 | | | upgrading bind, openssl, openssh from source/srpms | upgrading bind, openssl, openssh from source/srpms 2005-03-14 - By Pettit, Paul
Back
> [mailto:valhalla-list-bounces@(protected)] On Behalf Of Scott Edwards
>
> I'm using RH7.2 (I assume it has trivial differences from 7.3, and the
> 7.2 list is silent for the last few months).
>
Hmmm, not sure how trivial they are. I do remember that there were some
major changes between the two distros but hang me if I remember all of
the details.
> For bind, openssl, or other packages, are there any caveats when
> building off a src.rpm from a newer redhat release?
>
> I've managed to edit the spec file for bind 9.1.3 to accomidate 9.3.1.
> I'm using the current tarball from the isc.org site. It stopped
> building when I needed to update openssl.
>
> I intend to build the package so the init script will have bind chroot
> and drop privlidges (root -> bind) as it becomes a daemon. (like
> trustix uses - I'll poke at their src.rpm for clues)
>
> openssl still leaves me with questions. What's the difference between
> the 'engine' and non engine releases?
>From the tar ball:
"With OpenSSL 0.9.6, a new component has been added to support external
crypto devices, for example accelerator cards. The component is called
ENGINE, and has still a pretty experimental status and almost no
documentation. It's designed to be fairly easily extensible by the
calling programs.
openssl-engine-0 (See http://ine-0.ora-code.com).9.6.tar.gz does not depend on openssl-0 (See http://ssl-0.ora-code.com).9.6.tar, you do
not need to download both.
openssl-engine-0 (See http://ine-0.ora-code.com).9.6.tar.gz is usable even if you don't have an external
crypto device."
It would seem that the 'engine' version is simply a version of openssl
that includes support for external devices. It should work the same as
the 'regular' openssl distro.
> the openssl spec file said it
> was using engine and a -usa suffix. What's the significance of this?
> I assume I'll need the current engine release, right?
>
According to the above you don't need both but if the spec file is
looking for openssl-engine then you will need to go with that.
Can't find any notation on the '-usa' suffix so can't help you there.
> I'm building these on a stage box (semi-persistant vmware setup)
> before I toss them at my colo. Clearly, I want to avoid any support
> requests on the system itself. I don't have local access to it.
>
> Thank you,
>
>
> Scott Edwards
Wish I could help more. RH 7.2 is pretty old and not supported by
anyone. RH 7.3 is supported by Fedora Legacy still (and for the
forseable future) so you might look at a point upgrade and see if you
can get more answers or at least a bit more bug fix support.
Good luck either way. :)
Paul Pettit
CTO and IS Manager
Consistent Computer Bargains Inc.
I've heard it said that the proof of lunacy is when you repeat the same
steps expecting different results. I say it's proof that you're a
Microsoft user. - comment by deshi777 on experts-exchange.com
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
|
|
|