[oi-dev] OpenSSL 1.0.0 replacing 0.9.8 in userland-gate = massive headache

Guido Berhoerster gber at openindiana.org
Sun Sep 4 08:51:58 UTC 2011

* Alasdair Lumsden <alasdairrr at gmail.com> [2011-09-03 22:56]:
> There are two realistic options, and one unrealistic idealistic option:
> 1. Don't bother upgrading to OpenSSL 0.9.8, worry about it another day
> 2. Do the upgrade, but also ship an openssl 0.9.8 compatibility
> package and make the new one depend on it - this lets old software
> continue to run whilst recompiles pick up the new OpenSSL. Slowly
> transition to OpenSSL 1.0.0.
> I've made such a package by pkgrecv'ing openssl 0.9.8, hacking out
> everything except the libraries and republishing it locally as
> library/security/openssl/compatibility/0.9.8 - works fine.
> 3. Do the upgrade. Rebuild everything against OpenSSL 1.0.0, and
> release rebuilt software with the openssl 1.0.0 upgrade, in one
> simultaneous release.
> Obviously 3 has ramifications beyond the base system, because any
> third party software that depends on OpenSSL 0.9.8 will break. This
> is why having a compatibility package is probably necessary
> regardless.

IMO we should go with the second option for now since it will
make the transition for consolidation builders easier and also
addresses the issue of third party packackes. Once the build
systems of all consolidations are integrated option 3 (+
compatibility package) should be unproblematic.
Guido Berhoerster

More information about the oi-dev mailing list