[arch-dev-public] openssl 3.0

[Pierre Schmitz]

Hi all,

I have prepared a openssl-3.0 and 1.1 packages with the bootstrapped
dependencies. In addition to this there is a hopefully complete todo
list: https://archlinux.org/todo/openssl-30/ containing about 500
packages.

Next steps:
1) Let's agree on a time window where no other rebuild can take place
within our staging repos. How about at least the first two weeks in
February?
2) I guess we have to at least build the core and toolchain packages
manually. (*) Hopefully we may automate everything else.

If you like to take a look:

[openssl]
Server = https://repo.pierre-schmitz.com/$repo/os/$arch

Important: Only use this to check building packages within a chroot.
Installing this on a system will break it.

*) libarchive already fails \o/; but hopefully this unit test can be
ignored: https://github.com/libarchive/libarchive/issues/1596

On Sat, Jan 8, 2022 at 10:24 PM Pierre Schmitz <pierre at archlinux.de> wrote:
>
> a follow up:
>
> * Retiring OpenSSL 1.0 will take place here:
> https://archlinux.org/todo/openssl-10-retirement/ This wont affect the
> 1.1 -> 3.0 transition though.
> * I have placed an openssl-1.1 package into [staging] that should make
> it easier to migrate as it provides the 1.1 version of libcrypto.so
> and libssl.so
> * The idea was to have openssl-3.0 depend on that at first to make the
> transition more seamless. I still need to solve the bootstrap issue
> though.
>
> As this is going to be a massive rebuild we should plan a time frame
> when to do this and avoid any other rebuilds. ATM there are more than
> 700 packages in our staging repos.
>
> - Pierre
>
> On Mon, Dec 6, 2021 at 6:41 PM Pierre Schmitz <pierre at archlinux.de> wrote:
> >
> > just a small update: This is going to be a little more complicated and
> > I suggest we tackle this at the beginning of next year. I got some
> > very helpful feedback from our community (Thanks a lot loqs).
> > * We might be able to drop version 1.0 (which is no longer maintained
> > by upstream anyway). packages that only work with 1.0 should be
> > dropped imho.
> > * We are going to need to provide 1.1 for a couple of packages
> > (hopefully not for long)
> > * We are going to have to solve the bootstrap issue with pacman. I
> > guess by either linking it statically, make it depend on the 1.1
> > package at first
> >
> > Greetings,
> >
> > Pierre
> >
> > On Sat, Nov 6, 2021 at 10:32 AM Pierre Schmitz <pierre at archlinux.de> wrote:
> > >
> > > Hi Jelle, (also forwarding to dev-public)
> > >
> > > definitely yes, OpenSSL 3.0 is on my wish list! :-)
> > >
> > > I did not want to jump on it at day one though. Even the last minor
> > > updates were quite painful and we still have packages requiring
> > > version 1.0 and are still not compatible with 1.1.
> > >
> > > While they claim that most packages should work with a recompile, it
> > > would be nice to actually know which packages are not compatible. This
> > > should help whether we need another compatibility package are would be
> > > able to just replace openssl 1.1 with version 3.
> > >
> > > I know about foutrelis' awesome rebuilder script, but I wonder if we
> > > have something similar that I just could run for half a day to get an
> > > idea which package would break and which wont? Like a dry run that
> > > wont commit anything. If no such thing exists yet, I might have a look
> > > myself.
> > >
> > > Greetings,
> > >
> > > Pierre
> > >
> > > On Wed, Nov 3, 2021 at 9:14 PM Jelle van der Waa <jelle at vdwaa.nl> wrote:
> > > >
> > > > Hi Pierre,
> > > >
> > > > Shall we start an openssl 3.0 rebuild soon? Fedora/Debian/Alpine seens
> > > > to have already started.
> > > >
> > > > https://fedoraproject.org/wiki/Changes/OpenSSL3.0
> > > >
> > > > Greetings,
> > > >
> > > > Jelle
> > >
> > >
> > >
> > > --
> > > Pierre Schmitz, https://pierre-schmitz.com
> >
> >
> >
> > --
> > Pierre Schmitz, https://pierre-schmitz.com
>
>
>
> --
> Pierre Schmitz, https://pierre-schmitz.com



-- 
Pierre Schmitz, https://pierre-schmitz.com