OpenSSL 4.0 is in experimental. This package fails to build against it: | cc -o sign-efi-sig-list sign-efi-sig-list.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/efitools-1.9.2=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto | /usr/bin/x86_64-linux-gnu-ld.bfd: lib/lib.a(openssl_sign.o): in function `read_engine_private_key': | /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:118:(.text+0x13a): undefined reference to `ENGINE_load_builtin_engines' | /usr/bin/x86_64-linux-gnu-ld.bfd: /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:119:(.text+0x142): undefined reference to `ENGINE_by_id' | /usr/bin/x86_64-linux-gnu-ld.bfd: /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:135:(.text+0x17d): undefined reference to `ENGINE_init' | /usr/bin/x86_64-linux-gnu-ld.bfd: /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:141:(.text+0x195): undefined reference to `ENGINE_load_private_key' | /usr/bin/x86_64-linux-gnu-ld.bfd: /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:142:(.text+0x1a0): undefined reference to `ENGINE_finish' | /usr/bin/x86_64-linux-gnu-ld.bfd: /build/reproducible-path/efitools-1.9.2/lib/openssl_sign.c:145:(.text+0x1a8): undefined reference to `ENGINE_free' | collect2: error: ld returned 1 exit status Full buildlog https://breakpoint.cc/openssl-rebuild/logs-4/attempted/efitools_1.9.2-5_amd64-2026-04-19T09:27:45Z Sebastian
Please find attached a patch that fixes this issue.
Hi! It fixes the *direct* issue by simply causing signing using an engine to fail. Rather than that, it would be more helpful to update the software to use the new "provider" APIs instead. Could you look into that please?
The patch replaces the ENGINE API with the new provider APIs.