Suggestion to tackle opensls 1.1.0

To: tech-pkg%NetBSD.org@localhost
Subject: Suggestion to tackle opensls 1.1.0
From: maya%netbsd.org@localhost
Date: Wed, 21 Feb 2018 01:58:02 +0000

Here is a suggestion (that kinda ignores yours, but...)

For a start, we need more time. these are drastic changes to a lot of
packages. Do one of the following:
- On netbsd 8.99.x, prefer all pkgsrc libraries, so we can go back to
1.0.2 by default. This is necessary because e.g. pam links against
openssl in base, so we cannot rely on it from base.
- Roll back netbsd's change to openssl 1.1.0.

Now, we will be left with some amount of packages worth fixing that
don't build or work with openssl 1.1.0. We should write them down, and
sort them by:
- Upstream has fix for this version
- Someone else (linux distro) has fix
- We have fix

The latter two will require more careful attention. We should prioritize
packages with testsuites to be solved in this manner, or ones we heavily
use. It will also be good to run the result with llvm's sanitizers,
valgrind or similar,-Werror, etc.

Do testing for both 1.0.2 and 1.1.0!

It would be nice to post individual patches for review, too.

Most of the changes are going to be:
openssl 1.1.0 made something opaque. we need a getter, but it doesn't
exist in 1.0.2. It might when they release a new version, so I am
suggesting that we centralize our efforts as follows:
Create a new library openssl-1.0.2-shim:
We need to namespace the things in this library to avoid conflict with
opensls 1.0.2 eventually getting these getters etc.
Within this we implement the missing getters and possibly other things.

Please prefer the openssl 1.1.0 implementation as-is, and don't attempt
to re-do the API differently.

So, tasks as a starting point:
- See what breaks from openssl 1.1.0 and write it down as a list.
(Can someone post a bulk build?)
- Default to 1.0.2 in one of two methods. Hastily changing dozens of
  packages is a recipe for trouble.


Making openssl 1.0.2 work alongside is possible, we just need to prefer
it on enough packages. but this is the same problem that joerg object
with pkgsrc GCC. We should avoid pulling in both versions for one binary.

Follow-Ups:
- Re: Suggestion to tackle opensls 1.1.0
  - From: maya
- Re: Suggestion to tackle opensls 1.1.0
  - From: John Nemeth

References:
- openssl-1.0-only packages?
  - From: Thomas Klausner

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: Suggestion to tackle opensls 1.1.0
Previous by Thread: Re: openssl-1.0-only packages?
Next by Thread: Re: Suggestion to tackle opensls 1.1.0
Indexes:

Home | Main Index | Thread Index | Old Index