[oi-dev] OpenSSL 1.0.0 replacing 0.9.8 in userland-gate = massive headache

ken mays maybird1776 at yahoo.com
Sun Sep 4 14:55:49 UTC 2011

On Sat, 9/3/11, Alasdair Lumsden <alasdairrr at gmail.com> wrote:

From: Alasdair Lumsden <alasdairrr at gmail.com>
Subject: [oi-dev] OpenSSL 1.0.0 replacing 0.9.8 in userland-gate = massive headache
To: "OpenIndiana Developer mailing list" <oi-dev at openindiana.org>
Date: Saturday, September 3, 2011, 4:56 PM

Hi All,

In Oracle's official userland-gate, they have replaced OpenSSL 0.9.8 with 1.0.0. This has massive ramifications, because everything linked against OpenSSL 0.9.8 breaks as soon as library/security/openssl gets upgraded, including pkg, which is all kinds of fun.

3. Do the upgrade. Rebuild everything against OpenSSL 1.0.0, and release rebuilt software with the openssl 1.0.0 upgrade, in one simultaneous release.

Obviously 3 has ramifications beyond the base system, because any third party software that depends on OpenSSL 0.9.8 will break. This is why having a compatibility package is probably necessary regardless.



Option #3 w/Option #2 is the preferred method when you can rebuild the core OS distro and value-add packages/consolidations. Providing the OpenSSL 0.9.8 libs only package (within the core OS distro!!) resolves the breakage issue. 

As meant, new core OS compilation builds and all consolidations will link against the OpenSSL 1.0.0 library only. Legacy pre-built binary software (from third-party ISVs and package builders) will still see and use the OpenSSL 0.9.8 library within basic core OS installs.

Therefore, this minimizes breakage issues and provides full backward compatibility.

Ken Mays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20110904/8b2123ac/attachment-0005.html>

More information about the oi-dev mailing list