[Pkg-postgresql-public] Bug#859550: pgadmin3: Please migrate to openssl1.1 in buster
Cyril Brulebois
kibi at debian.org
Sun Nov 19 02:51:19 UTC 2017
Control: tag -1 patch
Hi Sebastian, hi Denis,
Sebastian Andrzej Siewior <sebastian at breakpoint.cc> (2017-11-14):
> On 2017-10-21 16:37:14 [+0200], Denis Briand wrote:
> > Pgadmin3 is no longer supported by upstream team and I haven't
> > enought skills in openssl lib to fix this bug. Feel free to raise
> > the bug severity to prevent pgadmin3 to be in buster.
> >
> > In a marvelous world we should build pgadmin4 instead but it's
> > completly not the same interface (web) and needs many work hours and
> > skills in web software package building.
>
> What is your final pgadmin plan for Buster? According to the webpage 3
> is no longer supported. Do you want 3 in or plan to package 4?
I've had the pleasure to discuss this with Denis at MiniDebConf in
Toulouse, and AFAIUI it seems it would be nice to keep pgadmin3 around
until pgadmin4 gets packaged.
Looking at the build failure, it happens in paths involving libssh2:
pgadmin/libssh2
pgadmin/include/libssh2
Since this seemed like an embedded code copy, I've looked into libssh2
vs. openssl 1.1, and found this:
https://github.com/libssh2/libssh2/pull/70/commits
I've applied both commits to openssl.{c,h} in pgadmin3 (need to patch
both of them manually since they are not in the same directory):
https://github.com/libssh2/libssh2/pull/70/commits/a62842a9275fe3d6ba4b67b7f01ab3f00d086f83
https://github.com/libssh2/libssh2/pull/70/commits/eb497bddd5f382ca1468d72c6cd3d804ca68afb5
(Add “.patch” at the end of the URL to get a raw patch.)
The build can then be resumed but fails later, possibly because patches
in libssh2 were incomplete or because openssl made more changes. I
didn't investigate at this point since it's clear that having embedded
code copies is awful already.
https://wiki.debian.org/EmbeddedCodeCopies
I've briefly looked into configure.ac to see how library detection is
performed, and found out that the embedded libssh2 depends on openssl
being activated through ./configure; it's the default, but can be
switched off, to use libgcrypt instead. I've added two flags in
debian/rules, which made it possible to build the package. I didn't
update build-depends, and I didn't test a full build under cowbuilder or
sbuild, but that might be something that would help you keep pgadmin3 in
testing a bit longer. See attached source debdiff.
Please make sure to test your package extensively, I only checked it
builds with these settings; also feel free to reword the changelog entry
as you wish. :)
Denis, On a personal note: you did a very good job organizing this
Mini-DebConf, and an even better job getting people to look at your RC
bugs! ;)
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgadmin3+libgcrypt.diff
Type: text/x-diff
Size: 1300 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20171119/45c26816/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20171119/45c26816/attachment-0001.sig>
More information about the Pkg-postgresql-public
mailing list