On Tue, 2020-03-24 at 09:52 -0400, Charalampos Stratakis wrote: > > ----- Original Message ----- > > From: "Tomas Mraz" <tmraz@xxxxxxxxxx> > > To: "Miro Hrončok" <mhroncok@xxxxxxxxxx>, "Development discussions > > related to Fedora" <devel@xxxxxxxxxxxxxxxxxxxxxxx> > > Cc: "python-maint" <python-maint@xxxxxxxxxx> > > Sent: Tuesday, March 24, 2020 1:22:37 PM > > Subject: Re: Heads up: OpenSSL-1.1.1e coming to Rawhide > > > > On Sun, 2020-03-22 at 17:29 +0100, Miro Hrončok wrote: > > > On 19. 03. 20 17:31, Tomas Mraz wrote: > > > > The new openssl-1.1.1e is coming to Rawhide. > > > > > > > > It reports premature EOF/improper shutdown on TLS connections > > > > more > > > > properly. However this might make some dependencies broken in > > > > build > > > > tests (such as Ruby). > > > > > > > > As I would like to eventually update the openssl also on stable > > > > branches because it brings many bugfixes please consider > > > > bringing > > > > eventual fixes/workarounds in depending packages also there. > > > > > > Packages failing to build: > > > > > > https://koschei.fedoraproject.org/affected-by/openssl?epoch1=1&version1=1.1.1d&release1=7.fc33&epoch2=1&version2=1.1.1e&release2=1.fc33&collection=f33 > > > > > > https://koschei.fedoraproject.org/affected-by/openssl-devel?epoch1=1&version1=1.1.1d&release1=7.fc33&epoch2=1&version2=1.1.1e&release2=1.fc33&collection=f33 > > > > > > That includes Python interpreters. > > > > > > We have Python tests defined in the CI: > > > > > > https://src.fedoraproject.org/rpms/openssl/blob/master/f/tests/tests_python.yml > > > > > > Why have this upgrade never been tested that way? > > > > I knew there will be actual problems so that is the reason why I > > sent > > the heads up. Next time I'll make sure the CI is run as well, not > > sure > > if it would make any difference in this case apart from maybe I > > would > > open bugs right away? > > With the PR workflow on pagure, the CI would be run and we can check > out the issues that might appear on the python side at least, as we > have added the relevant python tests in the openssl pagure repo. So > indeed it would help a lot. > > > > Please do not push this to older releases until we fix this. > > > > I will not push it to older releases. Most probably we will revert > > this > > change in upstream 1.1.1 branch and I will update the rawhide build > > with the revert patch as well. Anyway this change is going to stay > > in > > the master branch of OpenSSL (for 3.0.0) so it is a good idea to be > > able to handle it in the dependencies anyway. > > > > That would be great actually, thanks for considering it. Pushing this > change for the 3.0.0 version of OpenSSL should provide us with enough > time to iron out everything. > > On a side note, is there some upstream CI of OpenSSL where we could > maybe test its integration with Python, or other projects? From the > python upstream CI side, where we use the buildbot software, we > noticed that when the fedora servers running the builds got the > openssl package updated, the tests started failing. Maybe something > similar could be implemented for OpenSSL, depending of course if the > infrastructure is in place. There is already pyca-cryptography build and testsuite run in the external tests. Perhaps some more python related stuff could be added although I am not sure the way it is currently integrated would allow much bigger testsuites being run. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
