Re: openssl10 in warrior

[Jonathan Richardson <jonathan.richardson@broadcom.com>]

-----Original Message-----
From: Martin Jansa [mailto:martin.jansa@gmail.com]
Sent: Tuesday, June 18, 2019 2:30 PM
To: Jonathan Richardson
Cc: poky@yoctoproject.org
Subject: Re: [poky] openssl10 in warrior

On Tue, Jun 18, 2019 at 01:29:00PM -0700, Jonathan Richardson wrote:
> Hello,
>
> How do you set the version of openssl back to openssl10? There is no
> PROVIDES openssl in openssl10  so I can't set
> PREFERRED_PROVIDER_openssl. If I change my DEPENDS in the my recipe to
> openssl10-native  eventually another native recipe that depends on
> openssl tries to populate a library to sysroot and fails because its
> already there.

Hi,

it never worked with both openssl versions being pulled into the same RSS
(which is quite common for bigger components like qtbase).

If you really need to use openssl10 and have components which require it,
then you can temporary rename openssl10 recipe as openssl in our layer to
overlay 1.1 version from oe-core and use this openssl-1.0 everywhere
(there aren't many packages which would be compatible with
openssl-1.1 and incompatible with openssl-1.0 - from the layers I have
included in my world build I know about these:

PNBLACKLIST[wvstreams] ?= "not compatible with openssl-1.0 since
https://github.com/apenwarr/wvstreams/commit/5506a74e1b033776ad441b4554716
cdcfa88fe03 which was backported to meta-oe and later reverted in
upstream"
PNBLACKLIST[wvdial] ?= "depends on blacklisted wvstreams"
PNBLACKLIST[python3-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[python-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtmpdump] ?= "not compatible with openssl-1.0"
PNBLACKLIST[libtorrent] ?= "not compatible with openssl-1.0"
PNBLACKLIST[freeradius] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtorrent] ?= "depends on blacklisted libtorrent"
PNBLACKLIST[openlmi-tools] ?= "depends on blacklisted python-m2crypto"
PNBLACKLIST[python-pywbem] ?= "depends on blacklisted python-m2crypto"

and in all these cases it's simple to revert them to older from which was
compatible with openssl-1.0 before big bang.

But this work around should be only temporary and you should really try to
get rid of openssl10 soon.

Cheers,

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

Ok thanks Martin/Alex. I'm aware of eol coming up. It's just a matter of
getting all projects upgraded
and leaving one behind (that doesn't yet compile on 1.1) rather than
advancing none of them. I thought
if there was a simple way to move forward then that would be best. But it
sounds like it's better to just
get it upgraded.