[OE-core] openssl10 unusable for many components

Khem Raj raj.khem at gmail.com
Fri Aug 18 14:41:29 UTC 2017

On Fri, Aug 18, 2017 at 3:53 AM, Alexander Kanavin
<alexander.kanavin at linux.intel.com> wrote:
> On 08/18/2017 08:56 AM, Khem Raj wrote:
>> I was trying nodejs and it seems its also broken by this openssl
>> upgrade. Meta-oe alone has amost 50 recipes that are broken. there are
>> hundreds of other layers.
>> Many large packages in external layers are now broken, and the fact
>> that openssl10
>> is almost useless since some package will pull in openssl11 and cause
>> conflicts. This
>> is not a a good solution at least it seems to early for release. It
>> might take a bit for packages to get working with openssl11, We should
>> have carefully thought and considered postponing using it as default
>> until next release ( april 2018). Its fine to keep it in if needed but
>> keep openssl 1.0 as default preferred version, I don't think whole
>> ecosystem is ready for it and we don't have man power to fix
>> everything. This alone has a potential to make
>> October release quite weak as far as external layers are concerned
> FWIW, nodejs from meta-oe does build just fine with openssl10 dependency.

no it doesnt try building nodejs-native.

> it's not exactly useless. And no one has established how many of the other
> 50 packages can be fixed by either doing that, or updating them to latest
> upstream releases.

Thats not going to solve everything. Neither does pointing to fedora patches.

> I'll send a patch that renames openssl10 recipe back to openssl and sets
> that as a preferred version, so anyone can experiment with 1.1 without
> widespread breakage.
> But at the start of next development cycle this will be reverted back; no
> more complaining then please, we have to do this at some point, and just
> after a new cycle has started is as good time as it gets.

Just putting random deadlines is not going to solve this, there has to
be some look
at upstream packages and other distros switching to openssl11 and
dropping openssl10
completely. People have fielded products to support and they need some
assurance of
forward path, their ecosystem might involve a lot larger package set
then just oe-core.

More information about the Openembedded-core mailing list