[Pkg-openssl-devel] Bug#844160: marked as done (apache2-dev should depend on libssl1.0-dev)

Adrian Bunk bunk at stusta.de
Mon Nov 14 07:21:05 UTC 2016


On Mon, Nov 14, 2016 at 05:03:45AM +0100, Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
> 
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all it's build-depends (including PHP 7.0) and rdepends move to
> libssl1.0-dev as well.
> 
> So a nice deadlock, right? To be honest I would rather have a slightly
> less tested apache2 with OpenSSL 1.1.0 and iron out the bugs as we go
> than revert all the work I have done.
> 
> I reviewed the patch Kurt has provided and I don't see any strong reason
> why anything should break.
>...

Can you guarantee that rdeps of Apache can use 1.0.2 in stretch when 
Apache itself uses 1.1?

That is the most important question here.

This is what my "mod_ssl_openssl.h and the comment in #828330"
was referring to.

The dual 1.0.2/1.1 setup for stretch can only work when any set of 
packages in the archive that needs the same OpenSSL version stays
at 1.0.2 unless *all* packages in this set are compiling and working
fine with 1.1

And since the OpenSSL version used is part of the libcurl3 ABI
(see #844018 for details), using 1.1 in stretch is anyway not
really an option for Apache/PHP in stretch.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed




More information about the Pkg-openssl-devel mailing list