----- Original Message -----
From: "Tomas Mraz" <tmraz(a)redhat.com>
To: "Miro Hrončok" <mhroncok(a)redhat.com>, "Development discussions
related to Fedora" <devel(a)lists.fedoraproject.org>
Cc: "python-maint" <python-maint(a)redhat.com>
Sent: Tuesday, March 24, 2020 1:22:37 PM
Subject: Re: Heads up: OpenSSL-1.1.1e coming to Rawhide
On Sun, 2020-03-22 at 17:29 +0100, Miro Hrončok wrote:
> On 19. 03. 20 17:31, Tomas Mraz wrote:
> > The new openssl-1.1.1e is coming to Rawhide.
> >
> > It reports premature EOF/improper shutdown on TLS connections more
> > properly. However this might make some dependencies broken in build
> > tests (such as Ruby).
> >
> > As I would like to eventually update the openssl also on stable
> > branches because it brings many bugfixes please consider bringing
> > eventual fixes/workarounds in depending packages also there.
>
> Packages failing to build:
>
>
https://koschei.fedoraproject.org/affected-by/openssl?epoch1=1&versio...
>
>
https://koschei.fedoraproject.org/affected-by/openssl-devel?epoch1=1&...
>
> That includes Python interpreters.
>
> We have Python tests defined in the CI:
>
>
https://src.fedoraproject.org/rpms/openssl/blob/master/f/tests/tests_pyth...
>
> Why have this upgrade never been tested that way?
I knew there will be actual problems so that is the reason why I sent
the heads up. Next time I'll make sure the CI is run as well, not sure
if it would make any difference in this case apart from maybe I would
open bugs right away?
With the PR workflow on pagure, the CI would be run and we can check out the issues that
might appear on the python side at least, as we have added the relevant python tests in
the openssl pagure repo. So indeed it would help a lot.
> Please do not push this to older releases until we fix this.
I will not push it to older releases. Most probably we will revert this
change in upstream 1.1.1 branch and I will update the rawhide build
with the revert patch as well. Anyway this change is going to stay in
the master branch of OpenSSL (for 3.0.0) so it is a good idea to be
able to handle it in the dependencies anyway.
That would be great actually, thanks for considering it. Pushing this change for the 3.0.0
version of OpenSSL should provide us with enough time to iron out everything.
On a side note, is there some upstream CI of OpenSSL where we could maybe test its
integration with Python, or other projects? From the python upstream CI side, where we use
the buildbot software, we noticed that when the fedora servers running the builds got the
openssl package updated, the tests started failing. Maybe something similar could be
implemented for OpenSSL, depending of course if the infrastructure is in place.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
--
Regards,
Charalampos Stratakis
Software Engineer
Python Maintenance Team, Red Hat