From: Khem Raj <raj.khem@gmail.com>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [RFC PATCH 1/6] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version
Date: Tue, 4 Sep 2018 13:43:16 -0700 [thread overview]
Message-ID: <CAMKF1spTfZD2B19zQFH+PhAytChCe1k-05ma2QQ9TCVp3TNrgw@mail.gmail.com> (raw)
In-Reply-To: <a12df2950bb8cbe607429ba26247543ba63367af.camel@linuxfoundation.org>
On Tue, Sep 4, 2018 at 1:35 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Tue, 2018-09-04 at 21:12 +0200, Martin Jansa wrote:
> > On Tue, Aug 28, 2018 at 12:23 PM Alexander Kanavin <alex.kanavin@gmai
> > l.com> wrote:
> > > From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
> > >
> > > I believe the time has come to do this: openssl 1.0 upstream
> > > support stops at the end
> > > of 2019, and we do not want a situation where a supported YP
> > > release contains an
> > > unsupported version of a critical security component.
> > >
> > > Openssl 1.0 can still be utilized by depending on 'openssl10'
> > > recipe.
> >
> > This still isn't true for most recipes, as long as there is something
> > depending on openssl in the dependency tree, it will
> > cause do_prepare_recipe_sysroot failures like last time
> >
> > ERROR: The file /usr/lib/libssl.so is installed by both openssl10 and
> > openssl, aborting
> > DEBUG: Python function extend_recipe_sysroot finished
> > DEBUG: Python function do_prepare_recipe_sysroot finished
> > ERROR: Function failed: extend_recipe_sysroot
> >
> > From 15 failures caused by openssl-1.1 detected in my builds, just
> > changing DEPENDS from openssl to openssl10 didn't help in any case.
>
> That isn't good news. Do you have an idea of which components are in
> the dependency chains and if any of them are common? It'd also be
> useful to understand which ones are breaking...
>
I pointed this earlier before merge as well
meta-openembedded has 40 odd recipes failing due to openssl 1.1 upgrade
http://errors.yoctoproject.org/Errors/Build/67457/?page=2&limit=50
so obvious fix was to keep them pinned to openssl10 and i created
couple of fixes
to start
https://patchwork.openembedded.org/patch/154517/
https://patchwork.openembedded.org/patch/154516/
and the effects are showing up where sysroot task now starts to fail
for dependent
recipes here
http://errors.yoctoproject.org/Errors/Details/190427/
http://errors.yoctoproject.org/Errors/Details/190433/
in meta-oe certain recipes can be upgraded and we can get openssl 1.1 support
but others like the two examples I cited above do not have openSSL 1.1 port.
so I think we can not live without openSSL 1.0 and OpenSSL 2.0 being able to
co-exist.
next prev parent reply other threads:[~2018-09-04 20:43 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-28 10:23 [RFC PATCH 0/6] openssl 1.1.1 update Alexander Kanavin
2018-08-28 10:23 ` [RFC PATCH 1/6] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version Alexander Kanavin
2018-09-04 19:12 ` Martin Jansa
2018-09-04 20:35 ` Richard Purdie
2018-09-04 20:43 ` Khem Raj [this message]
2018-09-04 22:58 ` richard.purdie
2018-09-05 1:49 ` Khem Raj
2018-09-05 4:08 ` Andre McCurdy
2018-09-05 4:54 ` Khem Raj
2018-09-05 7:14 ` Alexander Kanavin
2018-09-05 8:53 ` Martin Jansa
2018-09-05 14:45 ` Richard Purdie
2018-09-05 15:15 ` Khem Raj
2018-09-05 15:45 ` Andre McCurdy
2018-09-05 15:55 ` Martin Jansa
2018-09-10 17:54 ` Andre McCurdy
2018-09-10 18:09 ` Khem Raj
2018-09-13 1:43 ` Andre McCurdy
2018-08-28 10:23 ` [RFC PATCH 2/6] cryptodev-tests: port to openssl 1.1 Alexander Kanavin
2018-09-04 20:38 ` Andre McCurdy
2018-09-05 14:15 ` Alexander Kanavin
2018-08-28 10:23 ` [RFC PATCH 3/6] openssl: update to 1.1.1 Alexander Kanavin
2018-09-03 22:53 ` Khem Raj
2018-09-04 3:17 ` Andre McCurdy
2018-09-04 4:26 ` Khem Raj
2018-08-28 10:23 ` [RFC PATCH 4/6] libressl: add a recipe to support openssh Alexander Kanavin
2018-08-28 10:23 ` [RFC PATCH 5/6] openssh: depend on libressl Alexander Kanavin
2018-08-28 10:23 ` [RFC PATCH 6/6] ca-certificates: update to 20180409 Alexander Kanavin
2018-08-29 14:30 ` Khem Raj
2018-08-29 14:47 ` Alexander Kanavin
2018-08-29 15:38 ` Khem Raj
2018-08-31 6:22 ` [RFC PATCH 0/6] openssl 1.1.1 update Khem Raj
2018-08-31 9:30 ` Alexander Kanavin
2018-08-31 9:38 ` Alexander Kanavin
2018-09-01 8:16 ` Khem Raj
2018-09-01 8:20 ` Khem Raj
2018-09-01 8:20 ` [OE-core] " Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMKF1spTfZD2B19zQFH+PhAytChCe1k-05ma2QQ9TCVp3TNrgw@mail.gmail.com \
--to=raj.khem@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.