a follow up: * Retiring OpenSSL 1.0 will take place here: https://archlinux.org/todo/openssl-10-retirement/ This wont affect the 1.1 -> 3.0 transition though. * I have placed an openssl-1.1 package into [staging] that should make it easier to migrate as it provides the 1.1 version of libcrypto.so and libssl.so * The idea was to have openssl-3.0 depend on that at first to make the transition more seamless. I still need to solve the bootstrap issue though. As this is going to be a massive rebuild we should plan a time frame when to do this and avoid any other rebuilds. ATM there are more than 700 packages in our staging repos. - Pierre On Mon, Dec 6, 2021 at 6:41 PM Pierre Schmitz <pierre@archlinux.de> wrote:
just a small update: This is going to be a little more complicated and I suggest we tackle this at the beginning of next year. I got some very helpful feedback from our community (Thanks a lot loqs). * We might be able to drop version 1.0 (which is no longer maintained by upstream anyway). packages that only work with 1.0 should be dropped imho. * We are going to need to provide 1.1 for a couple of packages (hopefully not for long) * We are going to have to solve the bootstrap issue with pacman. I guess by either linking it statically, make it depend on the 1.1 package at first
Greetings,
Pierre
On Sat, Nov 6, 2021 at 10:32 AM Pierre Schmitz <pierre@archlinux.de> wrote:
Hi Jelle, (also forwarding to dev-public)
definitely yes, OpenSSL 3.0 is on my wish list! :-)
I did not want to jump on it at day one though. Even the last minor updates were quite painful and we still have packages requiring version 1.0 and are still not compatible with 1.1.
While they claim that most packages should work with a recompile, it would be nice to actually know which packages are not compatible. This should help whether we need another compatibility package are would be able to just replace openssl 1.1 with version 3.
I know about foutrelis' awesome rebuilder script, but I wonder if we have something similar that I just could run for half a day to get an idea which package would break and which wont? Like a dry run that wont commit anything. If no such thing exists yet, I might have a look myself.
Greetings,
Pierre
On Wed, Nov 3, 2021 at 9:14 PM Jelle van der Waa <jelle@vdwaa.nl> wrote:
Hi Pierre,
Shall we start an openssl 3.0 rebuild soon? Fedora/Debian/Alpine seens to have already started.
https://fedoraproject.org/wiki/Changes/OpenSSL3.0
Greetings,
Jelle
-- Pierre Schmitz, https://pierre-schmitz.com
-- Pierre Schmitz, https://pierre-schmitz.com
-- Pierre Schmitz, https://pierre-schmitz.com