Control: tag -1 patch Hi Sebastian, hi Denis,
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (2017-11-14): > On 2017-10-21 16:37:14 [+0200], Denis Briand wrote: > > Pgadmin3 is no longer supported by upstream team and I haven't > > enought skills in openssl lib to fix this bug. Feel free to raise > > the bug severity to prevent pgadmin3 to be in buster. > > > > In a marvelous world we should build pgadmin4 instead but it's > > completly not the same interface (web) and needs many work hours and > > skills in web software package building. > > What is your final pgadmin plan for Buster? According to the webpage 3 > is no longer supported. Do you want 3 in or plan to package 4? I've had the pleasure to discuss this with Denis at MiniDebConf in Toulouse, and AFAIUI it seems it would be nice to keep pgadmin3 around until pgadmin4 gets packaged. Looking at the build failure, it happens in paths involving libssh2: pgadmin/libssh2 pgadmin/include/libssh2 Since this seemed like an embedded code copy, I've looked into libssh2 vs. openssl 1.1, and found this: https://github.com/libssh2/libssh2/pull/70/commits I've applied both commits to openssl.{c,h} in pgadmin3 (need to patch both of them manually since they are not in the same directory): https://github.com/libssh2/libssh2/pull/70/commits/a62842a9275fe3d6ba4b67b7f01ab3f00d086f83 https://github.com/libssh2/libssh2/pull/70/commits/eb497bddd5f382ca1468d72c6cd3d804ca68afb5 (Add “.patch” at the end of the URL to get a raw patch.) The build can then be resumed but fails later, possibly because patches in libssh2 were incomplete or because openssl made more changes. I didn't investigate at this point since it's clear that having embedded code copies is awful already. https://wiki.debian.org/EmbeddedCodeCopies I've briefly looked into configure.ac to see how library detection is performed, and found out that the embedded libssh2 depends on openssl being activated through ./configure; it's the default, but can be switched off, to use libgcrypt instead. I've added two flags in debian/rules, which made it possible to build the package. I didn't update build-depends, and I didn't test a full build under cowbuilder or sbuild, but that might be something that would help you keep pgadmin3 in testing a bit longer. See attached source debdiff. Please make sure to test your package extensively, I only checked it builds with these settings; also feel free to reword the changelog entry as you wish. :) Denis, On a personal note: you did a very good job organizing this Mini-DebConf, and an even better job getting people to look at your RC bugs! ;) KiBi.
diff -Nru pgadmin3-1.22.2/debian/changelog pgadmin3-1.22.2/debian/changelog
--- pgadmin3-1.22.2/debian/changelog 2016-11-15 09:39:41.000000000 +0000
+++ pgadmin3-1.22.2/debian/changelog 2017-11-19 02:01:11.000000000 +0000
@@ -1,3 +1,13 @@
+pgadmin3 (1.22.2-2) UNRELEASED; urgency=medium
+
+ * Work around the FTBFS with OpenSSL 1.1: pgadmin3 contains an embedded
+ copy of the libssh2 library, which needs a few patches to support
+ OpenSSL 1.1. Instead of cherry-picking patches for this embedded code
+ copy, let's switch to libgcrypt which is an alternative to openssl
+ according to the configure script.
+
+ -- Cyril Brulebois <k...@debian.org> Sun, 19 Nov 2017 02:01:11 +0000
+
pgadmin3 (1.22.2-1) unstable; urgency=medium
* New upstream version.
diff -Nru pgadmin3-1.22.2/debian/rules pgadmin3-1.22.2/debian/rules
--- pgadmin3-1.22.2/debian/rules 2016-01-11 12:03:17.000000000 +0000
+++ pgadmin3-1.22.2/debian/rules 2017-11-19 02:01:11.000000000 +0000
@@ -10,7 +10,9 @@
--infodir=\$${prefix}/share/info \
--disable-dependency-tracking \
--with-wx=/usr \
- --with-wx-version=$(shell wx-config --release)
+ --with-wx-version=$(shell wx-config --release) \
+ --with-libgcrypt \
+ --without-openssl
override_dh_auto_build:
$(MAKE) CFLAGS+="-g" CXXFLAGS+="-g"
signature.asc
Description: PGP signature
