Updated dependencies (3.27.x)

README.md

@@ -148,8 +148,6 @@ File `install-dependencies` and the relevant subdirectories in `deps-packaging`
 | [librsync](https://github.com/librsync/librsync/releases)                         | -      | -      | 2.3.4  |                          |
 | [leech](https://github.com/larsewi/leech/releases)                                | -      | -      | 0.2.0  |                          |
 
-**Note:** We don't package OpenSSL for RHEL >= 8 and SuSE >= 15.
-We use the systems bundled SSL for these platforms.
 
 ### Enterprise Hub dependencies
 

build-scripts/compile-options

@@ -32,10 +32,6 @@ export PROJECT
 # It's a flag: if it's set to 1 - then we use system OpenSSL.
 # Otherwise, we build it.
 if [ -z "$SYSTEM_SSL" ]; then
-    # We don't bundle OpenSSL on some redhat-derived systems due to incompatability with libpam and our openssl.
-    if [ "$OS" = "rhel" ] && [ "$OS_VERSION_MAJOR" -ge "8" ]; then
-        SYSTEM_SSL=1
-    fi
     if [ "$OS" = "opensuse" ] || [ "$OS" = "sles" ]; then
         if [ "$OS_VERSION_MAJOR" -ge "15" ]; then
             SYSTEM_SSL=1
@@ -126,7 +122,6 @@ solaris | aix)
     ;;
 esac
 
-# We use system bundled SSL on RHEL >= 8
 if [ "$SYSTEM_SSL" != 1 ]; then
     # zlib is a compression library which is a dependency of OpenSSL.
     # TODO: can we remove zlib dependency? (CFE-4013)

build-scripts/install-dependencies

@@ -146,7 +146,7 @@ for dep in $DEPS; do
         optimize=yes
         debugsym=no
         versuffix=+untested
-        tests=no
+        tests=yes
         ;;
     RELEASE)
         optimize=yes

build-scripts/package

@@ -195,13 +195,6 @@ rpm | lpp)
             exit 1
         fi
         log_debug "SELinux policy version: $SELINUX_POLICY_VERSION"
-        # Get OpenSSL version to ensure compatibility
-        OPENSSL_VERSION=$(rpm -q --provides openssl-libs | grep OPENSSL_ | sed 's/^.*_\([0-9.]*\).*$/\1/' | sort -n | tail -1)
-        if [ -z "$OPENSSL_VERSION" ]; then
-            log_error "Unable to determine OpenSSL package version"
-            exit 1
-        fi
-        log_debug "OpenSSL version: $OPENSSL_VERSION"
     fi
 
     # Generate RPM spec file from template, substituting version info and scripts
@@ -210,7 +203,6 @@ rpm | lpp)
         -e "s/@@VERSION@@/$RPM_VERSION/g" \
         -e "s/@@RELEASE@@/$safe_prefix$RPM_RELEASE/g" \
         -e "s/@@SELINUX_POLICY_VERSION@@/$SELINUX_POLICY_VERSION/g" \
-        -e "s/@@OPENSSL_VERSION@@/$OPENSSL_VERSION/g" \
         -e "/^%pre\$/r $PREINSTALL" \
         -e "/^%post\$/r $POSTINSTALL" \
         -e "/^%preun\$/r $PREREMOVE" \

ci/centos-7-setup-devtoolset-11.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -ex
+sudo yum install -y centos-release-scl
+sudo rm -f /etc/yum.repos.d/CentOS-SCLo-scl.repo
+sudo sed -i 's,^#baseurl.*$,baseurl=https://vault.centos.org/7.9.2009/sclo/x86_64/rh/,' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
+sudo sed -i '/mirrorlist/d' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
+sudo yum update -y
+sudo yum install -y devtoolset-11
+if ! grep "source /opt/rh/devtoolset-11/enable" /usr/lib/rpm/find-debuginfo.sh; then
+  sudo sed -i '1a\source /opt/rh/devtoolset-11/enable' /usr/lib/rpm/find-debuginfo.sh
+fi
+source /opt/rh/devtoolset-11/enable

ci/cfengine-build-host-setup.cf

@@ -142,16 +142,12 @@ bundle agent cfengine_build_host_setup
       "platform-python-devel" -> { "cfbs shebang", "ENT-11338" }
         comment => "py3_shebang_fix macro needs /usr/bin/pathfix.py from platform-python-devel package";
 
-    suse_15::
-      "libopenssl-devel" -> { "ENT-12528" }
-        comment => "like redhat, suse 15+ needs to build with system openssl.";
 
     (redhat_8|centos_8|redhat_9|redhat_10).(yum_dnf_conf_ok)::
       "java-1.8.0-openjdk-headless" package_policy => "delete",
         comment => "Installing Development Tools includes this jdk1.8 which we do not want.";
       "pkgconf" comment => "pkgconfig renamed to pkgconf in rhel8";
       "selinux-policy-devel" comment => "maybe add to _7 and _6?";
-      "openssl-devel";
 
     (redhat_9|redhat_10).(yum_dnf_conf_ok)::
       "perl-Sys-Hostname" comment => "Needed by __04_examples_outputs_check_outputs_cf";

ci/fix-buildhost.sh

@@ -1,3 +1,16 @@
+#!/usr/bin/env bash
+# it is expected that this file is sourced, not executed directly
+set -ex
+my_path="$(realpath "${BASH_SOURCE[0]}")"
+my_dir="$(dirname "$my_path")"
+
+if [ -f /etc/os-release ]; then
+  source /etc/os-release
+  if [ "$ID" = "centos" ] && [ "$VERSION_ID" = "7" ]; then
+    source "$my_dir"/centos-7-setup-devtoolset-11.sh
+  fi
+fi
+
 if [ "$(uname)" = "HP-UX" ]; then
   # /etc/profile contains tty code that won't work well when sourced and this VUE env var guards against running those bits
   # https://ftp.mirrorservice.org/sites/www.bitsavers.org/pdf/hp/9000_hpux/9.x/B1171-90044_HP_Visual_User_Environment_System_Administration_Manual_Nov91.pdf
@@ -15,10 +28,5 @@ if [ "$(uname)" = "HP-UX" ] || [ "$(uname)" = "SunOS" ]; then
   fi
 fi
 
-# while ENT-13750 is in progress we need to ensure that OTHER builds include openssl devel packages on redhat-based platforms
-if command -v zypper >/dev/null 2>/dev/null; then
-  sudo zypper install -y libopenssl-devel || true
-fi
-if command -v yum >/dev/null 2>/dev/null; then
-  sudo yum install -y openssl-devel || true
-fi
+mkdir -p ~/.ssh
+echo "build-artifacts-cache.cloud.cfengine.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGahpsY8Phk2+isBmuJQjjQVlh6BNL/Qetc14g26gowV" >> ~/.ssh/known_hosts