[oi-dev] phasing out openssl 1.0.2 (mostly)

Till Wegmueller toasterson at gmail.com
Sun Feb 25 16:22:16 UTC 2024 

Hey Goetz

On 24.02.2024 18:27, Goetz T. Fischer wrote:
> hey all,
> 
> as you know there're still some packages in the repo that use openssl 1.0.2. so
> far this had the unpleasant implication that all new packages had to be
> hardcoded to newer ssl versions one way or the other, because the buildsystem's
> ssl mediator had to remain at 1.0.
> obviously that wastes a lot of time and usually should be the other way around.
> i.e. only hardcoding the handful of packages which, for whatever reason, still
> need 1.0.2 and having the buildsystem's ssl mediator set to whatever is
> considered the default at the time. having a significantly smaller number of
> packages with a fixed ssl version also makes switching to a different ssl
> version at some point much nicer. the latter of course depending on how much
> has been modified of each package to achieve the fixed ssl dependency.
> 
> right now 91 packages are affected. see attachment for the list. not counting
> the ones which even need 0.9.8 :-O

Right now the list seems to fall into a couple categories of reasons why 
those dependencies exist in the repo.
1. Old Packages with newer versions available in the repo.
	In this case this will be solved if/when we do the next repo cleanup. 
(You could also clean them out of your list, we can ignore those)
2. Packages not being able to use the CFLAGS/LDFLAGS to define the 
openssl version. This can be fixed once we are certain all other 
packages build, once that is ensure we simply set the mediator to 
default to 3.x and run the prepared rebuild PR.
3. Packages that need updates to support openssl 3. This is the list we 
need to look into including the ones still needing 0.9.8.

Can you cleanup your list from packages in category 1? Then we can look 
at the rest. Can you also include the packages that require openssl 
0.9.8 and clean that from the ones in category 1?

Can you also check if the OPENSSL_DEFAULT mechanism suffices for the 
packages you wish to upgrade?


Greetings
-Till

More information about the oi-dev mailing list