Hi, Here is my draft corrected version of the openssl upgrade instructions, as a news item.
One line summary of the correction: Do "c_rehash /etc/ssl/certs" as well, because a hashing algorithm changed This is important because: otherwise CA certs won't get found and cert checking will fail. (Not sure in how many cases, but in some cases, at least.) We briefly discussed this on IRC and replica doesn't think it's worth putting a new news item in arbor, but I do. So I don't know if this will actually be a news item - this email might be the only notification you get. -- Robin
Title: OpenSSL 1.0.0 upgrade procedure (corrected) Author: Sterling X. Winter <[email protected]> Author: Robin Green <[email protected]> Content-Type: text/plain Posted: 2010-11-19 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: dev-libs/openssl ************************************************************************ NOTE: This news item replaces and updates the news item of the same name of 2010-10-28. That news item omitted the essential c_rehash command. All users should run the c_rehash command given below. ************************************************************************ dev-libs/openssl[>=1.0.0] has been unmasked. Although this upgrade breaks ABI we've opted not to slot openssl at this time. This means that to avoid mass breakage you must follow this upgrade procedure. Before upgrading, do a global sync, then make sure you have the distfile for wget stored in your local cache: cave sync cave resolve -fx0 '*/*' wget Now upgrade openssl (version 1.0.0a should be unmasked), merge its configuration changes, and rehash its certs: cave resolve -1zx openssl eclectic config interactive c_rehash /etc/ssl/certs This breaks some parts of Paludis and a few of its dependencies and sub-dependencies. To navigate safely out of this mess, rebuild/upgrade the following packages in order: 1. wget 2. libssh2, curl (you can skip these here if you don't have git[curl] enabled) 3. git 4. neon, subversion (you can skip these here if you don't use libarchive-scm) 5. libarchive 6. paludis (make sure to build the latest -scm revision) At this point Paludis and its dependencies should be working again. If something failed to build, it probably depends on something not listed here that depends on openssl, so identify and rebuild the offending package(s). Finally, let cave fix everything else for you: cave fix-linkage -x
_______________________________________________ Exherbo-dev mailing list [email protected] http://lists.exherbo.org/mailman/listinfo/exherbo-dev
