openssl package

Richard W.M. Jones rjones at redhat.com
Wed Dec 3 09:56:56 UTC 2008 

On Tue, Dec 02, 2008 at 01:47:04PM +0100, Farkas Levente wrote:
> i'm just look into the openssl spec file. imho this is one of the most
> complicated mingw32 spec file. is this really that bad or it was just
> written too long ago?

It really is that bad.  OpenSSL has some crazy-assed build system that
requires a lot of working around.  What we use in the Fedora MinGW
mingw32-openssl.spec is mostly derived from the Fedora native package.

> a few comments:
> 
> do we build and run the tests or not? it seems to me not, but the BR
> wine is still there. ie not %if %{with_tests}

No.  This applies to all MinGW packages - we provide tests (if they
are in the upstream package) but we cannot run them during normal
builds.  You can't run Wine under mock/Koji for various reasons.

> is there any reason for this line?:
> %{SOURCE1} > /dev/null

The Fedora native openssl package does the same thing.  Note this runs
the SOURCE1 script (hobble-openssl) and redirects any output to
/dev/null.

> neither mingw32-openssl-0.9.8g-configure.patch nor the inline gcc script
> has the -mms-bitfields set. anyway it'd be better to everywhere use the
> %_mingw32_cflags macro and not the hard coded ones. anyway is it a good
> trick to use the inline gcc script?

These patches come straight from the Fedora native package.  Yes, they
should be modified to add -mms-bitfields and other flags from the
_mingw32_cflags macro, so that is a bug.

> wouldn't be better to use everywhere the %_mingw32_make macro (but i
> don't see whether is has any effect?

I don't know.  OpenSSL is far from an ordinary autoconf package, so
whether the extra flags would be useful or detrimental is hard to say
without looking at the Makefile in detail.

> this comment in the sepc:
>  "Disable this thread test, because we don't have pthread on Windows"
> still valid when we have mingw32-pthreads?

That is probably a bug too.  I packaged OpenSSL before I did pthreads.

> unfortunately it's makefiles and configure scripts are very hard coded
> so we can't easily fix ar, ranlib etc. just patch the makefiles:-(
> imho the best way in this case to run a successful build and look trough
> the buildlog to find where and which commands are used.

Well perhaps.  I'd rather keep close to the Fedora native package,
build scripts and patches.  That makes applying patches much simpler,
and is quite vital because OpenSSL is an important security product
with a history of security issues.

Rich.

More information about the mingw mailing list