[Gluster-devel] Change in glusterfs[master]: Transparent data encryption and metadata authentication in t...

[Edward Shishkin]

On Tue, 15 Oct 2013 07:40:14 -0400
Kaleb KEITHLEY <kkeithle at redhat.com> wrote:

> 1.0.1e is in Fedora 18+, but Fedora policy is to not offer packages
> in EPEL that are also (already) in RHEL.
> 
> We could build the 1.0.1e src.rpm from Fedora on build.gluster.org. I 
> have some small amount of confidence that it would be compatible with 
> the 1.0.0 that's on there.
> 
> Thinking about the future though, it would certainly be a problem to 
> require 1.0.1 for Gluster on CentOS and RHEL.


Yup, e.g. there is no chances it will be in RHEL < = 6.4


> We would probably need
> to disable encryption on platforms that don't have the required
> version of openssl. We should probably survey Ubuntu and Debian to
> see which of those have the right version. We're okay for RHEL 7.
> 
> Are we really using a feature that's only available in 1.0.1? I
> presume the answer is yes; I'm just doing due diligence by asking.


Yes, we use 3 such features: XTS, CMAC, GCM algorithms/modes..


> 
> On 10/14/2013 05:27 PM, Anand Avati wrote:
> > Edward,
> > It looks like this patch requires a higher version of openssl (I
> > recall you have mentioned before that that dependency was on
> > version 1.0.1c? I checked yum update on the build server and the
> > latest available version is 1.0.0-27. Is there a "clean" way to get
> > the right version of openssl to a RHEL/CENTOS-6.x server?
> >
> > Also note that the previous submission of the patch was at
> > http://review.gluster.org/4667. The recent on
> > (http://review.gluster.org/6086) has a different Change-Id: in the
> > commit log. It will be good if you can re-submit the patch with the
> > old Change-Id (and abandon #6086) so that we can maintain the
> > history of resubmission and the old work on records.
> >
> > Thanks!
> > Avati

[...]