Open RaitoBezarius opened 7 months ago
For home-assistant-chip-core
we are at the mercy of the upstream Matter SDK. Their build system is pinned to Ubuntu 20.04, which only carries OpenSSL 1.1, so the wheels get built against that.
Building that from source is not feasible, as the Git repo with all required submodules is 27 GiB in size, before it bootstraps and downloads even more things.
Issue reported earlier this year at https://github.com/project-chip/connectedhomeip/issues/25688
The upstream documentation for pcsc-safenet claims that it's possible to make it work with newer OpenSSL releases. I haven't succeeded in doing so to date, but will take another shot at it.
This will be solved for aws-workspaces when we get this done: https://github.com/NixOS/nixpkgs/pull/251976
Besides bip being unmaintained in nixpkgs, it's also dead upstream, no commits in nearly 2 years, and the openssl situation was raised a while ago w no response https://projects.duckcorp.org/issues/780
And in nixpkgs it seems that we are just adding patch after patch just to keep it alive.
FYI I'm looking into upgrading the sgx-sdk.
From my perspective getting #254845 merged is the best option to remove its OpenSSL 1.1 dependency.
wkhtmltopdf-bin does not seem to depend on openssl_1_1
as far as I can tell (unless I am missing something?)
wkhtmltopdf-bin does not seem to depend on
openssl_1_1
as far as I can tell (unless I am missing something?)
libssl.so.1.1 wanted by /nix/store/qkkgc8yjxb6bz13i9mhxv8vfnn26srg8-wkhtmltopdf-bin-0.12.6-3/bin/wkhtmltopdf
EDIT: we should remove wkhtmltopdf soon anyways
sgx-sdk: 2.21 -> 2.23 should also close out any remaining OpenSSL 1.1 from the sgx-* packages.
The next home-assistant-chip-core release will migrate to boringssl. Finally.
If those dependencies are not migrated one month before 2 months before the next release process starts, I propose to remove them from nixpkgs.
I think we're getting closer to having to follow up on that consideration.
Updating the list from OG post would be nice. Lot of those packages from list have meanwhile removed openssl 1.1 dependency.
Issue description
Now that it's clear that OpenSSL 1.1 is EOL to everyone (https://endoflife.date/openssl), we need to take care of the remnants of OpenSSL 1.1.
cl-async-ssl
@UtharIf those dependencies are not migrated one month before 2 months before the next release process starts, I propose to remove them from nixpkgs.