M2Crypto Build Wrapper for Fedora Core -based Distributions

Ever since M2Crypto got support for Elliptic Curves (EC) cryptography, it has been somewhat difficult to build M2Crypto on systems where OpenSSL has been built without EC support. Notably distributions based on Fedora Core, which besides Fedora Core include of course Redhat and CentOS.

Disabled EC support alone wouldn’t be an issue, since normally opensslconf.h defines OPENSSL_NO_EC, but those same systems have also changed OpenSSL build so that instead of opensslconf.h you need to include processor architecture dependent file. And if that wasn’t enough this isn’t actually what you are supposed to be doing, and you will hit a compiler error to notify you of that. The final step in the recipe is to tell SWIG to treat errors as warnings. The distributions make build changes in their own versions of M2Crypto, but unless you know the recipe, you are going to have a hard time building M2Crypto yourself. Miloslav Trmač showed me what kind of changes were needed, and I made a new setup wrapper fedora_setup.sh which should help you get off the ground with M2Crypto if you are having a hard time building it. Let me know if you run into any problems with the setup wrapper.

I am sure the distros did not make these changes just to make it harder to build systems based on OpenSSL, although it sure does feel like that at times. Maybe someone can shed light on why these changes were made in the first place.

Similar Posts:


  1. Miloslav Trmač:

    The opensslconf.h changes are necessary for multilib systems – to allow installing both i386 and x86_64 headers and development libraries on one machine, and building both 32-bit and 64-bit programs using those headers. If opensslconf.h contained data about the 64-bit mode, building 32-bit programs wouldn’t be possible.

  2. Heikki Toivonen:

    Hmm, I still don’t see why this couldn’t be solved with defines during build or something like that. Of course, I haven’t really thought through all issues so maybe there really was no better way. But thanks for the explanation.

  3. Miloslav Trmač:

    Doing it this way does not require any modification of the build process of applications that use openssl.

    M2Crypto is an exception because SWIG does not (or should not) follow #includes recursively, which breaks the platform auto-detection header file.

  4. Andrew:

    I had to modify the script slightly, so arch is set to `uname -i` (i386) instead of `uname -m` (i686). This is on FC8.