On Fri, Nov 18, 2016 at 06:10:31AM +0100, Stefan Fritsch wrote: > On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote: > > On Thu, Nov 17, 2016 at 11:18:57PM +0100, Stefan Fritsch wrote: > > > On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote: > > > > > That header was created for mod_ssl_ct which provides support for > > > > > certificate transparency. It's quite new and likely that nothing else > > > > > uses the header. It would probably be acceptable to remove the > > > > > dependency > > > > > in apache2-dev on libssl-dev and add a caveat to the README.Debian. I > > > > > could also not install the header, or put it into a separate new > > > > > package > > > > > that depends on libssl-dev. > > > > > > > > So can you confirm that the only reason for the libssl-dev > > > > depedency is that file? > > > > > > Yes. > > > > What does create the dependency in > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828330#16 > > ? > > By including its own copy of ssl_private.h from the apache source (not > installed in apache2-dev). Urgh. > > /* > * After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined > * in ssl_private.h, which is not installed along with httpd-devel (eg in > * the FC2 RPM.) This include file provides SIMPLIFIED structures for use > * by mod_gridsite: for example, pointers to unused structures are replaced > * by void * and some of the structures are truncated when only the early > * members are used. > * > * CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!! > */
Are there other packages that are doing similar things? And unrelated to the problem in this bug: Now that there is a proper header, it should be used in GridSite? > That's very ugly. So, not installing mod_ssl_openssl.h or a caveat in > README.Debian would not help. > > But putting it into a separate apache2-mod_ssl-dev package with the proper > mod_ssl dependency would still work. gridsite would then need to build-dep on > that package and (AFAICS) php does not do the same ugly tricks and would be > unaffected by the dependency on libssl1.0-dev. This is the build-dependency side. But this would still allow installing GridSite and Apache compiled with different OpenSSL versions. Creating a dependency on apache-abi-openssl-1-0-2 for every user of the affected symbols and providing that (similar to qtbase-abi-5-6-1) would be the proper solution. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed