Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use openssl 1.1 by default #22357

Merged
merged 104 commits into from Aug 23, 2019

Conversation

@globin
Copy link
Member

commented Feb 2, 2017

@mention-bot

This comment has been minimized.

Copy link

commented Feb 2, 2017

@globin, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @aneeshusa and @wkennington to be potential reviewers.

@globin globin force-pushed the openssl-1.1 branch 10 times, most recently to 0089f72 Feb 2, 2017

@vcunat

This comment has been minimized.

Copy link
Member

commented Feb 5, 2017

I guess this isn't yet ready to be staged; it seems many packages can't handle the new version yet.

@globin

This comment has been minimized.

Copy link
Member Author

commented Feb 5, 2017

Yes, still wip

@globin globin force-pushed the openssl-1.1 branch from 0089f72 Feb 13, 2017

@vcunat

This comment has been minimized.

Copy link
Member

commented Feb 13, 2017

Perhaps the package updates are worth merging regardless of default openssl version?

@globin

This comment has been minimized.

Copy link
Member Author

commented Feb 13, 2017

Was planning to finish this in the next few days anyway so not sure if it's worth it.

@globin globin force-pushed the openssl-1.1 branch 4 times, most recently Feb 13, 2017

globin added 4 commits Aug 22, 2019

@globin globin changed the title [WIP] Use openssl 1.1 by default Use openssl 1.1 by default Aug 23, 2019

@globin

This comment has been minimized.

Copy link
Member Author

commented Aug 23, 2019

This is good enough to be merged to master, some minor failures in leaf packages still exist, but they can either be fixed in ZHF or marked as broken if nobody cares

@globin

This comment has been minimized.

Copy link
Member Author

commented Aug 23, 2019

I'll merge this to master and that back to staging/staging-next at around midday GMT if no one beats me to it.

torque: remove commented-out sbin handling
We have a setup hook for this!

@lheckemann lheckemann merged commit 25559a5 into master Aug 23, 2019

13 checks passed

Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details

@lheckemann lheckemann deleted the openssl-1.1 branch Aug 23, 2019

@vcunat

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

It's in staging-next as well, since 2e6bf42.

@lheckemann

This comment has been minimized.

Copy link
Member

commented Aug 24, 2019

#67375 for staging (WIP)

@aethelz aethelz referenced this pull request Aug 24, 2019
5 of 10 tasks complete
@gebner gebner referenced this pull request Aug 25, 2019
4 of 10 tasks complete
@gnidorah gnidorah referenced this pull request Aug 25, 2019
3 of 10 tasks complete
@Izorkin

This comment has been minimized.

Copy link
Contributor

commented on 690aaf4 Aug 25, 2019

@globin really add option to build with openssl 1.0.2 ?
In nur-packages, I compile php with libressl. Php build with error:

configure:47594: result: no
configure:47934: checking for IMAP support
configure:47970: result: yes
configure:47979: checking for IMAP Kerberos support
configure:47994: result: no
configure:48003: checking for IMAP SSL support
configure:48018: result: yes
configure:48420: checking for utf8_mime2text signature
configure:48442: gcc -c -I/nix/store/93zawzrz6bp0jqarfg4klx08mhy44381-uw-imap-2007f/include/c-client  -D_REENTRANT conftest.c >&5
conftest.c: In function 'main':
conftest.c:336:9: error: too few arguments to function 'utf8_mime2text'
         utf8_mime2text(src, dst);
         ^~~~~~~~~~~~~~
In file included from /nix/store/93zawzrz6bp0jqarfg4klx08mhy44381-uw-imap-2007f/include/c-client/c-client.h:47:0,
                 from conftest.c:329:
/nix/store/93zawzrz6bp0jqarfg4klx08mhy44381-uw-imap-2007f/include/c-client/utf8aux.h:37:6: note: declared here
 long utf8_mime2text (SIZEDTEXT *src,SIZEDTEXT *dst,long flags);
      ^~~~~~~~~~~~~~
configure:48442: $? = 1
configure: failed program was:

@lopsided98

This comment has been minimized.

Copy link
Contributor

commented Sep 1, 2019

This causes a segfault in rtmpsink in gst-plugins-bad, because rtmpdump depends on 1.0 while gst-plugins-bad depends on 1.1. See #67842 for a fix.

ashkitten added a commit to ashkitten/nixpkgs that referenced this pull request Sep 1, 2019
ashkitten added a commit to ashkitten/nixpkgs that referenced this pull request Sep 1, 2019
@ashkitten ashkitten referenced this pull request Sep 1, 2019
3 of 10 tasks complete
@globin globin referenced this pull request Sep 4, 2019
25 of 25 tasks complete
ashkitten added a commit to ashkitten/nixpkgs that referenced this pull request Sep 4, 2019
@obadz

This comment has been minimized.

Copy link
Contributor

commented on 5ed5493 Sep 7, 2019

Is there a good replacement for ssvncviewer ? Couldn't we just override it against pkgs.openssl_1_0_* ?

Re the dead projects, anything that's sourceforge based is probably dead but we can't exactly get rid of it all...

~/src/nix/pkgs$ grep -sr mirror://sourceforge . | wc -l
950

This comment has been minimized.

Copy link
Member Author

replied Sep 7, 2019

There are a number of vnc clients, is there anything that makes ssvnc special? Openssl 1.0.2 will be EOL at the end of the year, so we should stop depending on it as much as possible.

Probably yes, but they don't depend on cryptography library versions that don't get udpates.

ashkitten added a commit to ashkitten/nixpkgs that referenced this pull request Sep 7, 2019
ashkitten added a commit to ashkitten/nixpkgs that referenced this pull request Sep 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.