[Pkg-openssl-devel] Bug#828236: Bug#844160: marked as done (apache2-dev should depend on libssl1.0-dev)
Ondřej Surý
ondrej at sury.org
Mon Nov 14 07:44:35 UTC 2016
On Mon, Nov 14, 2016, at 08:21, Adrian Bunk wrote:
> On Mon, Nov 14, 2016 at 05:03:45AM +0100, Ondřej Surý wrote:
> > > Looking at mod_ssl_openssl.h and the comment in #828330,
> > > I'd suggest the change below to add a dependency on libssl1.0-dev
> > > to apache2-dev.
> >
> > And that exactly happens meaning that PHP 7.0 can no longer be built
> > unless all it's build-depends (including PHP 7.0) and rdepends move to
> > libssl1.0-dev as well.
> >
> > So a nice deadlock, right? To be honest I would rather have a slightly
> > less tested apache2 with OpenSSL 1.1.0 and iron out the bugs as we go
> > than revert all the work I have done.
> >
> > I reviewed the patch Kurt has provided and I don't see any strong reason
> > why anything should break.
> >...
>
> Can you guarantee that rdeps of Apache can use 1.0.2 in stretch when
> Apache itself uses 1.1?
Why?
> That is the most important question here.
No, I think the question is:
Can we migrate (or drop) all rdeps to 1.0.2?
> This is what my "mod_ssl_openssl.h and the comment in #828330"
> was referring to.
>
> The dual 1.0.2/1.1 setup for stretch can only work when any set of
> packages in the archive that needs the same OpenSSL version stays
> at 1.0.2 unless *all* packages in this set are compiling and working
> fine with 1.1
The *set* you are talking probably cover whole archive, since the
Build-Depends of PHP are quite vast and here are the Build-Depends
of Build-Depends:
(This is from stretch, not from unstable)
apache2-dev libssl-dev (>= 0.9.8m)
libc-client2007e-dev libssl-dev
libcurl4-openssl-dev libssl-dev
libevent-dev libssl-dev
libkrb5-dev libssl-dev
libpq-dev libssl-dev
libsasl2-dev libssl-dev
libsnmp-dev libssl-dev (>> 0.9.8)
Greping just Depends: on -dev packages is slightly more optimistic:
apache2-dev libssl-dev (<< 1.1)
libc-client2007e-dev libssl-dev
libpq-dev libssl-dev
libsnmp-dev libssl-dev
But ultimately I am afraid that libssl dependencies are so entagled
that it will cover all archive.
> And since the OpenSSL version used is part of the libcurl3 ABI
> (see #844018 for details), using 1.1 in stretch is anyway not
> really an option for Apache/PHP in stretch.
What you are really saying is that using OpenSSL 1.1 is generally
not an option for stretch.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
More information about the Pkg-openssl-devel
mailing list