[OE-core] [RFC PATCH 1/6] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version
Andre McCurdy
armccurdy at gmail.com
Wed Sep 5 04:08:19 UTC 2018
On Tue, Sep 4, 2018 at 6:49 PM, Khem Raj <raj.khem at gmail.com> wrote:
> On Tue, Sep 4, 2018 at 3:58 PM <richard.purdie at linuxfoundation.org> wrote:
>>
>> On Tue, 2018-09-04 at 13:43 -0700, Khem Raj wrote:
>> > I pointed this earlier before merge as well
>> > meta-openembedded has 40 odd recipes failing due to openssl 1.1
>> > upgrade
>>
>> Sorry, I think I missed something somewhere as I thought the
>> indications were the bigger problems like qt5 were working now :/.
>>
>> > http://errors.yoctoproject.org/Errors/Build/67457/?page=2&limit=50
>> >
>> > so obvious fix was to keep them pinned to openssl10 and i created
>> > couple of fixes
>> > to start
>> >
>> > https://patchwork.openembedded.org/patch/154517/
>> > https://patchwork.openembedded.org/patch/154516/
>> >
>> > and the effects are showing up where sysroot task now starts to fail
>> > for dependent
>> > recipes here
>> >
>> > http://errors.yoctoproject.org/Errors/Details/190427/
>> > http://errors.yoctoproject.org/Errors/Details/190433/
>> >
>> > in meta-oe certain recipes can be upgraded and we can get openssl 1.1
>> > support
>> > but others like the two examples I cited above do not have openSSL
>> > 1.1 port.
>> > so I think we can not live without openSSL 1.0 and OpenSSL 2.0 being
>> > able to
>> > co-exist.
>>
>> The latter link is php 7.2 which should have openssl 1.1 support
>> (https://bugs.php.net/bug.php?id=72360).
>>
>> For the former, libgdata doesn't have an openssl depends so I guessed
>> at liboauth pulling it in which does have an openssl 1.1 patch at:
>> https://github.com/x42/liboauth/issues/9
>>
>
> Thanks for pointers and they do help. However IMO the problem that
> Martin decribed
> is going to be a real blocker. Unless we can provide a solution to let
> both openssl versions
> coexist, this change is going to be problematic since we maintain
> several old recipes which
> would have to be fixed for openssl 1.1 and this can take time, right
> now we are only seeing
> meta-openembedded layers, we don't even know all other layers which
> might get into similar
> issues.
To be clear, the issue is ( foo depends on openssl 1.1 and bar ) and (
bar depends on openssl 1.0 ), right?
Anyway, just for reference, it looks like Debian is packaging both
openssl 1.0 and 1.1:
https://packages.debian.org/source/sid/openssl1.0
https://packages.debian.org/source/sid/openssl
In the case of liboauth, they avoid to need to patch by configuring
liboauth to build with nss instead of openssl.
More information about the Openembedded-core
mailing list