[Pkg-openssl-devel] Plan for openssl3?

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Thu Oct 14 20:17:16 BST 2021


On 2021-10-14 18:53:55 [+0100], Wookey wrote:
> On 2021-09-23 19:07:57 [+0100], Sebastian wrote:
> 
> [Sorry didn't see this till recently as I suspect it only went to the
> list]

Sorry, if screwed up the reply-all button.

> > My plan is to rebuild whole archive against the final release and
> > check what happens. I did a rebuild against beta1 around June but
> > didn't look at the results very closely. A few packages failed to
> > build like cargo, dovecot, haproxy, libcrypt-openssl-*, …  Some
> > packages may have failed because their dependecies were linked
> > against 1.1 and I tried to build them against 3.0. Unlike the
> > archive rebuild which has a order created by Ben based on
> > dependencies.
> 
> > If you know an easy way around it, I'm all yours.
> 
> Presumably you just built the packages linked against openssl, not 'everything'?
> 
> I would use the dose satisfiability-checker to work out a build
> order. Of course there probably isn't a linear build order because
> openssl is involved in some package bootstap loops. (It's some years
> since I last did this analysis but I guess this hasn't changed).

Right.

> > Otherwise I try to rebuild and maybe some new packages were uploaded
> > which are fixed now that unstable is open again.
> 
> Did you get anywhere with this?

https://people.debian.org/~bigeasy/openssl-rebuild-3/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995636

> It might be easiest to make a list of packages that build-dep on
> openssl, then rebuild them all in arbitrary order. Then worry about
> rescheduling any that fail? I don't know enough about the changes
> between 1.1 and 3 APIs/ABIs to know if this makes any sense, or if we
> will need to put more serious work into ordering to avoid breakage?
> 
> I have a load of other things I should be doing too, but using dose to
> make some lists and setting off some arm64 builds should be a think I
> could spent a day or two on soonish if you've not already set it off.

Thanks. I thing we are good for now and waiting for the release team.

> Wookey

Sebastian



More information about the Pkg-openssl-devel mailing list