[csw-maintainers] At least Openssl 1.0 !

Yann Rouillard yann at pleiades.fr.eu.org
Wed May 16 23:46:13 CEST 2012


Not even a little feedback ?

Yann
Le 12 mai 2012 19:50, "Yann Rouillard" <yann at pleiades.fr.eu.org> a écrit :

> Unbelievable ! Openssl 1.0 packages are close to be on their way to the
> OpenCSW repository.
>
> You will find openssl 1.0.1c packages in my experimental repository:
>     yes | pkgrm CSWopenssl-utils CSWlibssl-dev
>     pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann -i
> openssl_utils libssl_dev libssl1_0_0
>
> Before releasing them, I would welcome additional testing from other
> members and in particular, build tests with these new libraries.
> I already rebuild my own packages (openssh, vsftpd, lftp) to ensure
> there's no build and execution problem.
>
> I updated the PKCS11 patch so these libraries should still take advantage
> of sparc crypto capabilites if you enable the pkcs11 engine.
> I am working on integrating the T4 and aesni crypto acceleration support
> but it would be in a later build (and it seems solaris 11 specific).
>
>
> Some notes concerning the migration:
>
>   - libssl_dev will be replaced with the 1.0.1c version so once it will be
> installed on the buildfram, all subsequent will be linked with libssl 1.0
>     and it will be not possible anymore to build against libssl 0.9.8
>     There doesn't seem to be API incompatibility and the same choice has
> been done by other distro, but this is the reason why I would
>     welcome additional build tests so I can be certain.
>
>
>   - libssl 0.9.8 will of course still be there (and maintained), it can be
> installed alongside libssl 1.0.
>     Starting with libssl 1.0, the SSL engines directory has been moved in
> a versioned directory so we don't have filenames clash.
>
>     However, within a month or two, I will start to fill bug against
> packages linked with libssl 0.9.8 to ask for a rebuild with libssl 1.0.
>
>
>   - libssl relies on system-wide hash symbolic links located in
> /etc/opt/csw/ssl/certs to verify certificates (provided by the
> ca_certificates packages under OpenCSW).
>  Unfortunately, the hash system has changed between 0.9.8 and 1.0, the
> ca_certificates package and the c_rehash script (used to generate the
> symlinks) have been
>  modified to always generate the old and the new hash symlinks. There is
> clash risk but it should be low.
>  - I don't plan on updating the openssl package so that it depends on
> libssl 1.0. This package is a legacy of a time where there was a unique
> package containing libraries, development files and the openssl tools. Packages
> should no longer depend on this package and I prefer to drop it the day we
> will remove libssl 0.9.8 from the repository.
>
>
> Thanks in advance for any comment and feedback,
>
> Yann
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20120516/6f19fb98/attachment.html>


More information about the maintainers mailing list