On Wed, Mar 20, 2024 at 02:05:52PM +0000, Daniel Berrange wrote:
> Another alternative is to continue providing fully functional engine
> symbols, but remove the header files so in practice you can't compile
> something new that uses it. This is still forking the API, but at least
> has not forked the ELF ABI, so the upgrade doesn't explode.
This is a really good idea, I hope Daniel's comment is not lost here.
In fact no need to remove the header files - adding the required:
#define OPENSSL_NO_ENGINE
into <openssl/configuration-%{arch}.h> will make the OpenSSL API act as
if it was built with the no-engine option - this would not be an API
fork since it's one of many configurations supported upstream.
It will have the desired effect of disabling ENGINE support across most
of Fedora in the next mass-rebuild. Or at least we can easily track down
the places where the detection isn't perfect, they will break at compile
time.
Regards, Joe
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
