Homebrew-core: [email protected] Migration [Tracking]

Created on 6 Sep 2016  路  21Comments  路  Source: Homebrew/homebrew-core

Borrowing my own comment from another thread:

I don't have a lot of interest in carrying around what is essentially a feature patch (support for 1.1.0) given OpenSSL are supporting 1.0.2 as an LTS branch. Not planning to leap over upstream releases unless absolutely necessary for whatever reason.

Transition is also complicated by potentially overlapping linkage, so for example, if you brew install curl --with-openssl against OpenSSL 1.1.0 but you add --with-libssh2 as well which remains linked against OpenSSL 1.0.2, we're not really sure how predictably that'll behave. Ideally, the plan is:

  • Anything standalone (i.e. nothing in brew uses) that supports OpenSSL 1.1.0 can use this new formula as the dependency.
  • Anything else needs to be upgraded by tree, so to update curl you'd want libssh2 to be using OpenSSL 1.1.0 first, etc.

We may well change that plan as time passes; If I could I'd have the entire ecosystem using OpenSSL 1.1.0 tomorrow but it really depends on how quickly we can get this done without breaking significant things for users.

Immediate potential deps tree:

brew deps --include-build --include-optional --1 <formula>

Usage or potential usage list:

brew uses <formula> --include-build --include-optional

Generate a build report for addition to the list:

brew gist-logs <formula>

Fair warning: This is going to be a messy list.

  • [ ] activemq-cpp - Not used by anything else - Fails to build - https://gist.github.com/anonymous/55392af913363942490f5df2f29fc6ce
  • [ ] afflib - Used optionally by bulk_extractor, sleuthkit & autopsy - Fails to build, fixed upstream already, will be in 3.7.9 (?) release.
  • [ ] aircrack-ng - Not used by anything else - Fails to build - https://gist.github.com/anonymous/241dee104589d7a37a4ed3861622f0a9
  • [ ] alpine - Not used by anything else - Fails to build - https://gist.github.com/anonymous/d8fe6343d990cad18a988efa708fc666
  • [ ] amap - Not used by anything else - Builds/runs fine, seemingly, once appdefs files are installed.
  • [ ] ansible - Not used by anything else - Fails to build, pyOpenSSL - https://gist.github.com/anonymous/d691b6d13da3a8ee264b4f84c77ef3f0
  • [ ] apib - Not used by anything else - Fails to build - https://gist.github.com/anonymous/845ffcb3f795d69c7662e0528bc4e2c2
  • [ ] apr-util - Used by subversion, apib - Builds fine, no idea how to test properly.
  • [ ] arangodb - Not used by anything else - Fails to build - https://gist.github.com/anonymous/060fa5ca54329bca6713ffc98b6261de
  • [ ] asio - Used by cpp-netlib - Fails to build in a big way - https://gist.github.com/anonymous/47f8889e59d9194fd12f875540e7ab11
  • [ ] axel - Not used by anything else - Fails to build, fixed upstream already, should be in 2.12 (?).
  • [ ] bacula-fd - Not used by anything else - Fails to build - https://gist.github.com/anonymous/8780cbc5dbf28e25d2db7429ab689a74
  • [ ] bbftp-client - Not used by anything else - Fails to build - https://gist.github.com/anonymous/1bbe2a9e25e38605fb6657066aaef693
  • [ ] bibtexconv - Not used by anything else - Builds/runs fine (Only needs MD5 crypto stuff).
  • [ ] bigloo - Not used by anything else - Fails to build - https://gist.github.com/anonymous/161b8539d919e2984c669df34e62c5a0
  • [ ] bind - Used by dnsperf - Fails to build - https://gist.github.com/anonymous/68c8cf065be6d48a408126b1ccd864e4
  • [ ] bip - Not used by anything else - Fails to build - https://gist.github.com/anonymous/4216da32770ca385e32e5c6a69a65ca0
  • [ ] bitchx - Not used by anything else - Fails to build - https://gist.github.com/anonymous/eb52052681e870c52a8438d8dfc1eb3c
  • [ ] botan - Used by monotone, qca & softhsm - Fails to build - https://gist.github.com/anonymous/2dd98429848c11f28898517e6196e6c9
  • [ ] bro - Not used by anything else - Fails to build, looks unrelated - https://gist.github.com/anonymous/a7e496d762267fff39dd2292c33a5a15
  • [ ] btpd - Not used by anything else - Builds fine, looks like only uses SHA1 from Crypto.
  • [ ] bulk_extractor - Not used by anything else - Fails to build - https://gist.github.com/anonymous/8dc86676f8ef80008a9c21fa78d644da
  • [ ] burp - Not used by anything else - Looks like it fails silently - https://gist.github.com/anonymous/8f9e2429168ceb4a81ee598e2a301948
  • [ ] cadaver
  • [ ] center-im
  • [ ] certbot
  • [ ] cfengine
  • [ ] charm-tools
  • [ ] cherokee
  • [ ] clamav
  • [ ] conan
  • [ ] cpp-netlib
  • [ ] cppcms
  • [ ] cpprestsdk
  • [ ] csup
  • [ ] ctorrent
  • [ ] ctunnel
  • [ ] curl
  • [ ] cvsync
  • [ ] davix
  • [ ] dcmtk
  • [ ] dovecot
  • [ ] duo_unix
  • [ ] duplicity
  • [ ] efl
  • [ ] ejabberd
  • [ ] ekg2
  • [ ] elinks
  • [ ] engine_pkcs11
  • [ ] epic5
  • [ ] eralchemy
  • [ ] erlang
  • [ ] ettercap
  • [ ] exim
  • [ ] fastd
  • [ ] fetchmail
  • [ ] ffmpeg
  • [ ] folly
  • [ ] fossil
  • [ ] fq
  • [ ] frag_find
  • [ ] freeradius-server
  • [ ] freeswitch
  • [ ] freetds
  • [ ] ftimes
  • [ ] gammu
  • [ ] gearman
  • [ ] getdns
  • [ ] getxbook
  • [ ] git-crypt
  • [ ] gkrellm
  • [ ] globus-toolkit
  • [ ] gloox
  • [ ] gpac
  • [ ] groonga
  • [ ] gsoap
  • [ ] gst-plugins-bad
  • [ ] gtmess
  • [ ] gwenhywfar
  • [ ] h2o
  • [ ] haproxy
  • [ ] hashpump
  • [ ] http_load
  • [ ] httperf
  • [ ] httping
  • [ ] httrack
  • [ ] hydra
  • [ ] icecast
  • [ ] ike-scan
  • [ ] imap-uw
  • [ ] imapfilter
  • [ ] innotop
  • [ ] inspircd
  • [ ] ipmitool
  • [ ] ipmiutil
  • [ ] ircd-hybrid
  • [ ] ircii
  • [ ] irods
  • [ ] irssi
  • [ ] isync
  • [ ] john-jumbo
  • [ ] knot
  • [ ] kore
  • [ ] lastpass-cli
  • [ ] ld64
  • [ ] ldapvi
  • [ ] ldid
  • [ ] ldns
  • [ ] lftp
  • [ ] libcapn
  • [ ] libcouchbase
  • [ ] libdap
  • [ ] libevent
  • [ ] libewf
  • [ ] libexosip
  • [ ] libfreefare
  • [ ] libgda
  • [ ] libimobiledevice
  • [ ] liblacewing
  • [ ] libmowgli
  • [ ] liboauth
  • [ ] libopendkim
  • [ ] libopkele
  • [ ] libp11
  • [ ] librdkafka
  • [ ] libre
  • [ ] libslax
  • [ ] libssh
  • [ ] libssh2
  • [ ] libstrophe
  • [ ] libtins
  • [ ] libtorrent-rasterbar
  • [ ] libu2f-server
  • [ ] libwebsockets
  • [ ] libxmlsec1
  • [ ] libzdb
  • [ ] lighttpd
  • [ ] links
  • [ ] lrdf
  • [ ] luvit
  • [ ] lynx
  • [ ] makepkg
  • [ ] mariadb-connector-c
  • [ ] mariadb
  • [ ] md5sha1sum
  • [ ] megatools
  • [ ] midnight-commander
  • [ ] mit-scheme
  • [ ] mitmproxy
  • [ ] mktorrent
  • [ ] monetdb
  • [ ] mongo-c
  • [ ] mongodb
  • [ ] mongoose
  • [ ] monit
  • [ ] monkeysphere
  • [ ] mosquitto
  • [ ] mpop
  • [ ] mpw
  • [ ] msmtp
  • [ ] mutt
  • [ ] mycli
  • [ ] mydumper
  • [ ] mysql-cluster
  • [ ] mysql-connector-c++
  • [ ] mysql
  • [ ] mytop
  • [ ] nagios-plugins
  • [ ] ncrack
  • [ ] neko
  • [ ] neon
  • [ ] net-snmp
  • [ ] nghttp2
  • [ ] nginx
  • [ ] ngircd
  • [ ] nmap
  • [ ] node-build
  • [ ] node
  • [ ] nrpe
  • [ ] nsd
  • [ ] nut
  • [ ] nzbget
  • [ ] onepass
  • [ ] ooniprobe
  • [ ] opensaml
  • [ ] opensc
  • [ ] openvpn
  • [ ] ophcrack
  • [ ] opusfile
  • [ ] osc
  • [ ] osslsigncode
  • [ ] passenger
  • [ ] pdftoedn
  • [ ] pdns
  • [ ] pdnsrec
  • [ ] percona-server
  • [ ] percona-toolkit
  • [ ] percona-xtrabackup
  • [ ] pev
  • [ ] pgcli
  • [ ] phantomjs
  • [ ] pincaster
  • [ ] pjproject
  • [ ] pkcs11-helper
  • [ ] poco
  • [ ] podofo
  • [ ] postgres-xc
  • [ ] postgresql
  • [ ] pound
  • [ ] profanity
  • [ ] proxytunnel
  • [ ] psqlodbc
  • [ ] pulledpork
  • [ ] pulseaudio
  • [ ] pure-ftpd
  • [ ] pwntools
  • [ ] pwsafe
  • [ ] pyenv
  • [ ] pypy
  • [ ] pypy3
  • [ ] python
  • [ ] python3
  • [ ] qca
  • [ ] qt
  • [ ] rabbitmq-c
  • [ ] radare2
  • [ ] rethinkdb
  • [ ] rtags
  • [ ] rtmpdump
  • [ ] ruby-build
  • [ ] ruby
  • [ ] rust
  • [ ] saltstack
  • [ ] sane-backends
  • [ ] sblim-sfcc
  • [ ] scamper
  • [ ] scrypt
  • [ ] sdhash
  • [ ] sgfutils
  • [ ] shadowsocks-libev
  • [ ] shairport-sync
  • [ ] shairport
  • [ ] siege
  • [ ] silc-client
  • [ ] sipp
  • [ ] sipsak
  • [ ] skipfish
  • [ ] slowhttptest
  • [ ] slrn
  • [ ] sngrep
  • [ ] snort
  • [ ] snownews
  • [ ] socat
  • [ ] sofia-sip
  • [ ] sops
  • [ ] spdylay
  • [ ] spiped
  • [ ] sqlcipher
  • [ ] squid
  • [ ] srtp
  • [ ] ssldump
  • [ ] sslscan
  • [ ] sslsplit
  • [ ] sstp-client
  • [ ] strongswan
  • [ ] stunnel
  • [ ] stuntman
  • [ ] subversion
  • [ ] swi-prolog
  • [ ] sylpheed
  • [ ] sysbench
  • [ ] szl
  • [ ] tarantool
  • [ ] tarsnap
  • [ ] tcpflow
  • [ ] testssl
  • [ ] thc-pptp-bruter
  • [ ] thrift
  • [ ] tinc
  • [ ] tiny-fugue
  • [ ] tlsdate
  • [ ] tn5250
  • [ ] tomcat-native
  • [ ] tor
  • [ ] trafficserver
  • [ ] u-boot-tools
  • [ ] unbound
  • [ ] unshield
  • [ ] upscaledb
  • [ ] urweb
  • [ ] uwsgi
  • [ ] virtuoso
  • [ ] voms
  • [ ] vsftpd
  • [ ] w3m
  • [ ] web100clt
  • [ ] webfs
  • [ ] wget
  • [ ] wimlib
  • [ ] wrk
  • [ ] x11vnc
  • [ ] xar-mackyle
  • [ ] xaric
  • [ ] xml-security-c
  • [ ] xml-tooling-c
  • [ ] xrootd
  • [ ] yara
  • [ ] yubico-piv-tool
  • [ ] zbackup
  • [ ] znc - Fails to build but some upstream activity https://github.com/jimloco/Csocket/pull/64 https://github.com/znc/znc/issues/1310 https://github.com/znc/znc/pull/1311
help wanted in progress openssl-migration
Source
picture DomT4

Most helpful comment

I was mostly hoping to avoid the notifications. I'll try the unsubscribe notifications button instead.

picture DomT4 on 13 Oct 2016
😄1 👍1

All 21 comments

Patches have landed in Python upstream, next releases on all branches will support 1.1.0.

alex picture alex on 6 Sep 2016
👍1

@DomT4 How could one generate logs like this? Are there any commands or scripts? If so we can crowdsourcing the build logs on other formulas multiplying other platforms.

JLHwung picture JLHwung on 8 Sep 2016

@JLHwung brew gist-logs <formula>.

DomT4 picture DomT4 on 8 Sep 2016

@DomT4 How could one contribute on this list?
For example

  • [ ] cadaver Not used by anything else, builds fine, no idea how to test properly.
JLHwung picture JLHwung on 8 Sep 2016

Maintainers have direct access. Everyone else will need to leave a comment & wait for a maintainer to incorporate it into the master list. Generally the test process is something like:

  • Change any mention of depends_on "openssl" or Formula["openssl"] in formula to [email protected].
  • brew install -s <formula>
  • brew test -v <formula> (If formula defines a test).
  • brew gist-logs <formula>
  • Dump comment here with the formula name, say build failed/succeeded, provide gist-logs.
DomT4 picture DomT4 on 8 Sep 2016

@DomT4 don't forget to mention that use
brew uses <formula> --include-build --include-optional
to detect whether this formula is dependent of other formulas.

It is also worthy noting that some formula depends on OpenSSL optionally, so one needs go through the option to make formula building against [email protected]

Here is a list of c initials.

JLHwung picture JLHwung on 8 Sep 2016

mutt just officially gained support for building openssl 1.1 in HEAD.

chdiza picture chdiza on 8 Sep 2016
👍1

libssh2 does support [email protected] in HEAD now.

vszakats picture vszakats on 11 Sep 2016
👍1

@vszakats Thank you so much for reminding people of the progress. I raise pull request #4734 to have libssh2 HEAD depends on [email protected].

JLHwung picture JLHwung on 12 Sep 2016
👍2

Closing this because of https://github.com/Homebrew/brew/pull/1283. Thank you to those who helped work on it a little so far.

DomT4 picture DomT4 on 13 Oct 2016
👎1

Let's leave it open, others will need to continue this work.

MikeMcQuaid picture MikeMcQuaid on 13 Oct 2016
👍1

I was mostly hoping to avoid the notifications. I'll try the unsubscribe notifications button instead.

DomT4 picture DomT4 on 13 Oct 2016
😄1 👍1

@DomT4 Thanks!

MikeMcQuaid picture MikeMcQuaid on 13 Oct 2016
👍1

Based on https://github.com/Homebrew/homebrew-core/issues/6828 I think we should change approach here and stop migrating things to use [email protected] until we can do it all in a large revision PR i.e. all the projects using OpenSSL 1.0 currently work with OpenSSL 1.1. Migrating things one-by-one is going to result in mixed dependency trees and that's not going to be good. CC @tdsmith and generally @Homebrew/maintainers for this.

MikeMcQuaid picture MikeMcQuaid on 14 Nov 2016

Please consider rolling this back for broken packages. For example, ansible has been broken for 3 months now.

gelraen picture gelraen on 4 Feb 2017

@gelraen what issue(s) are you referring to specifically?

ilovezfs picture ilovezfs on 4 Feb 2017

@ilovezfs brew install ansible chokes on installing openssl-1.1. I've worked it around by manually editing ansible.rb locally to use any version of openssl, not 1.1 specifically.

gelraen picture gelraen on 4 Feb 2017

@gelraen that's an issue specific to your system. [email protected] is a non-optional dependency of ansible, and we have pre-built binary bottles for Sierra, El Capitan, and Yosemite, which were all built against 1.1. Please open an issue.

ilovezfs picture ilovezfs on 4 Feb 2017

Sorry, I was indeed too quick to judge. It was broken for me because I have TOP env var set in my shell for completely unrelated reason (see gist for the full error message). Should I open an issue for general env sanitizing or just this specific instance?

gelraen picture gelraen on 4 Feb 2017

@gelraen you can make a note of the situation here: https://github.com/Homebrew/brew/issues/932

ilovezfs picture ilovezfs on 4 Feb 2017

Closing as we're not actively migrating these formulae now.

MikeMcQuaid picture MikeMcQuaid on 19 Mar 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ralexx picture ralexx  路  4Comments
dredmorbius picture dredmorbius  路  3Comments
Steffen911 picture Steffen911  路  3Comments
tglawless picture tglawless  路  3Comments
xeoneux picture xeoneux  路  3Comments