OpenSSL 3.0 transition plans

Hi all,

As some of you might have surmised, we’re planning to move to OpenSSL 3.0 for 22.04. This new major release brings of course some new things, but also breaks API and ABI.

We intend to update the openssl package to 3.0.0 as soon as possible in the 22.04 cycle, provided that all the build-rdepends of libssl-dev in main are ready for the transition. You’ll find here the latest test
rebuild, where you’ll find that around 35 rdeps from main, and ~180 packages from universe fail to build. This test build has been done in the PPA schopin/openssl-3.0.0, which you can use to test your packages against.

If you’d like to help out (please do ;-)), I’ve started filing bugs against the various packages that fail, using the tag ‘transition-openssl3-jj’ [3] to track it all. Please use this tag when working on this issue. You’ll find resources to migrate codebases from 1.1 in the OpenSSL man pages.

As stated, the transition should only take place if main is ready for it. As far as universe is concerned, in an ideal world all the 180 packages above would be fixed in time for the release. However, if not
so, we’ll either remove the package from the release or, if really necessary, would introduce a compatibility openssl-1.1 package. The latter option is of course highly undesirable.

When we’ll upload the new version of openssl to the archive, existing packages should still be installable as the binaries for libssl1.1 will be kept around as long as they’re depended on. However, the autopkgtests of packages lagging in the transition, or even of their rdeps, might start to fail if they build the tests during the autopkgtests. If that’s the case, you might want to get the package rebuilt against OpenSSL3 and rerun the tests with all-proposed=1.

(this is a copy of an email sent to ubuntu-devel@, which is currently awaiting moderation)

1 Like