[Interest] Qt5.15 from source on centOS 7

Mon Jun 20 09:45:25 CEST 2022

GCC 11 is a beast. But on an overall level the stricter the compiler, the
more optimization it can do. We got 5.15 to build on Cent 7 with gcc 10 and
OpenSSL 3, and I dont remember any big issues with it, but we dont really
use any of the cryptographic functions.  I'll make a note of it and get our
CM guy involved so we dont ship unsupported configurations, and modify my
Jenkins build as well.

On Mon, Jun 20, 2022 at 1:14 AM Alexander Carôt <alexander_carot at gmx.net>
wrote:

> Hello Chris and Thiago,
>
> yes, indeed centOS 7 has open-ssl 1.0.7 installed so I need to upgrade
> obviously.
>
> >>OpenSSL 3 isn't supported in 5.15.
>
> Thanks for this hint, too ! I also figured by playing with the various DTS
> available that the most recent version with gcc 11 does not work with
> Qt5.15 so I used DTS 10 instead.
>
> Best
>
> Alex
>
> --
> http://www.carot.de
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
>
>
> > Gesendet: Montag, 20. Juni 2022 um 00:06 Uhr
> > Von: "Thiago Macieira" <thiago.macieira at intel.com>
> > An: interest at qt-project.org
> > Betreff: Re: [Interest] Qt5.15 from source on centOS 7
> >
> > On Sunday, 19 June 2022 14:29:33 PDT Chris Benesch wrote:
> > > Build OpenSSL 3 and add its install directory lib/pkgconfig to
> > > PKG_CONFIG_PATH and choose -openssl-linked as one of the config
> > > parameters.  If you can get through configure, it should build.
> >
> > OpenSSL 3 isn't supported in 5.15.
> >
> > Use the very latest release from 1.1, but no older and no newer.
> >
> > Then there's the question of whether you want to ship OpenSSL libraries
> with
> > your product.  If you do, then you must also keep an eye to OpenSSL
> security
> > advisories and make proper and timely updates to your release. Be
> prepared to
> > make new builds and release to customers once per month. If you can't
> sustain
> > this rate, then don't ship OpenSSL.
> >
> > You don't have to do it: the default build doesn't link to OpenSSL, but
> > instead tries to find it at runtime and dlopens() it. That places the
> burden of
> > providing OpenSSL and keeping it up to date on your user, not you. If
> they
> > choose to be vulnerable by choice or by ignorance, it's not your fault.
> >
> > If you choose this route, make sure your application works properly when
> > OpenSSL 1.1 is missing. By "properly", I mean "doesn't crash left and
> right".
> > Please make sure that it is not silently falling back to unencrypted
> > connections where encrypted were required. If your application requires
> > encrypted connections to work at all, then display a dialog with a link
> to
> > documentation on how to install OpenSSL.
> >
> > PS: OpenSSL is the most visible and most important library when it comes
> to
> > patching security vulnerabilities, but is not the only one. You should
> do the
> > same for ALL libraries you ship with your application, and that includes
> ALL
> > the libraries that are bundled inside Qt's source. For example, the just-
> > released Qt 5.15.5-LTS includes a vulnerable version of zlib, so you
> should
> > patch it.
> >
> > Better yet, don't use bundled libraries.
> >
> > --
> > Thiago Macieira - thiago.macieira (AT) intel.com
> >   Cloud Software Architect - Intel DCAI Cloud Engineering
> >
> >
> >
> > _______________________________________________
> > Interest mailing list
> > Interest at qt-project.org
> > https://lists.qt-project.org/listinfo/interest
> >
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>

-- 
Chris Benesch
BeneschTech, LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20220620/c84e15f1/attachment.htm>