Thomas Klausner <tk%giga.or.at@localhost> writes: > Hi! > > NetBSD's openssl up to a few minutes ago had d1_meth.c missing and > thus no symbol DTLSv1_method. > > Usually, noone cares, but two packages really need it: asterisk and > py-cryptography. > > We could perhaps force these packages to use the pkgsrc version of the > library, but I fear that we might end up with two libssls in one > binary this way. > > Does anyone have a good idea? Note that py-cryptography is needed by py-OpenSSL, as of 2/24, even though py-cryptography is only a few hours old in pkgsrc. So this is a much bigger problem than it might seem. In addition, py-twisted depends on py-OpenSSL. So this breaks everything that uses twisted. My immediate reaction is that we have to go down one of two paths: Make pkgsrc openssl mandatory on systems that are missing this function (NetBSD 6 before the fix, maybe current before your fix, but I'm willing to let current slide). Make py-cryptography be able to cope with this missing and just not support the wrappers, or make functions that need them throw an exception, or just roll back to pyOpenSSL 0.13.1, which doesn't use py-cryptography. What I don't consider reasonable is to have this fail to build on NetBSD 6 systems that haven't updated to the openssl fix. Or to have binary packages built on systems with the fix fail on systems without the fix. So that means that if existing NetBSD 6 systems that we're unable to write off as crufty need to have pkgsrc openssl, then the default build on NetBSD 6 as will be used for bulk builds has to have it. openssl is only 10 MB (on OS X 10.9 x86_64), which is fairly small compared to python. Of course, if we flip NetSBD-6 to pkgsrc openssl, then anything that needs openssl will drag it in. Certainly letting someone do a pkgsrc build with builtin openssl is fine -- I'm really only talking about the default. So overall I lean to roll back py-OpenSSL to 0.13.1, a version that was before py-cryptography was required, for this branch soonish but without the pressure of a pkgsrc quarterly branch deadline, figure out how to deal with this wait until there's a plan to bring py-OpenSSL back to 0.14 but I'm also more or less ok with change the pkgsrc defaults for NetBSD-6 to use pkgsrc openssl although that will impose a lot of work on in-progress bulk builds.
Attachment:
pgptX8lU26iWc.pgp
Description: PGP signature