[Tracking Issue] Remaining OpenSSL 1.1 dependents

[RaitoBezarius]

Issue description

Now that it's clear that OpenSSL 1.1 is EOL to everyone (https://endoflife.date/openssl), we need to take care of the remnants of OpenSSL 1.1.

• [x] home-assistant-chip-core @mweinelt https://github.com/project-chip/connectedhomeip/issues/25688
• [ ] osquery @nlewo @RaitoBezarius
• [x] Ruby @ajs124
• [ ] Viber @SimonBrandner @prtzl
• [ ] AWS workspace @dylanmtaylor @mausch
• [ ] PHP legacy extension @RaitoBezarius
• [x] PHP's relay package @ostrolucky #270128
• [ ] Lisp's cl-async-ssl @Uthar
• [ ] paddlepaddle @happysalada
• [ ] pcsc-safenet @charles-dyfis-net
• [x] sgx-sdk @blitz #254845
• [ ] sublimetext4 @PedroHLC @jtojnar https://github.com/sublimehq/sublime_text/issues/5984
• [ ] runescaper launcher @GRBurst
• [ ] quickbms: no maintainer
• [ ] wraith @ajs124 @elitak
• [x] kore @JohnMH #292644
• [ ] wkhtmltopdf-bin @kalbasit @nbr
• [ ] mrustc's bootstrap @progval @r-burns
• [x] archiveopteryx @phunehehe #270449
• [x] bip: no maintainer #271248

If those dependencies are not migrated one month before 2 months before the next release process starts, I propose to remove them from nixpkgs.

[mweinelt]

For home-assistant-chip-core we are at the mercy of the upstream Matter SDK. Their build system is pinned to Ubuntu 20.04, which only carries OpenSSL 1.1, so the wheels get built against that.

Building that from source is not feasible, as the Git repo with all required submodules is 27 GiB in size, before it bootstraps and downloads even more things.

Issue reported earlier this year at https://github.com/project-chip/connectedhomeip/issues/25688

[charles-dyfis-net]

The upstream documentation for pcsc-safenet claims that it's possible to make it work with newer OpenSSL releases. I haven't succeeded in doing so to date, but will take another shot at it.

[mausch]

This will be solved for aws-workspaces when we get this done: https://github.com/NixOS/nixpkgs/pull/251976

[eclairevoyant]

Besides bip being unmaintained in nixpkgs, it's also dead upstream, no commits in nearly 2 years, and the openssl situation was raised a while ago w no response https://projects.duckcorp.org/issues/780

And in nixpkgs it seems that we are just adding patch after patch just to keep it alive.

[blitz]

FYI I'm looking into upgrading the sgx-sdk.

[blitz]

From my perspective getting #254845 merged is the best option to remove its OpenSSL 1.1 dependency.

[nbr]

wkhtmltopdf-bin does not seem to depend on openssl_1_1 as far as I can tell (unless I am missing something?)

[kirillrdy]

wkhtmltopdf-bin does not seem to depend on openssl_1_1 as far as I can tell (unless I am missing something?)

libssl.so.1.1 wanted by /nix/store/qkkgc8yjxb6bz13i9mhxv8vfnn26srg8-wkhtmltopdf-bin-0.12.6-3/bin/wkhtmltopdf

EDIT: we should remove wkhtmltopdf soon anyways

[phlip9]

sgx-sdk: 2.21 -> 2.23 should also close out any remaining OpenSSL 1.1 from the sgx-* packages.

[mweinelt]

The next home-assistant-chip-core release will migrate to boringssl. Finally.

[mweinelt]

If those dependencies are not migrated one month before 2 months before the next release process starts, I propose to remove them from nixpkgs.

I think we're getting closer to having to follow up on that consideration.

[ostrolucky]

Updating the list from OG post would be nice. Lot of those packages from list have meanwhile removed openssl 1.1 dependency.