Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] LibreSSL import plan
Date: Sun, 20 Sep 2015 15:31:55
Message-Id: 55FED15A.7080607@gentoo.org
In Reply to: Re: [gentoo-dev] LibreSSL import plan by Alexis Ballier
1 On 9/20/15 8:59 AM, Alexis Ballier wrote:
2 > On Sun, 20 Sep 2015 07:49:24 -0400
3 > Rich Freeman <rich0@g.o> wrote:
4 >
5 >> On Sun, Sep 20, 2015 at 5:50 AM, Alexis Ballier <aballier@g.o>
6 >> wrote:
7 >>> Yes, that's what gnome team is doing with gtk2 vs gtk3; however, I'm
8 >>> not sure how much work it is. Only package I know of providing
9 >>> different slots depending on what it's built upon is webkit-gtk.
10 >>>
11 >>> I can't imagine every library using {open,libre}ssl provide two
12 >>> slots, two different libraries, two different pkg-config and the
13 >>> like files, etc. And every package using a library that uses a
14 >>> library that uses a library that uses {open,libre}ssl to have to
15 >>> chose what ssl library to use.
16 >>>
17 >> I don't think the suggestion is to make it so that any package can be
18 >> built against either, though individual maintainers can support this.
19 >>
20 >> I think the suggestion is to make it so that the libraries themselves
21 >> can be installed side-by-side, so that packages can depend exclusively
22 >> on one or the other and not effectively block each other.
23 > I don't think so, and I explained why it doesn't work: Loading both of
24 > them in the same process screws things up.
25 >
26 > See:
27 > https://blog.flameeyes.eu/2008/06/a-few-risks-i-see-related-to-the-new-portage-2-2-preserve-libs-behaviour#gsc.tab=0
28 >
29 > and replace changing major number by changing library name, it's the
30 > exact same deal, or worse since it is now "permanent".
31 >
32 +1
33
34 You really don't want to be mixing both on a system. I've been working
35 on libressl from the sidelines (making sure it works with embedded
36 systems) and it doesn't share abi compat with openssl. I guess we could
37 hack away at it so that it installs side by side with openssl, but
38 you're just asking for trouble unless you're really careful to keep the
39 two separate when dynamically linking.
40
41 --
42 Anthony G. Basile, Ph.D.
43 Gentoo Linux Developer [Hardened]
44 E-Mail : blueness@g.o
45 GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
46 GnuPG ID : F52D4BBA
Report Message
Find on MARC Find on Google Groups