[Interest] Qt5.15 from source on centOS 7
chris at beneschtech.com
Mon Jun 20 09:45:25 CEST 2022
GCC 11 is a beast. But on an overall level the stricter the compiler, the
more optimization it can do. We got 5.15 to build on Cent 7 with gcc 10 and
OpenSSL 3, and I dont remember any big issues with it, but we dont really
use any of the cryptographic functions. I'll make a note of it and get our
CM guy involved so we dont ship unsupported configurations, and modify my
Jenkins build as well.
On Mon, Jun 20, 2022 at 1:14 AM Alexander Carôt <alexander_carot at gmx.net>
> Hello Chris and Thiago,
> yes, indeed centOS 7 has open-ssl 1.0.7 installed so I need to upgrade
> >>OpenSSL 3 isn't supported in 5.15.
> Thanks for this hint, too ! I also figured by playing with the various DTS
> available that the most recent version with gcc 11 does not work with
> Qt5.15 so I used DTS 10 instead.
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
> > Gesendet: Montag, 20. Juni 2022 um 00:06 Uhr
> > Von: "Thiago Macieira" <thiago.macieira at intel.com>
> > An: interest at qt-project.org
> > Betreff: Re: [Interest] Qt5.15 from source on centOS 7
> > On Sunday, 19 June 2022 14:29:33 PDT Chris Benesch wrote:
> > > Build OpenSSL 3 and add its install directory lib/pkgconfig to
> > > PKG_CONFIG_PATH and choose -openssl-linked as one of the config
> > > parameters. If you can get through configure, it should build.
> > OpenSSL 3 isn't supported in 5.15.
> > Use the very latest release from 1.1, but no older and no newer.
> > Then there's the question of whether you want to ship OpenSSL libraries
> > your product. If you do, then you must also keep an eye to OpenSSL
> > advisories and make proper and timely updates to your release. Be
> prepared to
> > make new builds and release to customers once per month. If you can't
> > this rate, then don't ship OpenSSL.
> > You don't have to do it: the default build doesn't link to OpenSSL, but
> > instead tries to find it at runtime and dlopens() it. That places the
> burden of
> > providing OpenSSL and keeping it up to date on your user, not you. If
> > choose to be vulnerable by choice or by ignorance, it's not your fault.
> > If you choose this route, make sure your application works properly when
> > OpenSSL 1.1 is missing. By "properly", I mean "doesn't crash left and
> > Please make sure that it is not silently falling back to unencrypted
> > connections where encrypted were required. If your application requires
> > encrypted connections to work at all, then display a dialog with a link
> > documentation on how to install OpenSSL.
> > PS: OpenSSL is the most visible and most important library when it comes
> > patching security vulnerabilities, but is not the only one. You should
> do the
> > same for ALL libraries you ship with your application, and that includes
> > the libraries that are bundled inside Qt's source. For example, the just-
> > released Qt 5.15.5-LTS includes a vulnerable version of zlib, so you
> > patch it.
> > Better yet, don't use bundled libraries.
> > --
> > Thiago Macieira - thiago.macieira (AT) intel.com
> > Cloud Software Architect - Intel DCAI Cloud Engineering
> > _______________________________________________
> > Interest mailing list
> > Interest at qt-project.org
> > https://lists.qt-project.org/listinfo/interest
> Interest mailing list
> Interest at qt-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Interest