On 2014-02-07 15:08 , Julien Cristau wrote:
> On Fri, Feb 7, 2014 at 15:04:47 +0100, Jonas Borgström wrote:
>
>> On 2014-02-07 12:12 , Jakub Wilk wrote:
>>> What attic/crypto.py currently does is:
>>>
>>> libcrypto = cdll.LoadLibrary(find_library('crypto'))
>>>
>>> But there is no guarantee that find_library('crypto') returns a library
>>> that is ABI-compatible with the Python code. For the Debian package, a
>>> quick&dirty fix is to replace the find_library() call with
>>> 'libcrypto.so.1.0.0', then hardcode libssl1.0.0 in Depends. But that of
>>> course means that the package would need a sourceful upload by the next
>>> OpenSSL transition.
>>
>> You're right. The "find_library('crypto')" line itself won't guarantee
>> any ABI-compatibility but a "Depends: libssl1.0.0 (>= 1.0.0)" line will.
>>
> No, because it doesn't guarantee that libssl1.1 is not installed, and
> find_library('crypto') may well pick that one instead of the expected
> libcrypto.so.1.0.0.
Ok, I see your point. How about this then:
- Use "libssl1.0.0 >= 1.0.0" as a dependency
- I change the code to only fall back on find_library('crypto') if
libcrypto.so.1.0.0 is not found in the usual place?
That way we're ready when/if libssl 1.1 is released _and_ ships with a
different ABI for the 4 libcrypto function used by Attic.
All of this will hopefully be a non-issue in a not so distant future
since I'm thinking about to replace all python extension and ctypes code
with cffi in order to support PyPy.
/ Jonas
signature.asc
Description: OpenPGP digital signature
