Author

Topic: My Pet Project - LibreSSL for Enterprise Linux (Read 591 times)

legendary
Activity: 1240
Merit: 1001
Thank God I'm an atheist
Good job! Thanks for sharing
newbie
Activity: 1
Merit: 0
Thanks for this post. I was looking for information about   LibreSSL for Enterprise Linux.
full member
Activity: 182
Merit: 107
Hi all, I hope it isn't considered bad manners to share one of my pet projects - a LibreSSL based LAMP stack for Enterprise Linux. Specifically for RHEL / CentOS 7 though I personally have not tried it on RHEL 7, can't afford the license.

I started using Linux I think in 1998 - whenever it was that MKLinux DR3 was released, a port of Red Hat 5.1 to the Mach Mikrokernel running on a PowerPC processor. That was my first distribution and I have been a Red Hat guy ever since.

My second distribution was Debian on m68k hardware, an SE/30 to be specific - I believe it was Debian Slink but I'm not positive.

Anyway I know all the cool kids run Ubuntu but Ubuntu and I ran it for awhile - but it really turned me off when I installed 12.04 I think it was, and wanted to use the Gimp, so I entered Gimp into the search thing and was given results from Amazon.com - that p*ssed me off and that was the very last time I used Ubuntu. They broke my trust with that and they can not ever get it back.

I don't run Fedora because it goes End Of Life too quickly, once a release is finally stable with the kinks worked out - it is end of life and have to install new version with new kinks. CentOS doesn't have that problem.

But the downside of CentOS is that some of its packages are too old, like PHP, that I need to keep modern. I always like to keep somewhat modern with PHP so I have always maintain my own PHP packages for CentOS ever since CentOS 5 was released. I haven't yet moved to PHP 7, I may skip that one and wait for next major release after it.

Anyway I started to get really envious of the OpenBSD people with LibreSSL - the things they didn't like about OpenSSL were things I didn't like about OpenSSL but they actually did something about it.

So I started packaging LibreSSL for CentOS 7 and soon had a nice LAMP stack plus postfix / dovecot / bitcoin built against it. LibreSSL was a godsend for me and bitcoin, because on CentOS 7 the stock OpenSSL doesn't have what bitcoin needs, so the only option before LibreSSL was to have two versions of OpenSSL installed. Not horrible, but it meant one had to be installed in /opt or /usr/local and it just wasn't ideal.

But with LibreSSL I can have it installed in parallel with the vendor OpenSSL in /usr and everything is peachy and it works fine for Bitcoin.

My LibreSSL LAMP stack now not only has a modern PHP but also a modern Apache with HTTP/2 - I never really embraced nginx, I know it's also what all the cool kids run these days but bitcoin makes me cool enough Cheesy

Anyway it's a project primarily to benefit me, but I share it with others who run CentOS / RHEL and want a nice modern LAMP stack.

https://librelamp.com/

No advertisements, nothing for sale, no cookies, just data. For those who have interest in such things.

I have a src.rpm for bitcoin-armory as well but it is broken, it builds and seems to work but has trouble connecting via RPC to the bitcoin daemon. I haven't tracked it down yet.

My bitcoin src.rpm is actually a modified version of https://www.ringingliberty.com/bitcoin/ provides. I think I may need to write a spec file from scratch, his actually has SELinux errors etc. on install - at least on CentOS.

I'm thinking when 0.12.0 is released I'll just start from scratch and see if I can get something that works and then try to get bitcoin-armory connecting to it.

I don't use bitcoin-armory but I want to make it available for those who do want to run it on CentOS 7.

Yes, I'm an oddball, running an Enterprise server OS as my desktop - but it actually works quite well, once you replace gnome3 with MATE and install a modern GStreamer (I maintain a bunch of multimedia RPMs for that too, but different repository)

Being normal though is for the mainstream, I don't want to be mainstream.

I'm kind of hoping at some point LibreSSL will replace OpenSSL in Fedora and then make it into RHEL but since LibreSSL has no interest in FIPS support I kind of doubt it.

That's my pet project.
Jump to: