On 8/18/17 12:29 PM, Martin Jansa wrote: > Even with that patch to rename openssl10 back to openssl we still need to > solve > the openssl-native which wasn't reverted back to 1.0. > > Upstream nodejs isn't going to be openssl-1.1 for a bit longer as explained: > https://github.com/nodejs/node/pull/14761
I wanted to pull out a specific comment from the above link that shows one of the reasons why OpenSSL 1.1 support is delayed by many: 7 days ago: shigeki commented: > We're also waiting for FIPS support of 1.1.x. They are now working on it as > https://www.openssl.org/blog/blog/2017/07/25/fips/.> ... Until the OpenSSL 1.1.x FIPS work is further along, a lot of projects (and major distributions) are going to wait to deploy it. --Mark > https://github.com/nodejs/node/pull/11828 > so it would make sense to revert native and nativesdk versions as well - if it > isn't done in oe-core, I'll do it in our own layers to keep the builds going. > > On Fri, Aug 18, 2017 at 4:41 PM, Khem Raj <raj.k...@gmail.com > <mailto:raj.k...@gmail.com>> wrote: > > On Fri, Aug 18, 2017 at 3:53 AM, Alexander Kanavin > <alexander.kana...@linux.intel.com > <mailto:alexander.kana...@linux.intel.com>> wrote: > > On 08/18/2017 08:56 AM, Khem Raj wrote: > > > >> I was trying nodejs and it seems its also broken by this openssl > >> upgrade. Meta-oe alone has amost 50 recipes that are broken. there are > >> hundreds of other layers. > >> Many large packages in external layers are now broken, and the fact > >> that openssl10 > >> is almost useless since some package will pull in openssl11 and cause > >> conflicts. This > >> is not a a good solution at least it seems to early for release. It > >> might take a bit for packages to get working with openssl11, We should > >> have carefully thought and considered postponing using it as default > >> until next release ( april 2018). Its fine to keep it in if needed but > >> keep openssl 1.0 as default preferred version, I don't think whole > >> ecosystem is ready for it and we don't have man power to fix > >> everything. This alone has a potential to make > >> October release quite weak as far as external layers are concerned > > > > > > FWIW, nodejs from meta-oe does build just fine with openssl10 > dependency. > > no it doesnt try building nodejs-native. > > So > > it's not exactly useless. And no one has established how many of the > other > > 50 packages can be fixed by either doing that, or updating them to > latest > > upstream releases. > > Thats not going to solve everything. Neither does pointing to fedora > patches. > > > > > I'll send a patch that renames openssl10 recipe back to openssl and sets > > that as a preferred version, so anyone can experiment with 1.1 without > > widespread breakage. > > > > But at the start of next development cycle this will be reverted back; > no > > more complaining then please, we have to do this at some point, and just > > after a new cycle has started is as good time as it gets. > > Just putting random deadlines is not going to solve this, there has to > be some look > at upstream packages and other distros switching to openssl11 and > dropping openssl10 > completely. People have fielded products to support and they need some > assurance of > forward path, their ecosystem might involve a lot larger package set > then just oe-core. > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > <mailto:Openembedded-core@lists.openembedded.org> > http://lists.openembedded.org/mailman/listinfo/openembedded-core > <http://lists.openembedded.org/mailman/listinfo/openembedded-core> > > > > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
