OpenSSL 3.0 transition plans

Simon Chopin simon.chopin at canonical.com
Sat Oct 2 09:01:10 UTC 2021


Hi all,

As some of you might have surmised, we're planning to move to OpenSSL
3.0 [0] for 22.04. This new major release brings of course some new
things, but also breaks API and ABI.

We intend to update the openssl package to 3.0.0 as soon as possible in
the 22.04 cycle, provided that all the build-rdepends of libssl-dev in
main are ready for the transition. You'll find at [1] the latest test
rebuild, where you'll find that around 35 rdeps from main, and ~180
packages from universe fail to build. This test build has been done in
the PPA schopin/openssl-3.0.0 [2], which you can use to test your
packages against.

If you'd like to help out (please do ;-)), I've started filing bugs
against the various packages that fail, using the tag
'transition-openssl3-jj' [3] to track it all. Please use this tag when
working on this issue. You'll find resources to migrate codebases from
1.1 in the OpenSSL man pages[4].

As stated, the transition should only take place if main is ready for
it. As far as universe is concerned, in an ideal world all the 180
packages above would be fixed in time for the release. However, if not
so, we'll either remove the package from the release or, if *really*
necessary, would introduce a compatibility openssl-1.1 package. The
latter option is of course highly undesirable.

When we'll upload the new version of openssl to the archive, existing
packages should still be installable as the binaries for libssl1.1 will
be kept around as long as they're depended on. However, the autopkgtests
of packages lagging in the transition, or even of their rdeps, might
start to fail if they build the tests during the autopkgtests. If that's
the case, you might want to get the package rebuilt against OpenSSL3 and
rerun the tests with all-proposed=1.

Cheers,
Simon Chopin

[0]: https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/
[1]: https://people.canonical.com/~schopin/rebuilds/openssl-3.0.0-impish.html
[2]: https://launchpad.net/~schopin/+archive/ubuntu/openssl-3.0.0
[3]: https://bugs.launchpad.net/ubuntu/+bugs?field.tag=transition-openssl3-jj
[4]: https://www.openssl.org/docs/manmaster/man7/migration_guide.html



More information about the ubuntu-devel mailing list