Re: [gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread Michał Górny 
Dnia 2015-10-05, o godz. 17:28:55
"Jason A. Donenfeld"  napisał(a):

> Last night I tried to enable that flag globally, and then reemerge
> everything relevant. Unfortunately, I got some unresolvable blockers.
> Presumably the reason is that some packages have the libressl USE
> flag, while others don't have it. I assume there are developers hard
> at work adding the flag to each and every package.

Well, yes, hasufell's working really hard at it. But he's also very
busy looking over all commits and pointing out developer's mistakes. So
if you want to help him make libressl a reality quicker, please do less
mistakes and remember to revbump ebuilds when changing RDEPEND or
doing other significant changes!

-- 
Best regards,
Michał Górny



pgpHxm5He1td_.pgp
Description: OpenPGP digital signature

Re: [gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread hasufell 
On 10/05/2015 05:28 PM, Jason A. Donenfeld wrote:
> 
> I assume there are developers hard
> at work adding the flag to each and every package.
> 

Exactly one. And because of that it will take another few weeks (maybe
even months) until we are there.

Re: [gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread Rich Freeman 
On Mon, Oct 5, 2015 at 11:28 AM, Jason A. Donenfeld  wrote:
> I assume there are developers hard
> at work adding the flag to each and every package.

Keep in mind that it isn't always a drop-in replacement.  If it were
we'd just make a virtual for libssl and you wouldn't need to mess with
flags at all.

Some upstreams may support libressl quickly, some might support it
more slowly, and some may or may not ever support it.  So, I suspect
that this will look a lot like trying to switch over to libav - you
might have to change what applications you're using in some cases if
you really want to do it.  As with libav you may see one library or
the other "win" in the end which should make things simpler, but I
suspect that in the meantime there may be a lot of bundling/etc.

When changes require patches and upstream hasn't committed to merging
them, that creates a potential maintenance burden and if package
maintainers aren't willing to undertake this then we should probably
figure out how that is going to work, unless we just plan to ignore
these packages for now.

If it is just a matter of sticking a simple sed in an ebuild and the
libressl team doesn't mind dealing with rare breakage that is probably
less of an issue.

-- 
Rich

Re: [gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread Jason A. Donenfeld 
Perfect. Exactly the information I was looking for. Thanks a bunch.

Re: [gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread hasufell 
On 10/05/2015 05:28 PM, Jason A. Donenfeld wrote:
> Last night I tried to enable that flag globally, and then reemerge
> everything relevant. Unfortunately, I got some unresolvable blockers.

Yes, it is currently practically impossible to enable it. However, you
can use the https://github.com/gentoo/libressl overlay right now,
because it contains a dummy openssl ebuild to fix those unresolvable
blockers.


> The reason for this post is: how do I know when to try switching over
> again?

I will announce it, probably cross-posting to user-ML.

You can watch the in-tree progress here:
https://github.com/gentoo/libressl/wiki/Transition-plan#packages-not-converted-yet
https://bugs.gentoo.org/show_bug.cgi?id=561854

[gentoo-dev] LibreSSL switch-over progress

2015-10-05 Thread Jason A. Donenfeld 
Hi guys,

I've seen we now have a libressl USE flag, per the discussion in the
other thread. Horrah!

Last night I tried to enable that flag globally, and then reemerge
everything relevant. Unfortunately, I got some unresolvable blockers.
Presumably the reason is that some packages have the libressl USE
flag, while others don't have it. I assume there are developers hard
at work adding the flag to each and every package.

The reason for this post is: how do I know when to try switching over
again? Can the folks involved with the flagging operation agree to
make a blog post or a mailing list post when it's all done? This would
probably be quite nice for users too. In fact, I wouldn't mind a
portage news item about this.

Jason

-- 
Jason A. Donenfeld
Gentoo Linux Security & Infrastructure
zx...@gentoo.org
www.zx2c4.com
zx2c4.com/keys/A28BEDE08F1744E16037514806C4536755758000.asc