[arch-dev-public] openssl 3.0

Pierre Schmitz pierre at archlinux.de
Sat Jan 8 21:24:34 UTC 2022


a follow up:

* Retiring OpenSSL 1.0 will take place here:
https://archlinux.org/todo/openssl-10-retirement/ This wont affect the
1.1 -> 3.0 transition though.
* I have placed an openssl-1.1 package into [staging] that should make
it easier to migrate as it provides the 1.1 version of libcrypto.so
and libssl.so
* The idea was to have openssl-3.0 depend on that at first to make the
transition more seamless. I still need to solve the bootstrap issue
though.

As this is going to be a massive rebuild we should plan a time frame
when to do this and avoid any other rebuilds. ATM there are more than
700 packages in our staging repos.

- Pierre

On Mon, Dec 6, 2021 at 6:41 PM Pierre Schmitz <pierre at archlinux.de> wrote:
>
> just a small update: This is going to be a little more complicated and
> I suggest we tackle this at the beginning of next year. I got some
> very helpful feedback from our community (Thanks a lot loqs).
> * We might be able to drop version 1.0 (which is no longer maintained
> by upstream anyway). packages that only work with 1.0 should be
> dropped imho.
> * We are going to need to provide 1.1 for a couple of packages
> (hopefully not for long)
> * We are going to have to solve the bootstrap issue with pacman. I
> guess by either linking it statically, make it depend on the 1.1
> package at first
>
> Greetings,
>
> Pierre
>
> On Sat, Nov 6, 2021 at 10:32 AM Pierre Schmitz <pierre at archlinux.de> wrote:
> >
> > Hi Jelle, (also forwarding to dev-public)
> >
> > definitely yes, OpenSSL 3.0 is on my wish list! :-)
> >
> > I did not want to jump on it at day one though. Even the last minor
> > updates were quite painful and we still have packages requiring
> > version 1.0 and are still not compatible with 1.1.
> >
> > While they claim that most packages should work with a recompile, it
> > would be nice to actually know which packages are not compatible. This
> > should help whether we need another compatibility package are would be
> > able to just replace openssl 1.1 with version 3.
> >
> > I know about foutrelis' awesome rebuilder script, but I wonder if we
> > have something similar that I just could run for half a day to get an
> > idea which package would break and which wont? Like a dry run that
> > wont commit anything. If no such thing exists yet, I might have a look
> > myself.
> >
> > Greetings,
> >
> > Pierre
> >
> > On Wed, Nov 3, 2021 at 9:14 PM Jelle van der Waa <jelle at vdwaa.nl> wrote:
> > >
> > > Hi Pierre,
> > >
> > > Shall we start an openssl 3.0 rebuild soon? Fedora/Debian/Alpine seens
> > > to have already started.
> > >
> > > https://fedoraproject.org/wiki/Changes/OpenSSL3.0
> > >
> > > Greetings,
> > >
> > > Jelle
> >
> >
> >
> > --
> > Pierre Schmitz, https://pierre-schmitz.com
>
>
>
> --
> Pierre Schmitz, https://pierre-schmitz.com



-- 
Pierre Schmitz, https://pierre-schmitz.com


More information about the arch-dev-public mailing list