OpenSSL 3.2.1 available in rawhide
Hello everyone, OpenSSL 3.2.1 is now available in rawhide [1]. There are no API/ABI changes in comparison with the last version in rawhide (3.1.4). This version (3.2.0 onwards) supports PQ algorithms that can be loaded through the OQS provider. A few tests that needed some downstream tweaks have been disabled and being worked on. Other than this issue [2] upstream, we did not see any new failures/breakages. If you observe any new issues with this new version, kindly report a bug. Thank you! [1] https://koji.fedoraproject.org/koji/taskinfo?taskID=113160945 [2] https://github.com/openssl/openssl/issues/23528 Regards. Sahana Prasad -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Migration to pkcs11-provider from OpenSSL engines
Hello, OpenSSL 3.0.0 deprecated the support for using engines and introduced the concept of providers. If your package requires openssl-pkcs11 (libp11, engine_pkcs11), we recommend that you stop using it, and migrate to using the pkcs11-provider instead. We plan to deprecate and remove openssl-pkcs11 by Fedora 41 The pkcs11-provider [1] (available since Fedora 38) is an Openssl 3.0.0 provider designed to access Hardware or Software Tokens using the PKCS#11 Cryptographic Token Interface. To read more about the pkcs11-provider you can have a look at [2]- If you have any questions kindly start a discussion here [4] we are more than happy to help. List of packages that require openssl-pkcs11 - libssh, rng-tools, libp11-devel, freeipa-server-dns, bind-dyndb-ldap, cryptobone, nginx, apache2 Just a note that pkcs11-provider is a new project and we are working continuously to improve it and test it extensively. If you encounter any issues, feel free to report them upstream [3]. Thank you for your understanding and we are looking forward to your collaboration. [1] https://koji.fedoraproject.org/koji/packageinfo?packageID=37379 [2] https://github.com/latchset/pkcs11-provider. [3] https://github.com/latchset/pkcs11-provider/issues [4] https://github.com/latchset/pkcs11-provider/discussions -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Update of OpenSSL to 3.1.1 version in rawhide
Hi everyone, We have updated OpenSSL from 3.0.8 to 3.1.1 [1] in rawhide. This version is ABI compatible with the 3.0 series. Kindly rebuild your packages if you think it has some additional checks for version beyond ABI. OpenSSH is an example of such a package and it is already being rebuilt [2]. Thank you. [1] https://koji.fedoraproject.org/koji/buildinfo?buildID=2267648 [2]https://koji.fedoraproject.org/koji/taskinfo?taskID=104219088 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
kTLS related failures on rawhide in OpenSSL 3.0.1
Hello everyone, Could anyone kindly help with investigating the kTLS related failures in [1] They could be infrastructure related issues, the right kernel versions that support kTLS. [1] https://src.fedoraproject.org/rpms/openssl/pull-request/19 Thank you, Regards, Sahana Prasad ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Wed, Sep 29, 2021 at 9:11 AM Sahana Prasad wrote: > Hi everyone, > > Reminder to kindly think about porting your packages to > avoid build failures with OpenSSL 3.0.0. > We will try a rebuild in the next 2 weeks, and report FTBFS bugs. > Hi all, FTBFS bugs have been reported for all those packages that failed to build with OpenSSL 3.0.0. Attached list of failed packages and logs [1]. Thank you, Regards, Sahana Prasad > > Thank you, > Regards, > Sahana Prasad > > > On Tue, Sep 28, 2021 at 9:45 AM Sahana Prasad wrote: > >> >> >> On Tue, Sep 21, 2021 at 11:58 AM Miro Hrončok >> wrote: >> >>> On 17. 09. 21 11:07, Sahana Prasad wrote: >>> > Hello all, >>> > >>> > The side-tag was merged yesterday. OpenSSL 3.0.0 is available in >>> rawhide now. >>> > You can continue to port your changes for OpenSSL 3.0.0 now. >>> > >>> > The following packages FTBFS (attached), kindly have a look at them. >>> >>> I have switched the following packages to OpenSSL 1.1 explicitly as they >>> will >>> not support OpenSSL 3.0: >>> >>> python2.7 >>> python3.7 >>> python3.6 >>> pypy >>> pypy3.7 >>> >>> See an example PR for inspiration: >>> >>> https://src.fedoraproject.org/rpms/python3.6/pull-request/36 >>> >>> The constrict is compatible with Fedora 33-35 as well. >>> >>> It is not compatible with RHELs, but if deemed necessary, we can add >>> openssl1.1 >>> matapackage to EPEL. >>> >>> I've also requested the openssl1.1-devel provide to be added to RHEL 8, >>> but it >>> might be rejected or take a long time: >>> >> >> Hi Miro, >> >> Thanks for reporting this RFE. We have decided to provide support for it. >> >> Thank you, >> Regards, >> Sahana Prasad >> >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=2006238 >>> >>> -- >>> Miro Hrončok >>> -- >>> Phone: +420777974800 >>> IRC: mhroncok >>> >>> log_links(1).tar.bz2 Description: application/bzip ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi everyone, Reminder to kindly think about porting your packages to avoid build failures with OpenSSL 3.0.0. We will try a rebuild of previously shared failed packages on 15th, and report FTBFS bugs. Thank you, Regards, Sahana Prasad On Thu, Sep 30, 2021 at 4:31 PM Sahana Prasad wrote: > > > On Wed, Sep 29, 2021 at 3:26 PM Stephen Gallagher > wrote: > >> On Wed, Sep 29, 2021 at 6:00 AM Miro Hrončok wrote: >> > >> > On 29. 09. 21 9:11, Sahana Prasad wrote: >> > > Hi everyone, >> > > >> > > Reminder to kindly think about porting your packages to >> > > avoid build failures with OpenSSL 3.0.0. >> > > We will try a rebuild in the next 2 weeks, and report FTBFS bugs. >> > >> > I also see that we have openssl1.1 in the default build root >> >> How long (how many Fedora releases) do we expect to have >> openssl1.1-devel available in the buildroot? I maintain modules of >> Node.js 12 and 14 that will likely never be updated to support OpenSSL >> 3.0 and I'd prefer to keep them alive until their upstream EOLs >> (2022-04-30 and 2023-04-30, respectively). >> > > Hi Stephen, > I can keep it in Fedora until then, sure. > 1.1.1 upstream EOL is in 2023. After that we would not support CVE fixes. > > Thank you, > Regards, > Sahana Prasad > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Wed, Sep 29, 2021 at 3:26 PM Stephen Gallagher wrote: > On Wed, Sep 29, 2021 at 6:00 AM Miro Hrončok wrote: > > > > On 29. 09. 21 9:11, Sahana Prasad wrote: > > > Hi everyone, > > > > > > Reminder to kindly think about porting your packages to > > > avoid build failures with OpenSSL 3.0.0. > > > We will try a rebuild in the next 2 weeks, and report FTBFS bugs. > > > > I also see that we have openssl1.1 in the default build root > > How long (how many Fedora releases) do we expect to have > openssl1.1-devel available in the buildroot? I maintain modules of > Node.js 12 and 14 that will likely never be updated to support OpenSSL > 3.0 and I'd prefer to keep them alive until their upstream EOLs > (2022-04-30 and 2023-04-30, respectively). > Hi Stephen, I can keep it in Fedora until then, sure. 1.1.1 upstream EOL is in 2023. After that we would not support CVE fixes. Thank you, Regards, Sahana Prasad ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi everyone, Reminder to kindly think about porting your packages to avoid build failures with OpenSSL 3.0.0. We will try a rebuild in the next 2 weeks, and report FTBFS bugs. Thank you, Regards, Sahana Prasad On Tue, Sep 28, 2021 at 9:45 AM Sahana Prasad wrote: > > > On Tue, Sep 21, 2021 at 11:58 AM Miro Hrončok wrote: > >> On 17. 09. 21 11:07, Sahana Prasad wrote: >> > Hello all, >> > >> > The side-tag was merged yesterday. OpenSSL 3.0.0 is available in >> rawhide now. >> > You can continue to port your changes for OpenSSL 3.0.0 now. >> > >> > The following packages FTBFS (attached), kindly have a look at them. >> >> I have switched the following packages to OpenSSL 1.1 explicitly as they >> will >> not support OpenSSL 3.0: >> >> python2.7 >> python3.7 >> python3.6 >> pypy >> pypy3.7 >> >> See an example PR for inspiration: >> >> https://src.fedoraproject.org/rpms/python3.6/pull-request/36 >> >> The constrict is compatible with Fedora 33-35 as well. >> >> It is not compatible with RHELs, but if deemed necessary, we can add >> openssl1.1 >> matapackage to EPEL. >> >> I've also requested the openssl1.1-devel provide to be added to RHEL 8, >> but it >> might be rejected or take a long time: >> > > Hi Miro, > > Thanks for reporting this RFE. We have decided to provide support for it. > > Thank you, > Regards, > Sahana Prasad > >> >> https://bugzilla.redhat.com/show_bug.cgi?id=2006238 >> >> -- >> Miro Hrončok >> -- >> Phone: +420777974800 >> IRC: mhroncok >> >> ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Tue, Sep 21, 2021 at 11:58 AM Miro Hrončok wrote: > On 17. 09. 21 11:07, Sahana Prasad wrote: > > Hello all, > > > > The side-tag was merged yesterday. OpenSSL 3.0.0 is available in rawhide > now. > > You can continue to port your changes for OpenSSL 3.0.0 now. > > > > The following packages FTBFS (attached), kindly have a look at them. > > I have switched the following packages to OpenSSL 1.1 explicitly as they > will > not support OpenSSL 3.0: > > python2.7 > python3.7 > python3.6 > pypy > pypy3.7 > > See an example PR for inspiration: > > https://src.fedoraproject.org/rpms/python3.6/pull-request/36 > > The constrict is compatible with Fedora 33-35 as well. > > It is not compatible with RHELs, but if deemed necessary, we can add > openssl1.1 > matapackage to EPEL. > > I've also requested the openssl1.1-devel provide to be added to RHEL 8, > but it > might be rejected or take a long time: > Hi Miro, Thanks for reporting this RFE. We have decided to provide support for it. Thank you, Regards, Sahana Prasad > > https://bugzilla.redhat.com/show_bug.cgi?id=2006238 > > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Mon, Sep 20, 2021 at 12:26 PM Petr Menšík wrote: > Hello Sahana and Jakub, > > openssl-pkcs11 module failed during rebuild. It has no separate bug yet, > but missing pkcs11 engine for OpenSSL 3.0 bind build makes freeipa server > fail to even start. > > Filled bug #2005832 [1]. CentOS Stream 9 build of openssl-pkcs11 were > successful, I think there are missing changes required on Rawhide. Please > include required fixes also in Rawhide. > Hi Petr, Jakub has fixed it in openssl-pkcs11-0.4.11-6.fc36. > Is there any timeline, when would be FTBFS bugs filled? > Yeah I wanted to file them 3/4 weeks after the introduction of OpenSSL 3.0.0. So tentatively around mid october. Thank you, Regards, Sahana Prasad > I did not yet found any bug on openssl-pkcs11. I would expect openssl > engine packages would be ready before mass rebuild. Could it be fixed soon > please? > > Cheers, > Petr > > 1. https://bugzilla.redhat.com/show_bug.cgi?id=2005832 > On 9/20/21 10:47, Sahana Prasad wrote: > > > > On Fri, Sep 17, 2021 at 12:50 PM Neal Gompa wrote: > >> On Fri, Sep 17, 2021 at 5:09 AM Sahana Prasad wrote: >> > >> > Hello all, >> > >> > The side-tag was merged yesterday. OpenSSL 3.0.0 is available in >> rawhide now. >> > You can continue to port your changes for OpenSSL 3.0.0 now. >> > >> > The following packages FTBFS (attached), kindly have a look at them. >> > I haven't reported FTBFS bugs right away. As I know many packages have >> the porting ready already >> > and they were waiting for 3.0.0 to land in rawhide. >> > Some packages fail due to usage of deprecated functions. Consider >> treating those warnings as not errors >> > for a quick fix and you could slowly stop using deprecated functions in >> the future. >> > >> > Thanks Miro for your help with building packages in the side-tag and >> getting a list of failed packages. >> > >> > We will try a rebuild of all these failed packages after 3/4 weeks and >> report bugs for failing packages then. >> > >> >> I noticed that the changelog for the openssl package got truncated. Is >> there a reason for this? The spec file wasn't significantly rewritten, >> nor was there some other condition invalidating the entire recorded >> history of the package. Would you kindly please restore the changelog >> to the spec file? >> > > Hi Neal, > I will restore it. > Thank you, > Regards, > Sahana Prasad > > >> >> >> >> -- >> 真実はいつも一つ!/ Always, there's only one truth! >> >> > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > -- > Petr Menšík > Software Engineer > Red Hat, http://www.redhat.com/ > email: pemen...@redhat.com > PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Fri, Sep 17, 2021 at 12:50 PM Neal Gompa wrote: > On Fri, Sep 17, 2021 at 5:09 AM Sahana Prasad wrote: > > > > Hello all, > > > > The side-tag was merged yesterday. OpenSSL 3.0.0 is available in rawhide > now. > > You can continue to port your changes for OpenSSL 3.0.0 now. > > > > The following packages FTBFS (attached), kindly have a look at them. > > I haven't reported FTBFS bugs right away. As I know many packages have > the porting ready already > > and they were waiting for 3.0.0 to land in rawhide. > > Some packages fail due to usage of deprecated functions. Consider > treating those warnings as not errors > > for a quick fix and you could slowly stop using deprecated functions in > the future. > > > > Thanks Miro for your help with building packages in the side-tag and > getting a list of failed packages. > > > > We will try a rebuild of all these failed packages after 3/4 weeks and > report bugs for failing packages then. > > > > I noticed that the changelog for the openssl package got truncated. Is > there a reason for this? The spec file wasn't significantly rewritten, > nor was there some other condition invalidating the entire recorded > history of the package. Would you kindly please restore the changelog > to the spec file? > Hi Neal, I will restore it. Thank you, Regards, Sahana Prasad > > > > -- > 真実はいつも一つ!/ Always, there's only one truth! > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hello all, The side-tag was merged yesterday. OpenSSL 3.0.0 is available in rawhide now. You can continue to port your changes for OpenSSL 3.0.0 now. The following packages FTBFS (attached), kindly have a look at them. I haven't reported FTBFS bugs right away. As I know many packages have the porting ready already and they were waiting for 3.0.0 to land in rawhide. Some packages fail due to usage of deprecated functions. Consider treating those warnings as not errors for a quick fix and you could slowly stop using deprecated functions in the future. Thanks Miro for your help with building packages in the side-tag and getting a list of failed packages. We will try a rebuild of all these failed packages after 3/4 weeks and report bugs for failing packages then. Thank you, Regards, Sahana Prasad On Thu, Sep 16, 2021 at 10:25 AM Zbigniew Jędrzejewski-Szmek < zbys...@in.waw.pl> wrote: > On Thu, Sep 16, 2021 at 08:20:06AM +, Zbigniew Jędrzejewski-Szmek > wrote: > > On Thu, Sep 16, 2021 at 08:13:08AM +, Zbigniew Jędrzejewski-Szmek > wrote: > > > On Wed, Sep 15, 2021 at 07:53:46PM +0200, Sahana Prasad wrote: > > > > On Wed, Sep 15, 2021 at 12:57 PM Petr Menšík > wrote: > > > > > > > > > Hi Sahana, > > > > > > > > > > it would be nice, if changelog entry contained bug id we could use > to > > > > > watch the progress. Or any other link to some tracker. bind > package has a > > > > > new release, I am preparing update for it, but I am not sure where > should I > > > > > watch for a progress. Even build of openssl itself does not > reference any > > > > > bug. Is there any better tracker than bug #1825937, which I can > monitor for > > > > > progress? Is the koji build the best way to check readiness? Does > exist any > > > > > variant of RHEL9 bug #1958021 > > > > > <https://bugzilla.redhat.com/show_bug.cgi?id=1958021> for Fedora > Rawhide? > > > > > > > > > > Is there any expected timeline, how long it might take to merge the > > > > > side-tag? > > > > > > > > > > > > > Hi Petr, > > > > > > > > I have merged the side-tag [1]. > > > > I would however need karma for it to get to stable. > > > > > > > > https://bodhi.fedoraproject.org/updates/FEDORA-2021-ee8c904f46 > > > > > > > > I will send a list of the failed packages shortly. > > > > > > systemd was built into the side-tag yesterday [1], > > > but doesn't appear in the update… > > > > > > [1] https://koji.fedoraproject.org/koji/buildinfo?buildID=1832196 > > > > Oh, I see it finished building after you merged the tag. Dunno, > > maybe the update should be updated? > > > > -- > > > > Another issue: the update has 1006 "automated tests", out of which > > 1001 fail! I think is very wrong with "automated tests" is the > > out-of-the-box success rate is below 0.005%. > > > > Error: > > Problem: conflicting requests > > - nothing provides libcrypto.so.3()(64bit) needed by > zola-0.12.2-8.fc36.x86_64 > > - nothing provides libcrypto.so.3(OPENSSL_3.0.0)(64bit) needed by > zola-0.12.2-8.fc36.x86_64 > > - nothing provides libssl.so.3()(64bit) needed by > zola-0.12.2-8.fc36.x86_64 > > - nothing provides libssl.so.3(OPENSSL_3.0.0)(64bit) needed by > zola-0.12.2-8.fc36.x86_64 > > (try to add '--skip-broken' to skip uninstallable packages) > > Installation of zola-0:0.12.2-8.fc36.x86_64 failed. > > > > So... is the test ignoring the fact that the package is part of > > an update and trying to install rpms individually? > > Another one ( > https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpminspect-pipeline/job/master/42395/testReport/(root)/tests/_annocheck/ > ) > > """ > Error Message > Test "/annocheck" failed. > Find out more about this test in the documentation: > https://github.com/rpminspect/rpminspect#rpminspect > Found a bug? Please open an issue in the issue tracker: > https://pagure.io/fedora-ci/general/issues > """ > > How on earth are we supposed to figure out what annocheck doesn't like? > There's 185328 bytes of "Standard Output" that follows… > > Zbyszek > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://doc
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Wed, Sep 15, 2021 at 12:57 PM Petr Menšík wrote: > Hi Sahana, > > it would be nice, if changelog entry contained bug id we could use to > watch the progress. Or any other link to some tracker. bind package has a > new release, I am preparing update for it, but I am not sure where should I > watch for a progress. Even build of openssl itself does not reference any > bug. Is there any better tracker than bug #1825937, which I can monitor for > progress? Is the koji build the best way to check readiness? Does exist any > variant of RHEL9 bug #1958021 > <https://bugzilla.redhat.com/show_bug.cgi?id=1958021> for Fedora Rawhide? > > Is there any expected timeline, how long it might take to merge the > side-tag? > Hi Petr, I have merged the side-tag [1]. I would however need karma for it to get to stable. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ee8c904f46 I will send a list of the failed packages shortly. Thank you, Regards, Sahana Prasad > Thanks! > > Regards, > Petr > On 9/14/21 6:56 PM, Sahana Prasad wrote: > > Hi all, > > The builds of packages that depend on OpenSSL are being rebuilt in the > side tag f36-build-side-44794 [1] now. > > Note to package maintainers: If you see a "Rebuilt with OpenSSL 3.0.0" > commit in your package, do not build it in > regular rawhide unless the side tag is merged > > [1] > https://koji.fedoraproject.org/koji/builds?inherited=0&tagID=44794&order=-build_id&latest=1 > > > Thank you, > Regards, > Sahana Prasad > > > > On Wed, Sep 8, 2021 at 5:06 PM Sahana Prasad wrote: > >> >> >> On Wed, Sep 8, 2021 at 4:35 PM Omair Majid wrote: >> >>> Hi, >>> >>> Sahana Prasad writes: >>> >>> > An update that I will directly bring in the OpenSSL 3.0.0 final RC >>> > (released upstream yesterday) >>> >>> Thanks for doing this! >>> >>> I read the upstream announcement and it certainly reads like it's the >>> final/GA release, not an RC: >>> >>> https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/ >>> >>> Do you know what's going on? Did they phrase it badly or did they >>> perform multiple releases in parallel? >>> >> >> Hi Omair, >> >> Sorry I phrased it incorrectly. It is the final major version only, not >> the RC. >> >> Thank you, >> Regards, >> Sahana Prasad >> >>> >>> Thanks, >>> Omair >>> >>> -- >>> PGP Key: B157A9F0 (http://pgp.mit.edu/) >>> Fingerprint = 9DB5 2F0B FD3E C239 E108 E7BD DF99 7AF8 B157 A9F0 >>> >>> > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > -- > Petr Menšík > Software Engineer > Red Hat, http://www.redhat.com/ > email: pemen...@redhat.com > PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi all, The builds of packages that depend on OpenSSL are being rebuilt in the side tag f36-build-side-44794 [1] now. Note to package maintainers: If you see a "Rebuilt with OpenSSL 3.0.0" commit in your package, do not build it in regular rawhide unless the side tag is merged [1] https://koji.fedoraproject.org/koji/builds?inherited=0&tagID=44794&order=-build_id&latest=1 Thank you, Regards, Sahana Prasad On Wed, Sep 8, 2021 at 5:06 PM Sahana Prasad wrote: > > > On Wed, Sep 8, 2021 at 4:35 PM Omair Majid wrote: > >> Hi, >> >> Sahana Prasad writes: >> >> > An update that I will directly bring in the OpenSSL 3.0.0 final RC >> > (released upstream yesterday) >> >> Thanks for doing this! >> >> I read the upstream announcement and it certainly reads like it's the >> final/GA release, not an RC: >> >> https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/ >> >> Do you know what's going on? Did they phrase it badly or did they >> perform multiple releases in parallel? >> > > Hi Omair, > > Sorry I phrased it incorrectly. It is the final major version only, not > the RC. > > Thank you, > Regards, > Sahana Prasad > >> >> Thanks, >> Omair >> >> -- >> PGP Key: B157A9F0 (http://pgp.mit.edu/) >> Fingerprint = 9DB5 2F0B FD3E C239 E108 E7BD DF99 7AF8 B157 A9F0 >> >> ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Wed, Sep 8, 2021 at 4:35 PM Omair Majid wrote: > Hi, > > Sahana Prasad writes: > > > An update that I will directly bring in the OpenSSL 3.0.0 final RC > > (released upstream yesterday) > > Thanks for doing this! > > I read the upstream announcement and it certainly reads like it's the > final/GA release, not an RC: > > https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/ > > Do you know what's going on? Did they phrase it badly or did they > perform multiple releases in parallel? > Hi Omair, Sorry I phrased it incorrectly. It is the final major version only, not the RC. Thank you, Regards, Sahana Prasad > > Thanks, > Omair > > -- > PGP Key: B157A9F0 (http://pgp.mit.edu/) > Fingerprint = 9DB5 2F0B FD3E C239 E108 E7BD DF99 7AF8 B157 A9F0 > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi all, An update that I will directly bring in the OpenSSL 3.0.0 final RC (released upstream yesterday) into rawhide in the next few days. (Compared to beta2, this version has one moderate CVE-2021-3712 fix in addition to other fixes.) Thank you, Regards, Sahana Prasad On Tue, Aug 31, 2021 at 12:21 PM Sahana Prasad wrote: > > > On Tue, Aug 31, 2021 at 12:02 PM Miro Hrončok wrote: > >> On 31. 08. 21 11:17, Sahana Prasad wrote: >> > Hi everyone, >> > >> > dnf builds well after building all OpenSSL dependent packages (in >> batches) >> > with the compat package and OpenSSL 3.0.0 beta2 version. >> > You can have a look at [1] with the side-tag f36-build-side-44794 >> >> Hello Sahana, >> >> I am afraid the side tag has no builds in it: >> >> >> https://koji.fedoraproject.org/koji/builds?inherited=0&tagID=44794&order=-build_id&latest=1 >> > > Thanks Miro, I'll check and fix it. > > >> >> So when you built scratch builds in it: >> >> >> https://koji.fedoraproject.org/koji/tasks?start=0&owner=saprasad&state=all&view=toplevel&method=all&order=-id >> >> They all built with openssl 1:1.1.1k-2.fc35. >> >> Scratch builds don't "see each other". >> >> -- >> Miro Hrončok >> -- >> Phone: +420777974800 >> IRC: mhroncok >> >> ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Tue, Aug 31, 2021 at 12:02 PM Miro Hrončok wrote: > On 31. 08. 21 11:17, Sahana Prasad wrote: > > Hi everyone, > > > > dnf builds well after building all OpenSSL dependent packages (in > batches) > > with the compat package and OpenSSL 3.0.0 beta2 version. > > You can have a look at [1] with the side-tag f36-build-side-44794 > > Hello Sahana, > > I am afraid the side tag has no builds in it: > > > https://koji.fedoraproject.org/koji/builds?inherited=0&tagID=44794&order=-build_id&latest=1 > Thanks Miro, I'll check and fix it. > > So when you built scratch builds in it: > > > https://koji.fedoraproject.org/koji/tasks?start=0&owner=saprasad&state=all&view=toplevel&method=all&order=-id > > They all built with openssl 1:1.1.1k-2.fc35. > > Scratch builds don't "see each other". > > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi everyone, dnf builds well after building all OpenSSL dependent packages (in batches) with the compat package and OpenSSL 3.0.0 beta2 version. You can have a look at [1] with the side-tag f36-build-side-44794 I think we are in a good state to merge OpenSSL 3.0.0 and compat packages into rawhide. Let me know if you think otherwise. (There are some failing packages, that need to be looked at by respective maintainers) [1] https://koji.fedoraproject.org/koji/tasks?start=0&owner=saprasad&state=all&view=toplevel&method=all&order=-id Thank you, Regards, Sahana Prasad On Fri, Aug 20, 2021 at 11:36 AM Sahana Prasad wrote: > > > On Wed, Aug 18, 2021 at 11:11 PM Neal Gompa wrote: > >> On Wed, Aug 18, 2021 at 3:55 PM Sahana Prasad wrote: >> > >> > Hi everyone, >> > >> > No major progress on this task yet. >> > I found out that the compat package needs some more fixing. >> > I have more time in the coming days, so I should >> > have an update soon hopefully. >> >> Let us know if you need help with getting the compat stuff fixed up. >> We're happy to help! :) >> > > Thanks Neal. It is fixed now and dnf builds well with it and OpenSSL 3.0 > in my copr repo. > Performing some more tests now. > > Thank you, > Regards, > Sahana Prasad > >> >> >> >> -- >> 真実はいつも一つ!/ Always, there's only one truth! >> ___ >> devel mailing list -- devel@lists.fedoraproject.org >> To unsubscribe send an email to devel-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Wed, Aug 18, 2021 at 11:11 PM Neal Gompa wrote: > On Wed, Aug 18, 2021 at 3:55 PM Sahana Prasad wrote: > > > > Hi everyone, > > > > No major progress on this task yet. > > I found out that the compat package needs some more fixing. > > I have more time in the coming days, so I should > > have an update soon hopefully. > > Let us know if you need help with getting the compat stuff fixed up. > We're happy to help! :) > Thanks Neal. It is fixed now and dnf builds well with it and OpenSSL 3.0 in my copr repo. Performing some more tests now. Thank you, Regards, Sahana Prasad > > > > -- > 真実はいつも一つ!/ Always, there's only one truth! > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hi everyone, No major progress on this task yet. I found out that the compat package needs some more fixing. I have more time in the coming days, so I should have an update soon hopefully. Thank you, Regards, Sahana Prasad On Tue, Aug 10, 2021 at 7:57 PM Sahana Prasad wrote: > > > On Thu, Aug 5, 2021 at 11:51 AM Miro Hrončok wrote: > >> On 05. 08. 21 11:03, Sahana Prasad wrote: >> > Hello everyone, >> > >> > As per the F36 schedule [1], rawhide starts F36 development on >> 2021-08-10. >> > I would like to bring in OpenSSL 3.0.0 [2] and the compat package [3] >> (along >> > with devel subpackage) into rawhide. >> > >> > I would like your opinion/suggestion on: >> > 1. Merging it and building it directly in rawhide. This will make >> OpenSSL 3.0.0 >> > available by default for immediate use in rawhide. >> > FTBFS bugs can be reported when there is a mass-rebuild as per [1] >> > versus >> > 2. Building it in a side-tag, adding all packages. Allowing the >> packages to >> > port and fix build failures >> > on the side-tag and finally merge the side-tag. FTBFS bugs can be >> reported >> > immediately. >> > >> > I have a slight preference for option 1: >> > >> > 1. As rawhide enables us to try out stuff like this. >> > 2. It is very early in the cycle to bring this change. >> > 3. Many upstream packages have been ported (or are in the process of >> porting) to >> > OpenSSL 3.0.0 >> > 4. Compat package (rebased to 1.1.1k version) is available with devel >> files. >> > >> > Although option 2 sounds more organized. >> > >> > But I could be missing some information/details. It would be nice to >> hear about >> > the experiences in the past and the preferred method by the community. >> >> Is it not probable that when the rebuilds happen gradually, weird stuff >> will >> happen? >> >> E.g. when: >> >> - python links to libopenssl 3 >> - libdnf or similar links to openssl 1.x >> >> An application, such as dnf, uses both. Can that be a problem? >> >> >> >> To minimize unknown problems like this, I suggest to: >> >> 1. define a minimal acceptance criteria (e.g. "dnf works") >> 2. test (1) in copr, do not open the side tag until verified there >> 3. open a side tag >> 4. build openssl 3 in it >> 5. build as much packages linking to openssl in it as possible >> 6. verify (1), improvise until it is a success >> 7. merge the side tag >> 8. rebuild "misfits" once again (packages that succeeded in (5) but >> packagers >> rebuilt them in regular rawhide while the side tag was open) >> > > Hello everyone, > > I will follow these steps and start working on it tomorrow onwards. > > Thank you, > Regards, > Sahana Prasad > > >> This is different from your proposed side tag solution because there is >> no >> window left for "allowing the packages to port and fix build failures on >> the >> side-tag". Side tags are painful when opened for a long. >> >> IMHO This combines benefits of both of your solutions: >> >> - it is fast >> - it is more or less atomic, sans the packages that FTBFS >> >> -- >> Miro Hrončok >> -- >> Phone: +420777974800 >> IRC: mhroncok >> >> ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Thu, Aug 5, 2021 at 11:51 AM Miro Hrončok wrote: > On 05. 08. 21 11:03, Sahana Prasad wrote: > > Hello everyone, > > > > As per the F36 schedule [1], rawhide starts F36 development on > 2021-08-10. > > I would like to bring in OpenSSL 3.0.0 [2] and the compat package [3] > (along > > with devel subpackage) into rawhide. > > > > I would like your opinion/suggestion on: > > 1. Merging it and building it directly in rawhide. This will make > OpenSSL 3.0.0 > > available by default for immediate use in rawhide. > > FTBFS bugs can be reported when there is a mass-rebuild as per [1] > > versus > > 2. Building it in a side-tag, adding all packages. Allowing the packages > to > > port and fix build failures > > on the side-tag and finally merge the side-tag. FTBFS bugs can be > reported > > immediately. > > > > I have a slight preference for option 1: > > > > 1. As rawhide enables us to try out stuff like this. > > 2. It is very early in the cycle to bring this change. > > 3. Many upstream packages have been ported (or are in the process of > porting) to > > OpenSSL 3.0.0 > > 4. Compat package (rebased to 1.1.1k version) is available with devel > files. > > > > Although option 2 sounds more organized. > > > > But I could be missing some information/details. It would be nice to > hear about > > the experiences in the past and the preferred method by the community. > > Is it not probable that when the rebuilds happen gradually, weird stuff > will > happen? > > E.g. when: > > - python links to libopenssl 3 > - libdnf or similar links to openssl 1.x > > An application, such as dnf, uses both. Can that be a problem? > > > > To minimize unknown problems like this, I suggest to: > > 1. define a minimal acceptance criteria (e.g. "dnf works") > 2. test (1) in copr, do not open the side tag until verified there > 3. open a side tag > 4. build openssl 3 in it > 5. build as much packages linking to openssl in it as possible > 6. verify (1), improvise until it is a success > 7. merge the side tag > 8. rebuild "misfits" once again (packages that succeeded in (5) but > packagers > rebuilt them in regular rawhide while the side tag was open) > Hello everyone, I will follow these steps and start working on it tomorrow onwards. Thank you, Regards, Sahana Prasad > This is different from your proposed side tag solution because there is no > window left for "allowing the packages to port and fix build failures on > the > side-tag". Side tags are painful when opened for a long. > > IMHO This combines benefits of both of your solutions: > > - it is fast > - it is more or less atomic, sans the packages that FTBFS > > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [Heads-up] Introduction of OpenSSL 3.0.0 in F36
On Thu, Aug 5, 2021 at 11:51 AM Miro Hrončok wrote: > On 05. 08. 21 11:03, Sahana Prasad wrote: > > Hello everyone, > > > > As per the F36 schedule [1], rawhide starts F36 development on > 2021-08-10. > > I would like to bring in OpenSSL 3.0.0 [2] and the compat package [3] > (along > > with devel subpackage) into rawhide. > > > > I would like your opinion/suggestion on: > > 1. Merging it and building it directly in rawhide. This will make > OpenSSL 3.0.0 > > available by default for immediate use in rawhide. > > FTBFS bugs can be reported when there is a mass-rebuild as per [1] > > versus > > 2. Building it in a side-tag, adding all packages. Allowing the packages > to > > port and fix build failures > > on the side-tag and finally merge the side-tag. FTBFS bugs can be > reported > > immediately. > > > > I have a slight preference for option 1: > > > > 1. As rawhide enables us to try out stuff like this. > > 2. It is very early in the cycle to bring this change. > > 3. Many upstream packages have been ported (or are in the process of > porting) to > > OpenSSL 3.0.0 > > 4. Compat package (rebased to 1.1.1k version) is available with devel > files. > > > > Although option 2 sounds more organized. > > > > But I could be missing some information/details. It would be nice to > hear about > > the experiences in the past and the preferred method by the community. > > Is it not probable that when the rebuilds happen gradually, weird stuff > will > happen? > > E.g. when: > > - python links to libopenssl 3 > - libdnf or similar links to openssl 1.x > > An application, such as dnf, uses both. Can that be a problem? > > > > To minimize unknown problems like this, I suggest to: > > 1. define a minimal acceptance criteria (e.g. "dnf works") > 2. test (1) in copr, do not open the side tag until verified there > 3. open a side tag > 4. build openssl 3 in it > 5. build as much packages linking to openssl in it as possible > 6. verify (1), improvise until it is a success > 7. merge the side tag > 8. rebuild "misfits" once again (packages that succeeded in (5) but > packagers > rebuilt them in regular rawhide while the side tag was open) > Thank you for these helpful steps Miro. I'll follow them. > > This is different from your proposed side tag solution because there is no > window left for "allowing the packages to port and fix build failures on > the > side-tag". Side tags are painful when opened for a long. > > IMHO This combines benefits of both of your solutions: > > - it is fast > - it is more or less atomic, sans the packages that FTBFS > Yes, I agree. Thank you, Regards, Sahana Prasad > > -- > Miro Hrončok > -- > Phone: +420777974800 > IRC: mhroncok > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Heads-up] Introduction of OpenSSL 3.0.0 in F36
Hello everyone, As per the F36 schedule [1], rawhide starts F36 development on 2021-08-10. I would like to bring in OpenSSL 3.0.0 [2] and the compat package [3] (along with devel subpackage) into rawhide. I would like your opinion/suggestion on: 1. Merging it and building it directly in rawhide. This will make OpenSSL 3.0.0 available by default for immediate use in rawhide. FTBFS bugs can be reported when there is a mass-rebuild as per [1] versus 2. Building it in a side-tag, adding all packages. Allowing the packages to port and fix build failures on the side-tag and finally merge the side-tag. FTBFS bugs can be reported immediately. I have a slight preference for option 1: 1. As rawhide enables us to try out stuff like this. 2. It is very early in the cycle to bring this change. 3. Many upstream packages have been ported (or are in the process of porting) to OpenSSL 3.0.0 4. Compat package (rebased to 1.1.1k version) is available with devel files. Although option 2 sounds more organized. But I could be missing some information/details. It would be nice to hear about the experiences in the past and the preferred method by the community. COPR repo [4] is updated with openssl-3.0.0-beta2. Change proposal [5] is updated for F36. [1] https://fedorapeople.org/groups/schedule/f-36/f-36-key-tasks.html [2] https://src.fedoraproject.org/fork/saprasad/rpms/openssl/tree/rawhide [3] https://src.fedoraproject.org/fork/saprasad/rpms/openssl1.1/tree/rawhide [4] https://copr.fedorainfracloud.org/coprs/saprasad/openssl-3.0/builds/ [5] https://fedoraproject.org/wiki/Changes/OpenSSL3.0 Thank you, Regards Sahana Prasad ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Is OpenSSL 3.0 still planned for Fedora 35?
On Tue, Aug 3, 2021 at 4:50 PM Ben Cotton wrote: > Okay, let's take a step back for a moment. > > Sahana, do you still intend to land OpenSSL 3.0 in F35 or should we > defer it to F36? Hi Ben, others I would like to defer it to F36. OpenSSL 3.0 Beta2 (or Beta 3, if available) will land into rawhide right after branching. This will give fellow maintainers time to properly plan porting activities and ensure smooth transition. > If you do plan on including it in F35, what help from > the rest of the community (if any) do you need? Like Simo mentioned, we haven't had any request/interest for OpenSSL 3.0 to be introduced into F35 immediately. However, if it would be very beneficial, then I'd say we could try the following - (Only if the package maintainers are willing to add patches / merge their WIP OpenSSL 3.0 branches before 8/24) 1. Do a targeted rebuild of packages that depend on OpenSSL on the side-tag f35-build-side-44202. I have built OpenSSL 3.0 Beta2 [1] and openssl1.1 compat [2] packages in this side-tag. The compat package is rebased to 1.1.1k. It includes the devel subpackage. Note that it intentionally conflicts with openssl-devel. Neal, or others willing to volunteer, could help me out here to get the list of packages that fail. (If it was done in the past, there could be some automated scripts we could run overnight to get results quickly.) We had ~60 packages that FTBFS when OpenSSL 3.0 landed in c9s. (Most of them are already ported to 3.0 now, so we would gain from them) 2. We can report FTBTS bugs to these failing packages. 3. If the failure rate of packages is within permissible limits and can all be fixed before 8/24, then good. I wanted to do these steps myself, but not for F35, and not immediately. I'm sure trying step1 will not be a waste of time and we would only gain from it even if we defer to F36. Package maintainers who want to test building their package with OpenSSL 3.0 Beta2 version can do so using this copr repo [3] and add builds. Kindly let me know if you need any help in testing/building your package with OpenSSL 3.0. Code is available here [4] Neal, as far as communication is concerned, I might not have communicated on this list directly, but I have definitely discussed it on multiple occasions in different channels on how best to bring OpenSSL 3.0 into rawhide. Other than regressions and instability being the technical reasons, there was no other reason to stall communication. I am learning everyday, and I will definitely work on improving my communication in the future. I apologize for any inconvenience caused. [1] https://koji.fedoraproject.org/koji/taskinfo?taskID=73215212 [2] https://koji.fedoraproject.org/koji/taskinfo?taskID=73219610 [3] https://copr.fedorainfracloud.org/coprs/saprasad/openssl-3.0/builds/ [4] https://src.fedoraproject.org/fork/saprasad/rpms/openssl/tree/rawhide Looking forward to working together. Thank you, Regards, Sahana Prasad > > Anything that's not a direct answer to the above questions should sit > in the drafts folder for a bit while we all take some deep breaths. > > > Thanks, > BC > > -- > Ben Cotton > He / Him / His > Fedora Program Manager > Red Hat > TZ=America/Indiana/Indianapolis > > ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
