Fix debian compilation.

[jacksonrayhamilton]

Fixes https://github.com/ysbaddaden/prax.cr/issues/65 by updating the Makefile so it can create a usable ".deb" for Debian 9 without resorting to old packages on that distro.

[ysbaddaden]

I'm fine with 92a0f89277f57301e95039a89a8c72c2217cfba8 but the --no-debug issue should be fixed with the latest crystal deb packages (0.24.1).

[jacksonrayhamilton]

Yep, I can compile now on master without that flag. Reverted the other commit.

[ysbaddaden]

I have second thoughts about this: OpenSSL v1.1 introduced breaking changes; Crystal has compile-time support for both v1.0 and v1.1 but a built binary will require either libssl1.0 or libssl1.1 but not both (missing symbols).

[jacksonrayhamilton]

What if we did | libssl1.0.2 in the deb instead? Would that have “ABI incompatibilites” as you alluded to here?

I’d like to test this myself across Ubuntu and Debian later.

[ysbaddaden]

No, a binary built against libssl1.0 is incompatible with libssl1.1. The .deb should correctly reflect which one is required, otherwise we could install it, but the binary would fail to start if the incompatible libssl version is installed

[jacksonrayhamilton]

In your last response you say “incompatible with libssl1.1”, but I mentioned libssl1.0.2.

[ysbaddaden]

What would specifying "libssl 1.0.2" fix? OpenSSL 1.0.x and 1.1.x are ABI incompatible.

[jacksonrayhamilton]

The problem seemed to be that Debian 9 does not offer libssl1.0.0. It does, however, offer libssl1.0.2 and libssl1.1.0. In this PR I attempted to use 1.0.0 or 1.1, but apparently that will not work. But would allowing 1.0.0 or 1.0.2 work?

[ysbaddaden]

Ah, I finally understood!

Ubuntu has packages for libssl1.0.0 for all distributions, but debian has libssl1.0.0 for jessie and older, but libssl1.0.2 for stretch and newer, because of:

Build with no-ssl3-method to remove all SSLv3 support. This results in the functions SSLv3_method(), SSLv3_server_method() and SSLv3_client_method() being removed from libssl. Change the soname as result of that and also changes name of the binary package.

We don't use the missing symbols in the openssl bindings (we use SSLv23_method which actually enables TLS), so having libssl1.0.2 | libssl1.0.0 should be fine.