Bug#874683: Bug#875058: [mumble] Future Qt4 removal from Buster

[Chris Knadle]

Georg Faerber:
> Hi all,
> 
> It's been a year since the last update.
> Therefore: Any news?
> 
> Cheers,
> Georg

The good news:
I've almost got a Mumble 1.3 snapshot ready for upload to Experimental, and I've
[finally] figured out how to strip out the unreasable files from the upstream
tarball in an automated way using the debian/copyright file and the debian/watch
file used by uscan.  With recent packaging work the Mumble 1.3 snapshots would
successfully build but then the resulting Mumble client would fail to connect to
servers due to Qt5 related SSL errors; however that got fixed 7 days ago with
the upload of qtbase-opensource-src-5.11.1+dfsg-8.


The bad news:
Having to strip out files from the upstream tarball breaks the PGP signature, so
I've had to remove the PGP signature check for now.  I've informed Mumble
upstream about the unrelasable files again [they're draft IETF documents that
are part of Git submodules for Speex, CELT, and Opus], and they agree that it's
an issue.

Mumble upstream development has slowed, the main developers are out of contact,
and the Windows build infrastructure has been down for some time [several
weeks].  I suspect a Mumble 1.3 stable release will not be ready in time for the
upcoming release of Buster.  This worries me a bit when it comes to what the
right thing to do for both Debian and Tails concerning Mumble.


Let me know if there are suggestions re: dealing with this concerning Tails.
Thanks

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#875058: [mumble] Future Qt4 removal from Buster

[Georg Faerber]

(Sorry for missing In-Reply-To: and References:.)

Hi all,

It's been a year since the last update.
Therefore: Any news?

Cheers,
Georg


signature.asc
Description: Digital signature

Bug#875058: [mumble] Future Qt4 removal from Buster

[Chris Knadle]

Lisandro Damián Nicanor Pérez Meyer:
> On miércoles, 20 de septiembre de 2017 04:56:51 -03 Chris Knadle wrote:
> [snip] 
>> Given how much time there is before the freeze for Buster I have hopes
>> that this will all work out. right now it seems like things are in the
>> "hurry up and wait" category. ;-)
> 
> I do expect the same except if OpenSSL 1.0 gets removed first. In that case 
> I'll have no other choice but to upload Qt 4 without SSL support.

Understood. Thank you for the heads-up. Hopefully it won't come to that,
but if it does I'll understand and we'll all deal with it best we can.

Thanks much.

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us



signature.asc
Description: OpenPGP digital signature

Bug#875058: [mumble] Future Qt4 removal from Buster

[Lisandro Damián Nicanor Pérez Meyer]

On miércoles, 20 de septiembre de 2017 04:56:51 -03 Chris Knadle wrote:
[snip] 
> Given how much time there is before the freeze for Buster I have hopes
> that this will all work out. right now it seems like things are in the
> "hurry up and wait" category. ;-)

I do expect the same except if OpenSSL 1.0 gets removed first. In that case 
I'll have no other choice but to upload Qt 4 without SSL support.


-- 
Confucius say: He who play in root, eventually kill tree.

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#875058: [mumble] Future Qt4 removal from Buster

[Chris Knadle]

Lisandro Damián Nicanor Pérez Meyer:
> On lunes, 18 de septiembre de 2017 05:37:03 -03 Chris Knadle wrote:
>> Lisandro Damián Nicanor Pérez Meyer:

[Got and understood your other comments]


>> And if all goes well, Qt 5.10 and mumble-1.3.x will both have stable
>> releases in time to upload them to Unstable before the freeze for
>> Buster. [Freeze sometime ~Jan 2019, I guess.]
> 
> I think either you or me are missing a point here. Right now both qt4 and qt5 
> use OpenSSL 1.0. So if mumbles uses OpenSSL 1.1 then it means that it is not 
> using Qt5's Network submodule, so it's not mixing OpenSSL versions (and if it 
> is, it has been lucky enough to avoid crashes).

Oh. :-( Yes, at minimum I think I missed something.

I had heard that Qt5 didn't work with OpenSSL 1.1, I didn't realize Qt4
was also using OpenSSL 1.0. :-( I believe Mumble /does/ use Qt4's SSL
submodule, so I think it /is/ mixing OpenSSL versions right now. That's
not optimal but I haven't seen problems using the package nor gotten new
bug reports related to SSL issues thusfar.

If I had known Qt4 was still using OpenSSL 1.0 I would have hardcoded a
build-depends for mumble-1.2.x to use the same for the Stretch release.
*shrug* Can't win 'em all, I suppose.

> If this is the case then there is nothing sotpping mumble from being ported 
> to 
> Qt5.

Sort of.

Mumble 1.2.x won't build with Qt5, 1.3.x will, but 1.3.x is still in
development and after the painful experience of a snapshot being in the
Wheezy release, upstream (I think rightfully) asked me not to upload
snapshots. I've been wanting to upload a snapshot to Experimental for
testing purposes, but right now the 1.3.x source tarballs contain
unreleasable files that would require building a -dfsg tarball. These
files are normally stripped out by upstream for stable releases, but the
script that builds the release tarballs needs updating after a lot of
development/changes in mumble 1.3.x.

Given how much time there is before the freeze for Buster I have hopes
that this will all work out. right now it seems like things are in the
"hurry up and wait" category. ;-)

   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us



signature.asc
Description: OpenPGP digital signature

Bug#875058: [mumble] Future Qt4 removal from Buster

[Lisandro Damián Nicanor Pérez Meyer]

On lunes, 18 de septiembre de 2017 05:37:03 -03 Chris Knadle wrote:
> Lisandro Damián Nicanor Pérez Meyer:
[snip]
> Hello again Lisandro. ;-)

Hi! :-)

> Mumble uses SSL (and has to) and the build logs look like the current
> version in Unstable is built against libssl1.1_1.1.0c-4:
> 
> https://buildd.debian.org/status/fetch.php?pkg=mumble=amd64=1.2.18-> 
> 1=1485106520=0
> 
> So that looks to me like mumble is built against OpenSSL 1.1, AFAIK.

It build-depends upon libssl-dev, so yes.

> There has been some discussion in the #mumble IRC channel on Freenode
> that Qt5 currently doesn't support OpenSSL 1.1,

Exactly as Qt4 does.

> but I did some digging
> and it looks like it does as of Qt 5.10.0 Alpha:
> 
> https://bugreports.qt.io/browse/QTBUG-52905

Right.

> There's a commit listed there for the fix, so I suppose it may be
> possible to backport a patch for Qt 5.7.

Qt 5.7 is only available in stable, so no, it won't get a backport.
Buster on the other hand will have Qt 5.10.

> And if all goes well, Qt 5.10 and mumble-1.3.x will both have stable
> releases in time to upload them to Unstable before the freeze for
> Buster. [Freeze sometime ~Jan 2019, I guess.]

I think either you or me are missing a point here. Right now both qt4 and qt5 
use OpenSSL 1.0. So if mumbles uses OpenSSL 1.1 then it means that it is not 
using Qt5's Network submodule, so it's not mixing OpenSSL versions (and if it 
is, it has been lucky enough to avoid crashes).

If this is the case then there is nothing sotpping mumble from being ported to 
Qt5.

Kinds regards, Lisandro.

-- 
The box said 'Requires Windows 95 or better'. So I installed Linux.
  Anonymous

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.

Bug#875058: [mumble] Future Qt4 removal from Buster

[Chris Knadle]

Lisandro Damián Nicanor Pérez Meyer:
> On 9 September 2017 at 18:23, Chris Knadle  wrote:
> [snip]
>> mumble 1.3.x that works with QT5 isn't released yet and they don't want
>> me to upload a package to Debian until it is. I was specifically
>> requested not to upload snapshots.
>>
>> Also mumble 1.3.x source contains unreleasable files -- these get
>> stripped out by upstream's release scripts which need updating for the
>> new version, which hasn't been done because 1.3.x is not quite ready for
>> release.
>>
>> I'll discuss this with upstream.
> 
> Hi Chris! While it would be good to switch everything as fast as
> possible I don't think the removal will happen soon... unless mumble
> uses SSL and OpenSSL1.0 gets removed from the archive :-/

Hello again Lisandro. ;-)

Mumble uses SSL (and has to) and the build logs look like the current
version in Unstable is built against libssl1.1_1.1.0c-4:

https://buildd.debian.org/status/fetch.php?pkg=mumble=amd64=1.2.18-1=1485106520=0

So that looks to me like mumble is built against OpenSSL 1.1, AFAIK.

There has been some discussion in the #mumble IRC channel on Freenode
that Qt5 currently doesn't support OpenSSL 1.1, but I did some digging
and it looks like it does as of Qt 5.10.0 Alpha:

https://bugreports.qt.io/browse/QTBUG-52905

There's a commit listed there for the fix, so I suppose it may be
possible to backport a patch for Qt 5.7.

And if all goes well, Qt 5.10 and mumble-1.3.x will both have stable
releases in time to upload them to Unstable before the freeze for
Buster. [Freeze sometime ~Jan 2019, I guess.]

Hope this helps. ;-)
Thanks
   -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#875058: [mumble] Future Qt4 removal from Buster

[Chris Knadle]

Lisandro Damián Nicanor Pérez Meyer:
> Source: mumble
> Version: 1.2.18-1
> Severity: wishlist
> User: debian-qt-...@lists.debian.org
> Usertags: qt4-removal
> 
> 
> Hi! As you might know we the Qt/KDE team are preparing to remove Qt4
> as [announced] in:
> 
> [announced] 
> 

I'm aware.
I also got another bug on this a little while ago #874683 about the same
thing.

> Currently Qt4 has been dead upstream and we are starting to have problems
> maintaining it, like for example in the [OpenSSL 1.1 support] case.
> 
> [OpenSSL 1.1 support] 
> 
> 
> In order to make this move, all packages directly or indirectly depending on
> the Qt4 libraries have to either get ported to Qt5 or eventually get
> removed from the Debian repositories.
> 
> Therefore, please take the time and:
> - contact your upstream (if existing) and ask about the state of a Qt5
> port of your application

mumble 1.3.x that works with QT5 isn't released yet and they don't want
me to upload a package to Debian until it is. I was specifically
requested not to upload snapshots.

Also mumble 1.3.x source contains unreleasable files -- these get
stripped out by upstream's release scripts which need updating for the
new version, which hasn't been done because 1.3.x is not quite ready for
release.

I'll discuss this with upstream.

  -- Chris

-- 
Chris Knadle
chris.kna...@coredump.us

Bug#875058: [mumble] Future Qt4 removal from Buster

[Lisandro Damián Nicanor Pérez Meyer]

Source: mumble
Version: 1.2.18-1
Severity: wishlist
User: debian-qt-...@lists.debian.org
Usertags: qt4-removal


Hi! As you might know we the Qt/KDE team are preparing to remove Qt4
as [announced] in:

[announced] 


Currently Qt4 has been dead upstream and we are starting to have problems
maintaining it, like for example in the [OpenSSL 1.1 support] case.

[OpenSSL 1.1 support] 

In order to make this move, all packages directly or indirectly depending on
the Qt4 libraries have to either get ported to Qt5 or eventually get
removed from the Debian repositories.

Therefore, please take the time and:
- contact your upstream (if existing) and ask about the state of a Qt5
port of your application
- if there are no activities regarding porting, investigate whether there are
suitable alternatives for your users
- if there is a Qt5 port that is not yet packaged, consider packaging it
- if both the Qt4 and the Qt5 versions already coexist in the Debian
archives, consider removing the Qt4 version

= Porting =

Some of us where involved in various Qt4 to Qt5 migrations [migration] and we
know for sure that porting stuff from Qt4 to Qt5 is much much easier and less
painful than it was from Qt3 to Qt4.

We also understand that there is still a lot of software still using Qt4.

Don't forget to take a look at the C++ API changes page [apichanges] whenever
you start porting your application.

[migration] http://pkg-kde.alioth.debian.org/packagingqtbasedstuff.html
[apichanges] http://doc.qt.io/qt-5/sourcebreaks.html

For any questions and issues, do not hesitate to contact the Debian Qt/KDE
team at debian-qt-...@lists.debian.org

The removal is being tracked in 

Lisandro,
on behalf of the Qt4 maintainers