[OE-core] openssl10 unusable for many components
Martin Jansa
martin.jansa at gmail.com
Fri Aug 18 17:29:18 UTC 2017
Even with that patch to rename openssl10 back to openssl we still need to
solve the openssl-native which wasn't reverted back to 1.0.
Upstream nodejs isn't going to be openssl-1.1 for a bit longer as explained:
https://github.com/nodejs/node/pull/14761
https://github.com/nodejs/node/pull/11828
so it would make sense to revert native and nativesdk versions as well - if
it isn't done in oe-core, I'll do it in our own layers to keep the builds
going.
On Fri, Aug 18, 2017 at 4:41 PM, Khem Raj <raj.khem at gmail.com> wrote:
> On Fri, Aug 18, 2017 at 3:53 AM, Alexander Kanavin
> <alexander.kanavin at linux.intel.com> wrote:
> > On 08/18/2017 08:56 AM, Khem Raj wrote:
> >
> >> I was trying nodejs and it seems its also broken by this openssl
> >> upgrade. Meta-oe alone has amost 50 recipes that are broken. there are
> >> hundreds of other layers.
> >> Many large packages in external layers are now broken, and the fact
> >> that openssl10
> >> is almost useless since some package will pull in openssl11 and cause
> >> conflicts. This
> >> is not a a good solution at least it seems to early for release. It
> >> might take a bit for packages to get working with openssl11, We should
> >> have carefully thought and considered postponing using it as default
> >> until next release ( april 2018). Its fine to keep it in if needed but
> >> keep openssl 1.0 as default preferred version, I don't think whole
> >> ecosystem is ready for it and we don't have man power to fix
> >> everything. This alone has a potential to make
> >> October release quite weak as far as external layers are concerned
> >
> >
> > FWIW, nodejs from meta-oe does build just fine with openssl10 dependency.
>
> no it doesnt try building nodejs-native.
>
> So
> > it's not exactly useless. And no one has established how many of the
> other
> > 50 packages can be fixed by either doing that, or updating them to latest
> > upstream releases.
>
> Thats not going to solve everything. Neither does pointing to fedora
> patches.
>
> >
> > I'll send a patch that renames openssl10 recipe back to openssl and sets
> > that as a preferred version, so anyone can experiment with 1.1 without
> > widespread breakage.
> >
> > But at the start of next development cycle this will be reverted back; no
> > more complaining then please, we have to do this at some point, and just
> > after a new cycle has started is as good time as it gets.
>
> Just putting random deadlines is not going to solve this, there has to
> be some look
> at upstream packages and other distros switching to openssl11 and
> dropping openssl10
> completely. People have fielded products to support and they need some
> assurance of
> forward path, their ecosystem might involve a lot larger package set
> then just oe-core.
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170818/2513ee22/attachment-0002.html>
More information about the Openembedded-core
mailing list