[OE-core] [RFC PATCH 1/6] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version

Wed Sep 5 04:54:30 UTC 2018

On Tue, Sep 4, 2018 at 9:08 PM Andre McCurdy <armccurdy at gmail.com> wrote:
>
> On Tue, Sep 4, 2018 at 6:49 PM, Khem Raj <raj.khem at gmail.com> wrote:
> > On Tue, Sep 4, 2018 at 3:58 PM <richard.purdie at linuxfoundation.org> wrote:
> >>
> >> On Tue, 2018-09-04 at 13:43 -0700, Khem Raj wrote:
> >> > I pointed this earlier before merge as well
> >> > meta-openembedded has 40 odd recipes failing due to openssl 1.1
> >> > upgrade
> >>
> >> Sorry, I think I missed something somewhere as I thought the
> >> indications were the bigger problems like qt5 were working now :/.
> >>
> >> > http://errors.yoctoproject.org/Errors/Build/67457/?page=2&limit=50
> >> >
> >> > so obvious fix was to keep them pinned to openssl10 and i created
> >> > couple of fixes
> >> > to start
> >> >
> >> > https://patchwork.openembedded.org/patch/154517/
> >> > https://patchwork.openembedded.org/patch/154516/
> >> >
> >> > and the effects are showing up where sysroot task now starts to fail
> >> > for dependent
> >> > recipes here
> >> >
> >> > http://errors.yoctoproject.org/Errors/Details/190427/
> >> > http://errors.yoctoproject.org/Errors/Details/190433/
> >> >
> >> > in meta-oe certain recipes can be upgraded and we can get openssl 1.1
> >> > support
> >> > but others like the two examples I cited above do not have openSSL
> >> > 1.1 port.
> >> > so I think we can not live without openSSL 1.0 and OpenSSL 2.0 being
> >> > able to
> >> > co-exist.
> >>
> >> The latter link is php 7.2 which should have openssl 1.1 support
> >> (https://bugs.php.net/bug.php?id=72360).
> >>
> >> For the former, libgdata doesn't have an openssl depends so I guessed
> >> at liboauth pulling it in which does have an openssl 1.1 patch at:
> >> https://github.com/x42/liboauth/issues/9
> >>
> >
> > Thanks for pointers and they do help. However IMO the problem that
> > Martin decribed
> > is going to be a real blocker. Unless we can provide a solution to let
> > both openssl versions
> > coexist, this change is going to be problematic since we maintain
> > several old recipes which
> > would have to be fixed for openssl 1.1 and this can take time, right
> > now we are only seeing
> > meta-openembedded layers, we don't even know all other layers which
> > might get into similar
> > issues.
>
> To be clear, the issue is ( foo depends on openssl 1.1 and bar ) and (
> bar depends on openssl 1.0 ), right?

yes.

>
> Anyway, just for reference, it looks like Debian is packaging both
> openssl 1.0 and 1.1:
>
>   https://packages.debian.org/source/sid/openssl1.0
>   https://packages.debian.org/source/sid/openssl
>
> In the case of liboauth, they avoid to need to patch by configuring
> liboauth to build with nss instead of openssl.

this is already taken care see
http://git.openembedded.org/meta-openembedded-contrib/commit/?h=kraj/master&id=b1f87edc4202d6238c469dde358819c534b35751

but thats just one case.