On Tue, 2020-03-24 at 09:52 -0400, Charalampos Stratakis wrote:
>
> ----- Original Message -----
> > From: "Tomas Mraz" <tm...@redhat.com>
> > To: "Miro Hrončok" <mhron...@redhat.com>, "Development discussions
> > related to Fedora" <devel@lists.fedoraproject.org>
> > Cc: "python-maint" <python-ma...@redhat.com>
> > Sent: Tuesday, March 24, 2020 1:22:37 PM
> > Subject: Re: Heads up: OpenSSL-1.1.1e coming to Rawhide
> >
> > On Sun, 2020-03-22 at 17:29 +0100, Miro Hrončok wrote:
> > > On 19. 03. 20 17:31, Tomas Mraz wrote:
> > > > The new openssl-1.1.1e is coming to Rawhide.
> > > >
> > > > It reports premature EOF/improper shutdown on TLS connections
> > > > more
> > > > properly. However this might make some dependencies broken in
> > > > build
> > > > tests (such as Ruby).
> > > >
> > > > As I would like to eventually update the openssl also on stable
> > > > branches because it brings many bugfixes please consider
> > > > bringing
> > > > eventual fixes/workarounds in depending packages also there.
> > >
> > > Packages failing to build:
> > >
> > > https://koschei.fedoraproject.org/affected-by/openssl?epoch1=1&version1=1.1.1d&release1=7.fc33&epoch2=1&version2=1.1.1e&release2=1.fc33&collection=f33
> > >
> > > https://koschei.fedoraproject.org/affected-by/openssl-devel?epoch1=1&version1=1.1.1d&release1=7.fc33&epoch2=1&version2=1.1.1e&release2=1.fc33&collection=f33
> > >
> > > That includes Python interpreters.
> > >
> > > We have Python tests defined in the CI:
> > >
> > > https://src.fedoraproject.org/rpms/openssl/blob/master/f/tests/tests_python.yml
> > >
> > > Why have this upgrade never been tested that way?
> >
> > I knew there will be actual problems so that is the reason why I
> > sent
> > the heads up. Next time I'll make sure the CI is run as well, not
> > sure
> > if it would make any difference in this case apart from maybe I
> > would
> > open bugs right away?
>
> With the PR workflow on pagure, the CI would be run and we can check
> out the issues that might appear on the python side at least, as we
> have added the relevant python tests in the openssl pagure repo. So
> indeed it would help a lot.
>
> > > Please do not push this to older releases until we fix this.
> >
> > I will not push it to older releases. Most probably we will revert
> > this
> > change in upstream 1.1.1 branch and I will update the rawhide build
> > with the revert patch as well. Anyway this change is going to stay
> > in
> > the master branch of OpenSSL (for 3.0.0) so it is a good idea to be
> > able to handle it in the dependencies anyway.
> >
>
> That would be great actually, thanks for considering it. Pushing this
> change for the 3.0.0 version of OpenSSL should provide us with enough
> time to iron out everything.
>
> On a side note, is there some upstream CI of OpenSSL where we could
> maybe test its integration with Python, or other projects? From the
> python upstream CI side, where we use the buildbot software, we
> noticed that when the fedora servers running the builds got the
> openssl package updated, the tests started failing. Maybe something
> similar could be implemented for OpenSSL, depending of course if the
> infrastructure is in place.
There is already pyca-cryptography build and testsuite run in the
external tests. Perhaps some more python related stuff could be added
although I am not sure the way it is currently integrated would allow
much bigger testsuites being run.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
