Re: libgit2 switch from mbedTLS to OpenSSL
On Thu, Jun 30, 2022 at 04:48:43AM -0700, Simon Chopin wrote: > Quoting Heinrich Schuchardt (2022-06-29 12:56:57) > > On 6/29/22 10:33, Simon Chopin wrote: > > > As part of our efforts to support the Rust toolchain in main, we need to > > > have libgit2 in main (dependency of cargo). However, it currently links > > > against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing > > > reasons IIUC. Those reasons would now be invalid with the new OpenSSL > > > 3.0 licensing. > > > I'd like to switch it back to OpenSSL to avoid pulling yet another TLS > > > implementation in main, however I'm a bit fuzzy whether this would > > > constitute a breaking change for the libgit2 package. The libgit2 > > > library does not expose anything from its crypto implem as part of its > > > API, nor does it re-export any of their symbols (assuming I understand > > > the output of readelf -s correctly). > > > Could someone confirm that this does not represent a breaking change? > > Libgit2 is licensed under GPLv2 which is incompatible with the Apache v2 > > license of OpenSSL 3.0 (see > > https://www.gnu.org/licenses/license-list.html.en). > > But a "Linking Exception" is present in the COPYRIGHT file of libgit2. > > Please, recheck if that exception is enough for your use case. > Looking closer at the linking exception, I think we're good since it is > rather broad. In addition, please see https://lists.ubuntu.com/archives/technical-board/2021-October/002587.html where I lay out a different case for why GPLv2 code linking to OpenSSL 3 (and Apache 2.0-licensed code in general) in Ubuntu is acceptable. We are not blocking GPLv2 packages from linking to libssl3 in Ubuntu. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: PGP signature -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2 switch from mbedTLS to OpenSSL
On Wed, 29 Jun 2022 at 20:33, Simon Chopin wrote: > Hi! > > As part of our efforts to support the Rust toolchain in main, we need to > have libgit2 in main (dependency of cargo). However, it currently links > against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing > reasons IIUC. Those reasons would now be invalid with the new OpenSSL > 3.0 licensing. > > I'd like to switch it back to OpenSSL to avoid pulling yet another TLS > implementation in main, however I'm a bit fuzzy whether this would > constitute a breaking change for the libgit2 package. The libgit2 > library does not expose anything from its crypto implem as part of its > API, nor does it re-export any of their symbols (assuming I understand > the output of readelf -s correctly). > > Could someone confirm that this does not represent a breaking change? > I can't see any way that the selection of the backend leaks into the ABI in a quick poke around in libgit2. I presume you've built the .so both ways and looked at the dynamic symbol tables? (actually the symbols file probably helps here!) If the same names are exported then we'd only be in trouble if the arguments to a function have changed somehow and I can't see how that would happen given the libgit2 headers. Cheers, mwh -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2 switch from mbedTLS to OpenSSL
Quoting Heinrich Schuchardt (2022-06-29 12:56:57) > On 6/29/22 10:33, Simon Chopin wrote: > > Hi! > > > > As part of our efforts to support the Rust toolchain in main, we need to > > have libgit2 in main (dependency of cargo). However, it currently links > > against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing > > reasons IIUC. Those reasons would now be invalid with the new OpenSSL > > 3.0 licensing. > > > > I'd like to switch it back to OpenSSL to avoid pulling yet another TLS > > implementation in main, however I'm a bit fuzzy whether this would > > constitute a breaking change for the libgit2 package. The libgit2 > > library does not expose anything from its crypto implem as part of its > > API, nor does it re-export any of their symbols (assuming I understand > > the output of readelf -s correctly). > > > > Could someone confirm that this does not represent a breaking change? > > Libgit2 is licensed under GPLv2 which is incompatible with the Apache v2 > license of OpenSSL 3.0 (see > https://www.gnu.org/licenses/license-list.html.en). > > But a "Linking Exception" is present in the COPYRIGHT file of libgit2. > Please, recheck if that exception is enough for your use case. Looking closer at the linking exception, I think we're good since it is rather broad. -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2 switch from mbedTLS to OpenSSL
On 6/29/22 10:33, Simon Chopin wrote: Hi! As part of our efforts to support the Rust toolchain in main, we need to have libgit2 in main (dependency of cargo). However, it currently links against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing reasons IIUC. Those reasons would now be invalid with the new OpenSSL 3.0 licensing. I'd like to switch it back to OpenSSL to avoid pulling yet another TLS implementation in main, however I'm a bit fuzzy whether this would constitute a breaking change for the libgit2 package. The libgit2 library does not expose anything from its crypto implem as part of its API, nor does it re-export any of their symbols (assuming I understand the output of readelf -s correctly). Could someone confirm that this does not represent a breaking change? Cheers, -- Simon Chopin Foundations Team Ubuntu Core Dev simon.cho...@canonical.comscho...@ubuntu.com Libgit2 is licensed under GPLv2 which is incompatible with the Apache v2 license of OpenSSL 3.0 (see https://www.gnu.org/licenses/license-list.html.en). But a "Linking Exception" is present in the COPYRIGHT file of libgit2. Please, recheck if that exception is enough for your use case. Best regards Heinrich -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
libgit2 switch from mbedTLS to OpenSSL
Hi! As part of our efforts to support the Rust toolchain in main, we need to have libgit2 in main (dependency of cargo). However, it currently links against mbedTLS for its HTTPS backend rather than OpenSSL, for licensing reasons IIUC. Those reasons would now be invalid with the new OpenSSL 3.0 licensing. I'd like to switch it back to OpenSSL to avoid pulling yet another TLS implementation in main, however I'm a bit fuzzy whether this would constitute a breaking change for the libgit2 package. The libgit2 library does not expose anything from its crypto implem as part of its API, nor does it re-export any of their symbols (assuming I understand the output of readelf -s correctly). Could someone confirm that this does not represent a breaking change? Cheers, -- Simon Chopin Foundations Team Ubuntu Core Dev simon.cho...@canonical.comscho...@ubuntu.com -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2
On Tue, Feb 17, 2015 at 12:14:02PM +0100, Harald Sitter wrote: On Mon, Feb 16, 2015 at 8:14 PM, Jackson Doak nosk...@ubuntu.com wrote: Just looking through upstream logs, this should be as simple as uploading libgit2-glib 0.22.0 and gitg 3.15.1 unfortunately there's symbol retractions without soname change :( http://paste.ubuntu.com/10271618/ I'd say that makes it the responsibility of whatever team cares about libgit2-glib and gitg to sort. I'm happy to remove from the archive if that means we can get the newer version of libgit in. Jonathan -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2
Hi, On Fri, 20 Feb 2015 12:00:17 +, Jonathan Riddell wrote: I'd say that makes it the responsibility of whatever team cares about libgit2-glib and gitg to sort. I'm happy to remove from the archive if that means we can get the newer version of libgit in. As far as I can see, both packages in question are coming unchanged from Debian. Have you tried contacting the respective maintainers in Debian? -- Dmitry Shachnev signature.asc Description: OpenPGP digital signature -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2
On Mon, Feb 16, 2015 at 8:14 PM, Jackson Doak nosk...@ubuntu.com wrote: Just looking through upstream logs, this should be as simple as uploading libgit2-glib 0.22.0 and gitg 3.15.1 unfortunately there's symbol retractions without soname change :( http://paste.ubuntu.com/10271618/ -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: libgit2
Just looking through upstream logs, this should be as simple as uploading libgit2-glib 0.22.0 and gitg 3.15.1 On Tue, Feb 17, 2015 at 2:06 AM, Harald Sitter apachelog...@ubuntu.com wrote: it would be very lovely if someone who's interested in gitg could have a look at transitioning libgit2 - libgit2-glib - gitg to libgit2 0.22. 0.21 apparently had stability problems in the editor kate so 0.22 is a minimum requirement there. cheers HS -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
libgit2
it would be very lovely if someone who's interested in gitg could have a look at transitioning libgit2 - libgit2-glib - gitg to libgit2 0.22. 0.21 apparently had stability problems in the editor kate so 0.22 is a minimum requirement there. cheers HS -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
