Monday, January 5, 2015

Decripple OpenSSL on Fedora

I have grown tired of the travesty which is Redhat's inability to get secp256k1 enabled on the OpenSSL package. This has been a problem since 2007. That's 8 years as of now. This elliptic curve is needed for most if not all cryptocurrencies to build and run correctly. The recommended way to deal with this problem has been linking the binaries directly to a separate version of OpenSSL that people usually install from Ringing Liberty repositories. I'm now recommending that you should just patch the shipped version of OpenSSL whenever there's an update to OpenSSL available from Fedora repositories. I know this is bothersome, but it's the easiest way to deal with this issue until Redhat's lawyers get this shit sorted out whenever that may be.

First you need to get the source rpm:
yumdownloader --source --noplugins openssl

then you install the source rpm (version may and probably will differ):
rpm -ivh openssl-1.0.1j-1.fc21.src.rpm

Fetch the files, patch and build:
cd ~/rpmbuild/SPECS/
wget http://sebastianmaki.fi/files/openssl-1.0.1j-decripple-secp256k1.patch http://sebastianmaki.fi/files/openssl.spec.secp256k1.patch
mv openssl-1.0.1j-decripple-secp256k1.patch ../SOURCES/
patch < openssl.spec.secp256k1.patch
rpmbuild -bb openssl.spec

Then replace the installed openssl-packages on your system:
cd ~/rpmbuild/RPMS/$(uname -p)
yum reinstall ./openssl-*

Now you can build bitcoind, litecoind, potcoind and so on normally by following the building instructions in the sources.
No more fiddling with LD_LIBRARY_PATH, OPENSSL_OPTIONS, LDFLAGS and so on

If you happen to walk in the vicinity of a patent office with a canister of gasoline and the desire to burn buildings, do take pictures. I'd like to hang them on my wall. If you happen to be in a position to vote for abolishing the patent system, please do so. Vote for a political candidate that promises to destroy the patent office. The patent system as it is today does nothing to promote the development of new ideas. In fact it hinders innovation.

4 comments:

Miro Hrončok said...

Why don!t you provide a repo and run a cronjob that would trigger the rebuild every time there's an update?

Sebastian Mäki said...

Good idea. Possibly a topic for my next post.

Anonymous said...

On:

rpmbuild -bb openssl.spec

I got:

error: No patch number 94

Why?

I have fedora21

Sebastian Mäki said...

Looks like this patch(for openssl-1.0.1j-1.fc21.src.rpm) is no longer with your version of openssl. Current is openssl-1.0.1k-6.fc21.src.rpm

You can create a new patch set based on the patches I've provided.

Tip me if you like what you're reading