tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: the path to openssl3



Tobias Nygren <tnn%NetBSD.org@localhost> writes:

> I don't like this approach but unfortunately it is necessary. Right now
> we have the problem that some abandonware doesn't build with openssl 3.
> But a couple of years down the road we will have the opposite problem:
> Maintained software will ONLY work with openssl 3, important packages
> will start to break on NetBSD <10 and it will be necessary to blanket
> require openssl from pkgsrc on that subset of platforms to maintain
> some sort of sanity.

Agreed on what's coming.

> I would prefer however if security/openssl can just go to 3 and we
> re-import security/openssl11 with alternate libdir/incdir patches.
> Similar to how RHEL9 added a compat-openssl11 package to deal with
> this problem. The VERSIONS_ACCEPTABLE/VERSIONS_INCOMPATIBLE stuff can
> IMHO wait and we just point abandonware packages directly at
> openssl11's bl3.mk.

If we do this, then I think both openssl(3) and openssl1 need
builtin.mk, and therefore packages that just use openssl(3) will use
native on netbsd10 and pkgsrc on earlier (and presumably similar for
other systems after/before they switch).

There will perhaps be issues if something needs both because of two
libs, but the only sane path is to fix the package that doesn't build
with 3.

It seems like a big enough change that it warrants someone preparing the
change and testing a bulk on netbsd10 and netbsd9, at least.


Home | Main Index | Thread Index | Old Index