[Bug 2045256] Re: transition the code to OpenSSL 3.x
Dimitri John Ledkov
2045256 at bugs.launchpad.net
Thu Nov 30 21:02:59 UTC 2023
sbsigntool (0.9.4-3.1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable to restore Ubuntu delta (LP: #1980057)
Remaining changes:
- d/p/ubuntu-kernel-module-signing.patch (rebased on 0.9.4) and
d/p/ubuntu-kernel-module-signing-fixes.patch (rebased on 0.9.4):
add the kernel module signing tool to the package.
- d/p/ubuntu-clear-image-before-use.patch: avoid use of uninitialised
data causing a startup crash.
- dp/sbkeysync-Don-t-ignore-errors-from-insert_new_keys.patch: exit non-zero
upon key insertion failure
Dropped changes, applied in Debian:
- Disable -Werror on deprecation warnings for the OpenSSL transition
- Apply patch to fix the OpenSSL3 build
** Changed in: sbsigntool (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sbsigntool in Ubuntu.
https://bugs.launchpad.net/bugs/2045256
Title:
transition the code to OpenSSL 3.x
Status in sbsigntool package in Ubuntu:
Fix Released
Bug description:
When building the current version with OpenSSL 3.0.2 on Ubuntu 22.04.3
LTS, the build fails with bunch of errors due to deprecated OpenSSL
APIs used, such as
ENGINE_load_builtin_engines
ENGINE_by_id
ENGINE_init
ENGINE_load_private_key
ENGINE_finish
ENGINE_free
SHA256_Init
SHA256_Update
SHA256_Final
...
etc.
The failure happened because -Werror is used for the build. Can be suppressed with -Wno-deprecated-declarations however the OpenSSL 3.x API transition would be good to do anyway.
The direct access to low level SHA256 APIs can be replaced with EVP
APIs. The ENGINE APIs were deprecated in favor of the PROVIDER model
in OpenSSL 3.x so might be a bit of work.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/2045256/+subscriptions
More information about the foundations-bugs
mailing list