rpm: add almalinux:10

[kenhys]

NOTE: RHEL10 reached general availability (GA)

[kenhys]

known issue: rdkafka can't built yet.

                                                                                           
gcc -MD -MP -g -O2 -fPIC -Wall -Wsign-compare -Wfloat-equal -Wpointer-arith -Wcast-align -O2 -flto=auto -ffat-lto-objects -fexceptions -g -g
record-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/
rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64-v3 -mtune=generic 
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointe
r  -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTI
FY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/red
hat-annobin-cc1  -m64 -march=x86-64-v3 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gn
u2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer  -DWITH_GZFILEOP    -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-sw
itches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/re
dhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64-v3 -mtune=generic -fasynchronou
s-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer  -DWITH_GZF
ILEOP    -c rdkafka_admin.c -o rdkafka_admin.o                                                                                              
rdkafka_admin.c: In function ‘rd_kafka_UserScramCredentialUpsertion_new’:
rdkafka_admin.c:5909:21: error: implicit declaration of function ‘RAND_priv_bytes’ [-Wimplicit-function-declaration]                        
 5909 |                 if (RAND_priv_bytes(random_salt, sizeof(random_salt)) == 1) {
      |                     ^~~~~~~~~~~~~~~                                                                                                 
make[1]: *** [../mklove/Makefile.base:97: rdkafka_admin.o] Error 1
make[1]: Leaving directory '/root/rpmbuild/BUILDROOT/fluent-package-5.2.0-1.el10.x86_64/opt/fluent/lib/ruby/gems/3.2.0/gems/rdkafka-0.16.1/e
xt/tmp/x86_64-redhat-linux/ports/librdkafka/2.3.0/librdkafka-2.3.0/src'        

[kenhys]

This could be problematic with 0.20.0.

  rdkafka_admin.c: In function ‘rd_kafka_UserScramCredentialUpsertion_new’:
  rdkafka_admin.c:5986:21: error: implicit declaration of function ‘RAND_priv_bytes’ [-Wimplicit-function-declaration]
   5986 |                 if (RAND_priv_bytes(random_salt, sizeof(random_salt)) == 1) {
        |                     ^~~~~~~~~~~~~~~
  make[1]: *** [../mklove/Makefile.base:97: rdkafka_admin.o] Error 1
  make[1]: Leaving directory '/root/rpmbuild/BUILDROOT/fluent-package-5.2.0-1.el10.x86_64/opt/fluent/lib/ruby/gems/3.2.0/gems/rdkafka-0.20.0/ext/tmp/x86_64-redhat-linux/ports/librdkafka/2.6.1/librdkafka-2.6.1/src'
  make: *** [Makefile:27: libs] Error 2
  ----- end of file -----
  rake aborted!

[kenhys]

NOTE:

almalinux:9

• openssl-devel 1:3.2.2-6.el9_5.1
• gcc: 11.5.0-5.el9_5.alma.1

almalinux:10

• openssl-devel: 1:3.2.2-16.el10.alma.1
• gcc: 14.2.1-7.el10.alma.1

[kenhys]

https://gcc.gnu.org/gcc-14/porting_to.html#implicit-function-declaration

gcc -MD -MP -g -O2 -fPIC -Wall -Wsign-compare -Wfloat-equal -Wpointer-arith -Wcast-align -I. -DWITH_GZFILEOP      -c rdkafka_admin.c -o rdkafka_admin.o
rdkafka_admin.c: In function 'rd_kafka_UserScramCredentialUpsertion_new':
rdkafka_admin.c:5986:21: error: implicit declaration of function 'RAND_priv_bytes' [-Wimplicit-function-declaration]
 5986 |                 if (RAND_priv_bytes(random_salt, sizeof(random_salt)) == 1) {
      |                     ^~~~~~~~~~~~~~~

[kenhys]

It was caused by:

Include openssl/rand.h to fix build error
confluentinc/librdkafka#4379

[kenhys]

Even though PR4379 was applied, extra error was reported:

gcc -MD -MP -g -O2 -fPIC -Wall -Wsign-compare -Wfloat-equal -Wpointer-arith -Wcast-align -I. -DWITH_GZFILEOP      -c rdkafka_ssl.c -o rdkafka_ssl.o
rdkafka_ssl.c: In function 'rd_kafka_ssl_set_certs':
rdkafka_ssl.c:1385:24: error: implicit declaration of function 'ENGINE_load_ssl_client_cert' [-Wimplicit-function-declaration]
 1385 |                 r    = ENGINE_load_ssl_client_cert(
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from rdkafka_int.h:47,
                 from rdkafka_ssl.c:36:
rdkafka_ssl.c: In function 'rd_kafka_ssl_ctx_term':
rdkafka_ssl.c:1455:44: error: implicit declaration of function 'ENGINE_free' [-Wimplicit-function-declaration]
 1455 |         RD_IF_FREE(rk->rk_conf.ssl.engine, ENGINE_free);
      |                                            ^~~~~~~~~~~
rd.h:424:25: note: in definition of macro 'RD_IF_FREE'
  424 |                         FUNC(PTR);                                             \
      |                         ^~~~
rdkafka_ssl.c: In function 'rd_kafka_ssl_ctx_init_engine':
rdkafka_ssl.c:1475:18: error: implicit declaration of function 'ENGINE_by_id' [-Wimplicit-function-declaration]
 1475 |         engine = ENGINE_by_id(rk->rk_conf.ssl.engine_id);
      |                  ^~~~~~~~~~~~
rdkafka_ssl.c:1475:16: error: assignment to 'ENGINE *' {aka 'struct engine_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
 1475 |         engine = ENGINE_by_id(rk->rk_conf.ssl.engine_id);
      |                ^
rdkafka_ssl.c:1477:24: error: assignment to 'ENGINE *' {aka 'struct engine_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
 1477 |                 engine = ENGINE_by_id("dynamic");
      |                        ^
rdkafka_ssl.c:1486:14: error: implicit declaration of function 'ENGINE_ctrl_cmd_string' [-Wimplicit-function-declaration]
 1486 |         if (!ENGINE_ctrl_cmd_string(engine, "SO_PATH",
      |              ^~~~~~~~~~~~~~~~~~~~~~
rdkafka_ssl.c:1511:14: error: implicit declaration of function 'ENGINE_init' [-Wimplicit-function-declaration]
 1511 |         if (!ENGINE_init(engine)) {
      |              ^~~~~~~~~~~
make[1]: *** [../mklove/Makefile.base:97: rdkafka_ssl.o] Error 1
make[1]: Leaving directory '/build/rdkafka-ruby.work/ext/tmp/x86_64-redhat-linux/ports/librdkafka/2.6.1/librdkafka-2.6.1/src'
make: *** [Makefile:27: libs] Error 2
----- end of file -----
rake aborted!
Failed to complete compile task

[kenhys]

It was enable with WITH_SSL_ENGINE, checked it.
See src/rdkafka_conf.h:

#if WITH_SSL && OPENSSL_VERSION_NUMBER >= 0x10100000 &&                        \
    !defined(OPENSSL_IS_BORINGSSL)
#define WITH_SSL_ENGINE 1
/* Deprecated in OpenSSL 3 */
#include <openssl/engine.h>
#endif /* WITH_SSL && OPENSSL_VERSION_NUMBER >= 0x10100000 */

But, engine.h is empty. Oh...

alma10$ ls -la /usr/include/openssl/engine.h 
-rw-r--r-- 1 root root 0 Feb 18 00:00 /usr/include/openssl/engine.h

[kenhys]

It is strange that upstream releases non empty engine.h. 🤔

-rw-rw-r-- 1 kenhys kenhys   675 11月 23  2023 ./openssl-3.2.0/include/crypto/engine.h
-rw-rw-r-- 1 kenhys kenhys 38823 11月 23  2023 ./openssl-3.2.0/include/openssl/engine.h
-rw-rw-r-- 1 kenhys kenhys   675  1月 30  2024 ./openssl-3.2.1/include/crypto/engine.h
-rw-rw-r-- 1 kenhys kenhys 38823  1月 30  2024 ./openssl-3.2.1/include/openssl/engine.h
-rw-rw-r-- 1 kenhys kenhys   675  6月  4  2024 ./openssl-3.2.2/include/crypto/engine.h
-rw-rw-r-- 1 kenhys kenhys 38823  6月  4  2024 ./openssl-3.2.2/include/openssl/engine.h
-rw-rw-r-- 1 kenhys kenhys   675  6月  3 12:18 ./openssl/include/crypto/engine.h
-rw-rw-r-- 1 kenhys kenhys 38823  6月  3 12:18 ./openssl/include/openssl/engine.h

[kenhys]

checking https://git.almalinux.org/rpms/openssl/releases/tag/changed/a10/openssl-3.2.2-16.el10_0.alma.1

It seems that engine.h was explicitly removed.

https://git.almalinux.org/rpms/openssl/src/tag/changed/a10/openssl-3.2.2-16.el10_0.alma.1/openssl.spec#L492

[kenhys]

For almalinux9, openssl/engine.h was not removed yet.
https://git.almalinux.org/rpms/openssl/src/tag/imports/c9/openssl-3.2.2-6.el9_5.1/SPECS/openssl.spec

[kenhys]

NOTE: for librdkafka 2.6.1 (rdkafka-ruby 0.20.0),

• Need to fix implicit function error:
  • Solution: Apply patch Include openssl/rand.h to fix build error confluentinc/librdkafka#4379
• Need to disable WITH_SSL_ENGINE
  • Patch src/rdkafka_conf.h to disable it on AlmaLinux 10.

[kenhys]

I overlooked https://github.com/confluentinc/librdkafka/releases/tag/v2.8.0

Support versions of OpenSSL without the ENGINE component

It will be installed for almalinux:8 (previously, I thought that it must be rdkafka 0.20.0 (librdkafka 2.6.1) because of OpenSSL 1.x on almalinux:8, but it seems okay)

[kenhys]

Side effect of upgrading to rdkafka 0.21.0 is ftbfs on AmazonLinux 2 (OpenSSL 1.0.2k), but it will be dropped as supported platform later.

[kenhys]

NOTE: AL2 will be dropped in another PR.

[kenhys]

NOTE: AL2 will be dropped in another PR.

Should be dropped by #850

[Watson1978]

👍🏻