Skip to content

New package openssl-hardened-dev #70700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xnox merged 2 commits into from
Nov 3, 2025
Merged

New package openssl-hardened-dev #70700

xnox merged 2 commits into from
Nov 3, 2025

Conversation

@xnox
Copy link
Member

@xnox xnox commented Nov 2, 2025

Add a new package openssl-hardened-dev. It configures an OpenSSL
header that removes access to all deprecated APIs. Allow installing it
as a build-time dependency. This allows to simulate builds against
OpenSSL 3 that is configured with no-deprecated API/ABI, as well as
OpenSSL 4.

Use this new openssl-hardended-dev to compile apk-tools. This shows
all the build-time issues where deprecated APIs are used, and allows
to safely port apk-tools away from them. It remains API/ABI compatible
with the current OpenSSL 3 builds, and will enable to move to OpenSSL
4 ABI with a no-change rebuild.

@xnox xnox requested review from a team November 2, 2025 20:04
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Nov 2, 2025
@octo-sts

This comment was marked as resolved.

Sign in to view
@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Nov 2, 2025
@xnox
New package openssl-hardened-dev
d243a3c 
Add a new package openssl-hardened-dev. It configures an OpenSSL
header that removes access to all deprecated APIs. Allow installing it
as a build-time dependency. This allows to simulate builds against
OpenSSL 3 that is configured with no-deprecated API/ABI, as well as
OpenSSL 4.

Use this new openssl-hardended-dev to compile apk-tools. This shows
all the build-time issues where deprecated APIs are used, and allows
to safely port apk-tools away from them. It remains API/ABI compatible
with the current OpenSSL 3 builds, and will enable to move to OpenSSL
4 ABI with a no-change rebuild.
@xnox xnox force-pushed the openssl-hardened-dev branch from 0aa1732 to d243a3c Compare November 2, 2025 20:32
Taffer
Taffer approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@Taffer Taffer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great idea, love it!

@xnox xnox merged commit 20860e2 into wolfi-dev:main Nov 3, 2025
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Taffer Taffer Taffer approved these changes

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xnox @Taffer