On Friday, 18 November 2016 19:20:15 CET Adrian Bunk wrote: > On Fri, Nov 18, 2016 at 06:10:31AM +0100, Stefan Fritsch wrote: > > On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote: > > > What does create the dependency in > > > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828330#16 > > > > > > ? > > > > By including its own copy of ssl_private.h from the apache source (not > > installed in apache2-dev). Urgh. > >
> Are there other packages that are doing similar things? I did some grep among the modules in sid but found no other. [1] > And unrelated to the problem in this bug: > Now that there is a proper header, it should be used in GridSite? In principle, yes. But it's quite possible that the APIs exposed in mod_ssl_openssl.h are not sufficient for gridsite. But then gridsite upstream should work with apache2 upstream to get the required APIs added. > > But putting it into a separate apache2-mod_ssl-dev package with the proper > > mod_ssl dependency would still work. gridsite would then need to build-dep > > on that package and (AFAICS) php does not do the same ugly tricks and > > would be unaffected by the dependency on libssl1.0-dev. > > This is the build-dependency side. > > But this would still allow installing GridSite and Apache compiled with > different OpenSSL versions. > > Creating a dependency on apache-abi-openssl-1-0-2 for every user of the > affected symbols and providing that (similar to qtbase-abi-5-6-1) would > be the proper solution. We already have a apache2-api-20120211 virtual package that apache2-bin provides and that all modules should depend on. We could stop providing that and switch to apache2-api-20120211-openssl1.1 when we upgrade apache2 to openssl 1.1. This would at least require a binNMU off all apache2 modules. Modules that don't use dh_apache2 to generate the dependency would need a sourceful update. On the other hand, since there seem to be so few modules that do this, adding some "breaks:" may be the better solution. The grep I did would then need to be re-done for modules that are in jessie but not in sid. Cheers, Stefan [1] Assuming the module-packages are extracted in the current dir: for f in $(find . -name \*.so) ; do strings $f |grep -qw -e ssl_module -e init_server -e pre_handshake -e proxy_post_handshake && echo $f ; done