09.02.2018 um 15:51 schrieb Michal Kubecek:
On Fri, Feb 09, 2018 at 02:11:46PM +0300, Andrei Borzenkov wrote>> is adding additional repo to Kernel:stable that builds against Leap an option? It is certainly an option but it would mean building all packages twice even if almost all of the contents would be the same.
Which would be quite a waste of resources.
Fully agreed.
After grepping the kernel sources, I'm not sure if the extract-certs tool is actually used for building external modules (which is what kernel-devel packages are mostly used for AFAICT).
So the simplest solution might be to just "rm scripts/extract-certs" in %install.
I must admit I'm not really sure what (and who) exactly is the utility useful for so that I can't say if someone is going to miss it. But I do agree that it's most likely not needed to build out of tree modules which is the main purpose of kernel-${flavor}-devel packages.
Also, it doesn't seem to depend on flavor so there is little reason for it to be in each kernel-${flavor}-devel; on the other hand, kernel-devel is noarch so it shouldn't go there either.
If that is deemed overly radical, we could split kernel-devel into two packages: kernel-devel and kernel-devel-extractcert.
People on pre-openSSL-1.1 systems could still install everything but the extractcert package. And I'd guess nobody would notice ;-)
This is what I suggested in bsc#1080250 comment 3. :-)
extract-certs is not optional. It is used in kernel Makefile; not having it will lead to missing dependencies.
I'm not sure whether exract-certs *must* be compiled binary. On the first glance it does not do more than converting PEM/PKCS#11 into DER. This probably can be done using wrapper around openssl or suitable perl module. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 09-02-2018 a las 5:50, Jiri Slaby escribió:
Please create a bug report, but I am unsure what we can do about that -- openssl 1.0 won't be with us for a long time, I guess.
Upstream supports it until 2019-12-31..however it is strongly advised not to rely on it being around. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (6)
-
Andrei Borzenkov -
Cristian Rodríguez -
Jiri Slaby -
Michal Kubecek -
Mischa Salle -
Stefan Seyfried