You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2021/11/09 20:50:33 UTC
Openssl, serf and curl
I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
The focus would be on ./main/ucb/source/ucp/webdav and migrating it from Serf to curl...
Comments? Suggestions? Alternatives?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Marcus <ma...@wtnet.de>.
Am 09.11.21 um 22:31 schrieb Matthias Seidel:
> Am 09.11.21 um 21:50 schrieb Jim Jagielski:
>> I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
>>
>> To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
>>
>> One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
>
> +1 simply for reducing the dependencies on those various libraries. If
> it can be done with curl we should try it.
yes, please try it.
Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Jim,
Am 09.11.21 um 21:50 schrieb Jim Jagielski:
> I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
>
> To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
>
> One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
+1 simply for reducing the dependencies on those various libraries. If
it can be done with curl we should try it.
Matthias
>
> The focus would be on ./main/ucb/source/ucp/webdav and migrating it from Serf to curl...
>
> Comments? Suggestions? Alternatives?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Jim,
Am 11.11.21 um 12:59 schrieb Jim Jagielski:
>
>> On Nov 10, 2021, at 1:33 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>> Am 10.11.21 um 19:30 schrieb Jim Jagielski:
>>> We could, but they are worse at releases than we are :-P
>> A problem that needs to be fixed... ;-)
>>
>> BTW: I think you reverted one of my commits?
> Yikes! I must have picked the wrong hash.
I just re-applied it...
>
>>>> On Nov 10, 2021, at 1:24 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>
>>>> Am 10.11.21 um 19:19 schrieb Jim Jagielski:
>>>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
>>>> Serf is an Apache project isn't it?
>>>>
>>>> Should we ask for collaboration?
>>>>
>>>>>> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>>
>>>>>> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>>>>>>> Ugg ugg and double ugg
>>>>>>>
>>>>>>> We seem to be stuck in a chicken-and-egg situation.
>>>>>>>
>>>>>>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>>>>>>
>>>>>>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>>>>>> The main problem is that Let's Encrypt root certificates expired at the
>>>>>> end of October and OpenSSL 1.0.2 has problems with the new ones:
>>>>>>
>>>>>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>>>>>>
>>>>>> For whatever reason it still works on Windows, but AOO on Linux and
>>>>>> macOS cannot connect to our Update Feed and the extensions site anymore.
>>>>>>
>>>>>> Workaround 3 (mentioned in the article) would be a possibility to fix
>>>>>> that on the server side.
>>>>>>
>>>>>>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>>>>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 10, 2021, at 1:33 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Am 10.11.21 um 19:30 schrieb Jim Jagielski:
>> We could, but they are worse at releases than we are :-P
>
> A problem that needs to be fixed... ;-)
>
> BTW: I think you reverted one of my commits?
Yikes! I must have picked the wrong hash.
>
>>
>>> On Nov 10, 2021, at 1:24 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>
>>> Am 10.11.21 um 19:19 schrieb Jim Jagielski:
>>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
>>> Serf is an Apache project isn't it?
>>>
>>> Should we ask for collaboration?
>>>
>>>>
>>>>> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>
>>>>> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>>>>>> Ugg ugg and double ugg
>>>>>>
>>>>>> We seem to be stuck in a chicken-and-egg situation.
>>>>>>
>>>>>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>>>>>
>>>>>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>>>>> The main problem is that Let's Encrypt root certificates expired at the
>>>>> end of October and OpenSSL 1.0.2 has problems with the new ones:
>>>>>
>>>>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>>>>>
>>>>> For whatever reason it still works on Windows, but AOO on Linux and
>>>>> macOS cannot connect to our Update Feed and the extensions site anymore.
>>>>>
>>>>> Workaround 3 (mentioned in the article) would be a possibility to fix
>>>>> that on the server side.
>>>>>
>>>>>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>>>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 10.11.21 um 19:30 schrieb Jim Jagielski:
> We could, but they are worse at releases than we are :-P
A problem that needs to be fixed... ;-)
BTW: I think you reverted one of my commits?
>
>> On Nov 10, 2021, at 1:24 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>> Am 10.11.21 um 19:19 schrieb Jim Jagielski:
>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
>> Serf is an Apache project isn't it?
>>
>> Should we ask for collaboration?
>>
>>>
>>>> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>
>>>> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>>>>> Ugg ugg and double ugg
>>>>>
>>>>> We seem to be stuck in a chicken-and-egg situation.
>>>>>
>>>>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>>>>
>>>>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>>>> The main problem is that Let's Encrypt root certificates expired at the
>>>> end of October and OpenSSL 1.0.2 has problems with the new ones:
>>>>
>>>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>>>>
>>>> For whatever reason it still works on Windows, but AOO on Linux and
>>>> macOS cannot connect to our Update Feed and the extensions site anymore.
>>>>
>>>> Workaround 3 (mentioned in the article) would be a possibility to fix
>>>> that on the server side.
>>>>
>>>>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
We could, but they are worse at releases than we are :-P
> On Nov 10, 2021, at 1:24 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Am 10.11.21 um 19:19 schrieb Jim Jagielski:
>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
>
> Serf is an Apache project isn't it?
>
> Should we ask for collaboration?
>
>>
>>
>>> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>
>>> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>>>> Ugg ugg and double ugg
>>>>
>>>> We seem to be stuck in a chicken-and-egg situation.
>>>>
>>>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>>>
>>>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>>> The main problem is that Let's Encrypt root certificates expired at the
>>> end of October and OpenSSL 1.0.2 has problems with the new ones:
>>>
>>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>>>
>>> For whatever reason it still works on Windows, but AOO on Linux and
>>> macOS cannot connect to our Update Feed and the extensions site anymore.
>>>
>>> Workaround 3 (mentioned in the article) would be a possibility to fix
>>> that on the server side.
>>>
>>>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 10.11.21 um 19:19 schrieb Jim Jagielski:
> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
Serf is an Apache project isn't it?
Should we ask for collaboration?
>
>
>> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>>> Ugg ugg and double ugg
>>>
>>> We seem to be stuck in a chicken-and-egg situation.
>>>
>>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>>
>>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>> The main problem is that Let's Encrypt root certificates expired at the
>> end of October and OpenSSL 1.0.2 has problems with the new ones:
>>
>> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>>
>> For whatever reason it still works on Windows, but AOO on Linux and
>> macOS cannot connect to our Update Feed and the extensions site anymore.
>>
>> Workaround 3 (mentioned in the article) would be a possibility to fix
>> that on the server side.
>>
>>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Matthias, All,
On Thu, Jan 06, 2022 at 04:08:23PM +0100, Matthias Seidel wrote:
> Hi Arrigo,
>
> Am 06.01.22 um 16:04 schrieb Arrigo Marchiori:
> > Dear All,
> >
> > On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
> >
> >> Dear All,
> >>
> >> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
> >>
> >>> Dear All,
> >>>
> >>> one more status update.
> >>>
> >>> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
> >>>
> >>>> Dear All,
> >>>>
> >>>> first of all: merry Christmas!
> >>>>
> >>>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
> >>>>
> >>>>> Hi Matthias
> >>>>>
> >>>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> >>>>>> Is this a real machine or a VM?
> >>>>> It is a real machine
> >>>>>
> >>>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> >>>>>> it definitely worked on my Laptop.
> >>>>> There were a lot of errors during unpack, as I said.
> >>>> What kind of errors? Maybe permission issues?
> >>>> I hope I will eventually get a trunk build right for everyone...
> >>>>
> >>>> By the way the problem _under Linux_ may or may not be due to
> >>>> TLS... in fact the error message is "Device or resource busy". There
> >>>> is something _inside_ serf that is failing; I am not sure it is a
> >>>> network protocol issue.
> >>>>
> >>>> I am looking into this issue in my available time.
> >>> It's true that the returned value (16) corresponds to "Device or
> >>> resource busy"... but it _also_ corresponds to
> >>> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
> >>>
> >>> This error is raised during the verification of the SSL certificate
> >>> chain. We are in method SerfSession::verifySerfCertificateChain().
> >>> Apparently, we have a certificate with subject "CN=*.apache.org" and
> >>> we are asking our certificate container if it "has" and "trusts" such
> >>> certificate for URL ooo-updates.apache.org.
> >>>
> >>> The call (simply described) is:
> >>> CertificateContainer::hasCertificate("ooo-updates.apache.org",
> >>> "*.apache.org")
> >>>
> >>> Surprisingly (to me at least), this returns
> >>> security::CertificateContainerStatus_UNTRUSTED
> >>>
> >>> This breaks the update request process.
> >> The culprit is the nss library. Our method
> >> SecurityEnvironment_NssImpl::verifyCertificate calls
> >> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
> >> "Peer's certificate issuer has been marked as not trusted by the user."
> > The problem is that NSS does not have access to an updated list of
> > certification authorities.
> >
> > NSS has its own built-in list of CA's that is stored inside library
> > libnssckbi.so. Such list does not include the CA used by our update
> > server. For this reason, the check for updates fails as described.
> >
> > There are two possible solutions, given the fact that we may not be
> > able to update our NSS to the latest and greatest version:
> >
> > 1- patch the latest CA list from current NSS into our NSS. I did it
> > for the purpose of this development, and... it is horrible. We have
> > to shave away some attributes that are not supported by our NSS:
> > - CKA_NSS_SERVER_DISTRUST_AFTER
> > - CKA_NSS_EMAIL_DISTRUST_AFTER
> > - CKA_NSS_MOZILLA_CA_POLICY
> > and I would not feel ``safe'' for our end-users if we did so.
> >
> > 2- try to access the system-level CA list, that every system should
> > have.
> >
> > I think that 2- is the way to go.
> >
> > But we are at least at the point that the serf library seems to be
> > successfully integrated and working! I may make some more commits to
> > the "serf" branch to synchronize it with my computer.
> >
> > I think we should integrate the "serf" branch only after the search
> > for update is successful, even if the problem, at this moment, may not
> > be related to the Serf library itself.
> >
> > I am of course open to discussion, as always.
>
> Any idea why it works on Windows and not on Linux/macOS?
>
> Do we access the system-level CA list on Windows somehow?
We do not use NSS for certificate validation under Windows.
Class SecurityEnvironment_MSCryptImpl is instantiated instead of
SecurityEnvironment_NssImpl. It uses Win32 API functions from header
wincrypt.h.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 06.01.22 um 16:04 schrieb Arrigo Marchiori:
> Dear All,
>
> On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
>
>> Dear All,
>>
>> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
>>
>>> Dear All,
>>>
>>> one more status update.
>>>
>>> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Dear All,
>>>>
>>>> first of all: merry Christmas!
>>>>
>>>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>>>>
>>>>> Hi Matthias
>>>>>
>>>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>> Is this a real machine or a VM?
>>>>> It is a real machine
>>>>>
>>>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>>>>> it definitely worked on my Laptop.
>>>>> There were a lot of errors during unpack, as I said.
>>>> What kind of errors? Maybe permission issues?
>>>> I hope I will eventually get a trunk build right for everyone...
>>>>
>>>> By the way the problem _under Linux_ may or may not be due to
>>>> TLS... in fact the error message is "Device or resource busy". There
>>>> is something _inside_ serf that is failing; I am not sure it is a
>>>> network protocol issue.
>>>>
>>>> I am looking into this issue in my available time.
>>> It's true that the returned value (16) corresponds to "Device or
>>> resource busy"... but it _also_ corresponds to
>>> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
>>>
>>> This error is raised during the verification of the SSL certificate
>>> chain. We are in method SerfSession::verifySerfCertificateChain().
>>> Apparently, we have a certificate with subject "CN=*.apache.org" and
>>> we are asking our certificate container if it "has" and "trusts" such
>>> certificate for URL ooo-updates.apache.org.
>>>
>>> The call (simply described) is:
>>> CertificateContainer::hasCertificate("ooo-updates.apache.org",
>>> "*.apache.org")
>>>
>>> Surprisingly (to me at least), this returns
>>> security::CertificateContainerStatus_UNTRUSTED
>>>
>>> This breaks the update request process.
>> The culprit is the nss library. Our method
>> SecurityEnvironment_NssImpl::verifyCertificate calls
>> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
>> "Peer's certificate issuer has been marked as not trusted by the user."
> The problem is that NSS does not have access to an updated list of
> certification authorities.
>
> NSS has its own built-in list of CA's that is stored inside library
> libnssckbi.so. Such list does not include the CA used by our update
> server. For this reason, the check for updates fails as described.
>
> There are two possible solutions, given the fact that we may not be
> able to update our NSS to the latest and greatest version:
>
> 1- patch the latest CA list from current NSS into our NSS. I did it
> for the purpose of this development, and... it is horrible. We have
> to shave away some attributes that are not supported by our NSS:
> - CKA_NSS_SERVER_DISTRUST_AFTER
> - CKA_NSS_EMAIL_DISTRUST_AFTER
> - CKA_NSS_MOZILLA_CA_POLICY
> and I would not feel ``safe'' for our end-users if we did so.
>
> 2- try to access the system-level CA list, that every system should
> have.
>
> I think that 2- is the way to go.
>
> But we are at least at the point that the serf library seems to be
> successfully integrated and working! I may make some more commits to
> the "serf" branch to synchronize it with my computer.
>
> I think we should integrate the "serf" branch only after the search
> for update is successful, even if the problem, at this moment, may not
> be related to the Serf library itself.
>
> I am of course open to discussion, as always.
Any idea why it works on Windows and not on Linux/macOS?
Do we access the system-level CA list on Windows somehow?
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Just a quick, small update:
On Thu, Feb 10, 2022 at 08:12:02PM +0100, Arrigo Marchiori wrote:
> Hello Carl,
>
> On Thu, Feb 10, 2022 at 11:32:57AM -0500, Carl Marcum wrote:
[...]
> > Asul has x86-64 JDK's available for Java 7 but that's all.
> >
> > https://www.azul.com/downloads/?version=java-7-lts&os=macos&package=jdk
>
> I will try that!
Installed, detected, new build of AOO41X in progress! :-)
Thank you!
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Building AOO41X on macOS Catalina [Was: Openssl, serf and curl... and NSS]
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Marcus, All,
On Thu, Feb 10, 2022 at 11:01:10PM +0100, Marcus wrote:
[huge snip about official build scripts on macOS]
> For the AOO41X release branch we really should try as best and long as
> possible to keep the setup the same like the past releases to give a (kind
> of) guarantee that a new release would run also in the same PC environment.
>
> So, the next step is to see if the build is also successful with Java 7. But
> as I see this already in progress <finger crossing>. :-)
The official build script cannot work as-is, because it expects the
only XCode to be version 7.
On Catalina, we rather have to install XCode 12.0.1 and then the SDK
only from XCode 7.3.1, using the XCodeLegacy script.
The following lines have to be commented out:
----8<--------8<--------8<--------8<--------8<--------8<--------8<---------
$(xcode-select -p | grep "Xcode7" -q)
if [ $? != 0 ]; then
echo "xcode-select must point to Xcode7."
exit 1
fi
----8<--------8<--------8<--------8<--------8<--------8<--------8<---------
This should not be a big problem IMHO.
I hope this helps,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Marcus <ma...@wtnet.de>.
Am 10.02.22 um 20:12 schrieb Arrigo Marchiori:
> Hello Carl,
>
> On Thu, Feb 10, 2022 at 11:32:57AM -0500, Carl Marcum wrote:
>
>> Hi Arrigo,
>>
>> On 2/10/22 11:00 AM, Arrigo Marchiori wrote:
>>> Hello Matthias,
>>>
>>> On Thu, Feb 10, 2022 at 03:42:16PM +0100, Matthias Seidel wrote:
>>>
>>>> Hi Arrigo,
>>>>
>>>> Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
>>>>> Dear Jim, Matthias, All,
>>>>>
>>>>> On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
>>>>>
>>>>>> That's right... I'll wait to even try compiling until things settle
>>>>>> down and we have some slowly moving target I can compile and build
>>>>>> against.
>>>>>>
>>>>>>> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>>>
>>>>>>> Hi Arrigo,
>>>>>>>
>>>>>>> No need to apologize. ;-)
>>>>>>>
>>>>>>> But I think, before we begin to think about upgrading serf we need to
>>>>>>> make sure that AOO41X is able to build successfully on all platforms.
>>>>>>>
>>>>>>> Windows and Linux are OK, I think. macOS is still pending?
>>>>> AOO41X now builds under Catalina, with a single edit to the official
>>>>> build script: AOO_JAVA_VERSION=1.8
>>>> So you build with Java 8?
>>> The official build script contains the setting:
>>> AOO_JAVA_VERSION=1.7
>>>
>>> On our Mac mini, the script fails because Java 1.7 is not installed,
>>> and it does not seem to be available on-line for download.
>>
>> What is the architecture of the Mac Mini?
>
> % uname -a
> Darwin administrators-Mac-mini.local 19.6.0 Darwin Kernel Version 19.6.0: Sun Nov 14 19:58:51 PST 2021; root:xnu-6153.141.50~1/RELEASE_X86_64 x86_64
>
>> Asul has x86-64 JDK's available for Java 7 but that's all.
>>
>> https://www.azul.com/downloads/?version=java-7-lts&os=macos&package=jdk
>
> I will try that!
>
> Please allow me to state I had no intention to ``subvert'' current
> versions of Java or whatever. For what I understand, Catalina and the
> XCode versions installed in our Mac mini do not match the reference
> macOS version and tools for our AOO41X builds, and this is absolutely
> fine for me, as long as there is someone else who has a system with
> the ``official'' architecture and is able to use it.
>
> I am just trying to have a (whatever version of) macOS building AOO,
> so that when I commit something, I can test on that architecture as
> well. And possibly lower the barriers to entry for others.
>
> So if any of my edits break the builds on ``official machines'',
> please let us just revert them.
>
> The Java version change was not even committed anywhere. ;-)
>
> Thank you for reading through my disclaimer. ;-)
Don't worry. I don't see a problem for now. Great that you experiment
with a different setup to see how it works then.
For the AOO41X release branch we really should try as best and long as
possible to keep the setup the same like the past releases to give a
(kind of) guarantee that a new release would run also in the same PC
environment.
So, the next step is to see if the build is also successful with Java 7.
But as I see this already in progress <finger crossing>. :-)
All fine
Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Carl,
On Thu, Feb 10, 2022 at 11:32:57AM -0500, Carl Marcum wrote:
> Hi Arrigo,
>
> On 2/10/22 11:00 AM, Arrigo Marchiori wrote:
> > Hello Matthias,
> >
> > On Thu, Feb 10, 2022 at 03:42:16PM +0100, Matthias Seidel wrote:
> >
> > > Hi Arrigo,
> > >
> > > Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
> > > > Dear Jim, Matthias, All,
> > > >
> > > > On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
> > > >
> > > > > That's right... I'll wait to even try compiling until things settle
> > > > > down and we have some slowly moving target I can compile and build
> > > > > against.
> > > > >
> > > > > > On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
> > > > > >
> > > > > > Hi Arrigo,
> > > > > >
> > > > > > No need to apologize. ;-)
> > > > > >
> > > > > > But I think, before we begin to think about upgrading serf we need to
> > > > > > make sure that AOO41X is able to build successfully on all platforms.
> > > > > >
> > > > > > Windows and Linux are OK, I think. macOS is still pending?
> > > > AOO41X now builds under Catalina, with a single edit to the official
> > > > build script: AOO_JAVA_VERSION=1.8
> > > So you build with Java 8?
> > The official build script contains the setting:
> > AOO_JAVA_VERSION=1.7
> >
> > On our Mac mini, the script fails because Java 1.7 is not installed,
> > and it does not seem to be available on-line for download.
>
> What is the architecture of the Mac Mini?
% uname -a
Darwin administrators-Mac-mini.local 19.6.0 Darwin Kernel Version 19.6.0: Sun Nov 14 19:58:51 PST 2021; root:xnu-6153.141.50~1/RELEASE_X86_64 x86_64
> Asul has x86-64 JDK's available for Java 7 but that's all.
>
> https://www.azul.com/downloads/?version=java-7-lts&os=macos&package=jdk
I will try that!
Please allow me to state I had no intention to ``subvert'' current
versions of Java or whatever. For what I understand, Catalina and the
XCode versions installed in our Mac mini do not match the reference
macOS version and tools for our AOO41X builds, and this is absolutely
fine for me, as long as there is someone else who has a system with
the ``official'' architecture and is able to use it.
I am just trying to have a (whatever version of) macOS building AOO,
so that when I commit something, I can test on that architecture as
well. And possibly lower the barriers to entry for others.
So if any of my edits break the builds on ``official machines'',
please let us just revert them.
The Java version change was not even committed anywhere. ;-)
Thank you for reading through my disclaimer. ;-)
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Carl Marcum <cm...@apache.org>.
Hi Arrigo,
On 2/10/22 11:00 AM, Arrigo Marchiori wrote:
> Hello Matthias,
>
> On Thu, Feb 10, 2022 at 03:42:16PM +0100, Matthias Seidel wrote:
>
>> Hi Arrigo,
>>
>> Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
>>> Dear Jim, Matthias, All,
>>>
>>> On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
>>>
>>>> That's right... I'll wait to even try compiling until things settle
>>>> down and we have some slowly moving target I can compile and build
>>>> against.
>>>>
>>>>> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> No need to apologize. ;-)
>>>>>
>>>>> But I think, before we begin to think about upgrading serf we need to
>>>>> make sure that AOO41X is able to build successfully on all platforms.
>>>>>
>>>>> Windows and Linux are OK, I think. macOS is still pending?
>>> AOO41X now builds under Catalina, with a single edit to the official
>>> build script: AOO_JAVA_VERSION=1.8
>> So you build with Java 8?
> The official build script contains the setting:
> AOO_JAVA_VERSION=1.7
>
> On our Mac mini, the script fails because Java 1.7 is not installed,
> and it does not seem to be available on-line for download.
What is the architecture of the Mac Mini?
Asul has x86-64 JDK's available for Java 7 but that's all.
https://www.azul.com/downloads/?version=java-7-lts&os=macos&package=jdk
Thanks,
Carl
>
> I found Java 8 installed, and that's why I changed the setting.
>
> I hope it makes sense.
>
> Best regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Feb 10, 2022, at 1:13 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Hi Pedro,
>
> Am 10.02.22 um 18:16 schrieb Pedro Lino:
>> Hi Matthias, all
>>
>>> On 02/10/2022 4:29 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>> I think Jim has Java 7 available, since we always built AOO41X with it.
>> Is there any reason for not updating to Java 8 which is still maintained?
>> Maybe we can let go of Java 7?
>
> We shouldn't switch the JAVA version within AOO41X without decent testing.
Agreed.
>
> Of course it builds, but I remember some problems with JavaDoc?
>
> Regards,
>
> Matthias
>
>>
>> Regards,
>> Pedro
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Carl Marcum <cm...@apache.org>.
Hi All,
On 2/10/22 1:13 PM, Matthias Seidel wrote:
> Hi Pedro,
>
> Am 10.02.22 um 18:16 schrieb Pedro Lino:
>> Hi Matthias, all
>>
>>> On 02/10/2022 4:29 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>> I think Jim has Java 7 available, since we always built AOO41X with it.
>> Is there any reason for not updating to Java 8 which is still maintained?
>> Maybe we can let go of Java 7?
I'm I correct that Arrigo was only proving the build in this particular
machine ans using Java 8 because that is what was available on that machine?
I don't think our official build for the 4.1 branch should change to Java 8.
I'm all for dumping Java 7 on 4.2 and would support at least Java 11 on
trunk if possible because Java 8 is EOL now I believe.
But the Java for 4.2 and beyond is for another day.
> We shouldn't switch the JAVA version within AOO41X without decent testing.
Or at all for the release build IMHO.
>
> Of course it builds, but I remember some problems with JavaDoc?
I remember there was work done on Javadoc and it may have been from 6 to
7 but I'd have to research that.
Best regards,
Carl
>
> Regards,
>
> Matthias
>
>> Regards,
>> Pedro
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 10.02.22 um 18:16 schrieb Pedro Lino:
> Hi Matthias, all
>
>> On 02/10/2022 4:29 PM Matthias Seidel <ma...@hamburg.de> wrote:
>
>> I think Jim has Java 7 available, since we always built AOO41X with it.
> Is there any reason for not updating to Java 8 which is still maintained?
> Maybe we can let go of Java 7?
We shouldn't switch the JAVA version within AOO41X without decent testing.
Of course it builds, but I remember some problems with JavaDoc?
Regards,
Matthias
>
> Regards,
> Pedro
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Matthias, all
> On 02/10/2022 4:29 PM Matthias Seidel <ma...@hamburg.de> wrote:
> I think Jim has Java 7 available, since we always built AOO41X with it.
Is there any reason for not updating to Java 8 which is still maintained?
Maybe we can let go of Java 7?
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 10.02.22 um 17:00 schrieb Arrigo Marchiori:
> Hello Matthias,
>
> On Thu, Feb 10, 2022 at 03:42:16PM +0100, Matthias Seidel wrote:
>
>> Hi Arrigo,
>>
>> Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
>>> Dear Jim, Matthias, All,
>>>
>>> On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
>>>
>>>> That's right... I'll wait to even try compiling until things settle
>>>> down and we have some slowly moving target I can compile and build
>>>> against.
>>>>
>>>>> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> No need to apologize. ;-)
>>>>>
>>>>> But I think, before we begin to think about upgrading serf we need to
>>>>> make sure that AOO41X is able to build successfully on all platforms.
>>>>>
>>>>> Windows and Linux are OK, I think. macOS is still pending?
>>> AOO41X now builds under Catalina, with a single edit to the official
>>> build script: AOO_JAVA_VERSION=1.8
>> So you build with Java 8?
> The official build script contains the setting:
> AOO_JAVA_VERSION=1.7
>
> On our Mac mini, the script fails because Java 1.7 is not installed,
> and it does not seem to be available on-line for download.
>
> I found Java 8 installed, and that's why I changed the setting.
>
> I hope it makes sense.
Thanks for the clarification.
I think Jim has Java 7 available, since we always built AOO41X with it.
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Matthias,
On Thu, Feb 10, 2022 at 03:42:16PM +0100, Matthias Seidel wrote:
> Hi Arrigo,
>
> Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
> > Dear Jim, Matthias, All,
> >
> > On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
> >
> >> That's right... I'll wait to even try compiling until things settle
> >> down and we have some slowly moving target I can compile and build
> >> against.
> >>
> >>> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
> >>>
> >>> Hi Arrigo,
> >>>
> >>> No need to apologize. ;-)
> >>>
> >>> But I think, before we begin to think about upgrading serf we need to
> >>> make sure that AOO41X is able to build successfully on all platforms.
> >>>
> >>> Windows and Linux are OK, I think. macOS is still pending?
> > AOO41X now builds under Catalina, with a single edit to the official
> > build script: AOO_JAVA_VERSION=1.8
>
> So you build with Java 8?
The official build script contains the setting:
AOO_JAVA_VERSION=1.7
On our Mac mini, the script fails because Java 1.7 is not installed,
and it does not seem to be available on-line for download.
I found Java 8 installed, and that's why I changed the setting.
I hope it makes sense.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 10.02.22 um 15:21 schrieb Arrigo Marchiori:
> Dear Jim, Matthias, All,
>
> On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
>
>> That's right... I'll wait to even try compiling until things settle
>> down and we have some slowly moving target I can compile and build
>> against.
>>
>>> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>>
>>> Hi Arrigo,
>>>
>>> No need to apologize. ;-)
>>>
>>> But I think, before we begin to think about upgrading serf we need to
>>> make sure that AOO41X is able to build successfully on all platforms.
>>>
>>> Windows and Linux are OK, I think. macOS is still pending?
> AOO41X now builds under Catalina, with a single edit to the official
> build script: AOO_JAVA_VERSION=1.8
So you build with Java 8?
Regards,
Matthias
>
> I suggest this is a good candidate. Please note that the serf upgrade
> is _not_ yet merged.
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Jim,
Am 14.02.22 um 16:04 schrieb Jim Jagielski:
> The en-US version of a dev/test of AOO 4.1.12 can be found here: http://home.apache.org/~jim/AOO-builds/
Tested it on our Monterey/M1 machine.
Looks good! And the update check is working again! ;-)
Regards,
Matthias
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Find the latest en-US build for Windows here:
https://home.apache.org/~mseidel/Apache_OpenOffice_4.1.12_Win_x86_install_en-US_Test.exe
Am 14.02.22 um 16:04 schrieb Jim Jagielski:
> The en-US version of a dev/test of AOO 4.1.12 can be found here: http://home.apache.org/~jim/AOO-builds/
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Carl Marcum <cm...@apache.org>.
Hi Jim,
On 2/14/22 10:04 AM, Jim Jagielski wrote:
> The en-US version of a dev/test of AOO 4.1.12 can be found here: http://home.apache.org/~jim/AOO-builds/
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Are those linux builds 32 bit like the name implies?
Apache_OpenOffice_4.1.12_Linux_x86_install-deb_en-US.tar.gz 2022-02-14
17:08 151M
Apache_OpenOffice_4.1.12_Linux_x86_install-rpm_en-US.tar.gz 2022-02-14
17:08 153M
Thanks,
Carl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Jim Jagielski <ji...@jaguNET.com>.
The en-US version of a dev/test of AOO 4.1.12 can be found here: http://home.apache.org/~jim/AOO-builds/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Jim
> On 02/14/2022 12:24 PM Jim Jagielski <ji...@jagunet.com> wrote:
>
>
> If everyone is in agreement, I'll create a macOS and Linux test/dev build of AOO41X HEAD
Please do!
Actually you should put it the other way around: "If no one opposes, I'll create a macOS and Linux test/dev build of AOO41X HEAD"
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Jim Jagielski <ji...@jaguNET.com>.
If everyone is in agreement, I'll create a macOS and Linux test/dev build of AOO41X HEAD
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear Jim, Matthias, All,
On Wed, Feb 09, 2022 at 12:12:09PM -0500, Jim Jagielski wrote:
> That's right... I'll wait to even try compiling until things settle
> down and we have some slowly moving target I can compile and build
> against.
>
> > On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
> >
> > Hi Arrigo,
> >
> > No need to apologize. ;-)
> >
> > But I think, before we begin to think about upgrading serf we need to
> > make sure that AOO41X is able to build successfully on all platforms.
> >
> > Windows and Linux are OK, I think. macOS is still pending?
AOO41X now builds under Catalina, with a single edit to the official
build script: AOO_JAVA_VERSION=1.8
I suggest this is a good candidate. Please note that the serf upgrade
is _not_ yet merged.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Jim Jagielski <ji...@jaguNET.com>.
That's right... I'll wait to even try compiling until things settle down and we have some slowly moving target I can compile and build against.
> On Feb 8, 2022, at 6:06 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Hi Arrigo,
>
> No need to apologize. ;-)
>
> But I think, before we begin to think about upgrading serf we need to
> make sure that AOO41X is able to build successfully on all platforms.
>
> Windows and Linux are OK, I think. macOS is still pending?
>
> Regards,
>
> Matthias
>
> Am 07.02.22 um 08:14 schrieb Arrigo Marchiori:
>> Hello Pedro,
>>
>> On Sun, Feb 06, 2022 at 09:39:19PM +0000, Pedro Lino wrote:
>>
>>> Hi Arrigo
>>>
>>>> On 02/06/2022 9:24 PM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>>>> If anyone can reproduce the problem, i.e. has -- or can set up -- a
>>>> WebDAV server with https access, I can provide a build for testing.
>>> What problem? I use AOO to edit files on webdav.
>> Isn't this bug about WebDAV?
>> https://bz.apache.org/ooo/show_bug.cgi?id=126312
>>
>>
>>> I have just used build
>>> AOO4112m1(Build:9809) - Rev. 1986472fd5
>>> 2022-02-03_12:29:43 - Rev. 1986472fd5882e9c172fd1e6628697ec0c37d322
>>>
>>> to edit a file in
>>> https://dav.mailbox.org/servlet/webdav.infostore/Userstore/Pedro%20Lino/Documents/
>>>
>>> without any problems.
>> According to your and Matthias' results, then it has to be something
>> tied to NTML _and_ WebDAV. I apologize for being inaccurate.
>>
>> Best regards,
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
No need to apologize. ;-)
But I think, before we begin to think about upgrading serf we need to
make sure that AOO41X is able to build successfully on all platforms.
Windows and Linux are OK, I think. macOS is still pending?
Regards,
Matthias
Am 07.02.22 um 08:14 schrieb Arrigo Marchiori:
> Hello Pedro,
>
> On Sun, Feb 06, 2022 at 09:39:19PM +0000, Pedro Lino wrote:
>
>> Hi Arrigo
>>
>>> On 02/06/2022 9:24 PM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>>> If anyone can reproduce the problem, i.e. has -- or can set up -- a
>>> WebDAV server with https access, I can provide a build for testing.
>> What problem? I use AOO to edit files on webdav.
> Isn't this bug about WebDAV?
> https://bz.apache.org/ooo/show_bug.cgi?id=126312
>
>
>> I have just used build
>> AOO4112m1(Build:9809) - Rev. 1986472fd5
>> 2022-02-03_12:29:43 - Rev. 1986472fd5882e9c172fd1e6628697ec0c37d322
>>
>> to edit a file in
>> https://dav.mailbox.org/servlet/webdav.infostore/Userstore/Pedro%20Lino/Documents/
>>
>> without any problems.
> According to your and Matthias' results, then it has to be something
> tied to NTML _and_ WebDAV. I apologize for being inaccurate.
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Pedro,
On Sun, Feb 06, 2022 at 09:39:19PM +0000, Pedro Lino wrote:
> Hi Arrigo
>
> > On 02/06/2022 9:24 PM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>
> > If anyone can reproduce the problem, i.e. has -- or can set up -- a
> > WebDAV server with https access, I can provide a build for testing.
>
> What problem? I use AOO to edit files on webdav.
Isn't this bug about WebDAV?
https://bz.apache.org/ooo/show_bug.cgi?id=126312
> I have just used build
> AOO4112m1(Build:9809) - Rev. 1986472fd5
> 2022-02-03_12:29:43 - Rev. 1986472fd5882e9c172fd1e6628697ec0c37d322
>
> to edit a file in
> https://dav.mailbox.org/servlet/webdav.infostore/Userstore/Pedro%20Lino/Documents/
>
> without any problems.
According to your and Matthias' results, then it has to be something
tied to NTML _and_ WebDAV. I apologize for being inaccurate.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
that *should* work.
Regards,
Matthias
Am 03.02.22 um 18:00 schrieb Pedro Lino:
> Thanks!
>
> Can I just compile branch 41X to get a Linux build?
>
> Regards,
> Pedro
>
>> On 02/03/2022 3:00 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>
>> Fresh new Windows builds:
>>
>> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>>
>> Regards,
>>
>> Matthias
>>
>> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
>>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Hello Matthias,
>>>>
>>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> Can the changes to trunk be cherry-picked for AOO42X?
>>>> Done.
>>> Linux build available here:
>>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>>>
>>> Best regards,
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 06.02.22 um 22:24 schrieb Arrigo Marchiori:
> Hello,
>
> On Fri, Feb 04, 2022 at 06:06:10PM +0100, Matthias Seidel wrote:
>
>> Hi Peter,
>>
>> Am 04.02.22 um 17:59 schrieb Peter Kovacs:
>>> Can then someone check if this is resolved?
>>>
>>> https://bz.apache.org/ooo/show_bug.cgi?id=126312
>> I don't think so. Until now we upgraded nss. But Arrigo is working on
>> his branch to upgrade serf, I think.
> Yes, the "serf" branch exists for this purpose.
>
> If anyone can reproduce the problem, i.e. has -- or can set up -- a
> WebDAV server with https access, I can provide a build for testing.
I have just connected successfully to a NextCloud server via WebDAV with
https.
This worked with a build from trunk on Windows.
But this NextCloud server has is own authentication, I think the issue
is about Windows authentication. NextCloud would need to be in sync with
Active Directory then...
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Arrigo
> On 02/06/2022 9:24 PM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
> If anyone can reproduce the problem, i.e. has -- or can set up -- a
> WebDAV server with https access, I can provide a build for testing.
What problem? I use AOO to edit files on webdav.
I have just used build
AOO4112m1(Build:9809) - Rev. 1986472fd5
2022-02-03_12:29:43 - Rev. 1986472fd5882e9c172fd1e6628697ec0c37d322
to edit a file in
https://dav.mailbox.org/servlet/webdav.infostore/Userstore/Pedro%20Lino/Documents/
without any problems.
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello,
On Fri, Feb 04, 2022 at 06:06:10PM +0100, Matthias Seidel wrote:
> Hi Peter,
>
> Am 04.02.22 um 17:59 schrieb Peter Kovacs:
> > Can then someone check if this is resolved?
> >
> > https://bz.apache.org/ooo/show_bug.cgi?id=126312
>
> I don't think so. Until now we upgraded nss. But Arrigo is working on
> his branch to upgrade serf, I think.
Yes, the "serf" branch exists for this purpose.
If anyone can reproduce the problem, i.e. has -- or can set up -- a
WebDAV server with https access, I can provide a build for testing.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Peter,
Am 04.02.22 um 17:59 schrieb Peter Kovacs:
> Can then someone check if this is resolved?
>
> https://bz.apache.org/ooo/show_bug.cgi?id=126312
I don't think so. Until now we upgraded nss. But Arrigo is working on
his branch to upgrade serf, I think.
Regards,
Matthias
>
>
> Thx.
>
> All the Best
>
> Peter
>
> On 03.02.22 16:00, Matthias Seidel wrote:
>> Fresh new Windows builds:
>>
>> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>>
>> Regards,
>>
>> Matthias
>>
>> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
>>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Hello Matthias,
>>>>
>>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> Can the changes to trunk be cherry-picked for AOO42X?
>>>> Done.
>>> Linux build available here:
>>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>>>
>>>
>>> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Peter Kovacs <pe...@apache.org>.
Can then someone check if this is resolved?
https://bz.apache.org/ooo/show_bug.cgi?id=126312
Thx.
All the Best
Peter
On 03.02.22 16:00, Matthias Seidel wrote:
> Fresh new Windows builds:
>
> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>
> Regards,
>
> Matthias
>
> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>>
>>> Hello Matthias,
>>>
>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>>
>>>> Hi Arrigo,
>>>>
>>>> Can the changes to trunk be cherry-picked for AOO42X?
>>> Done.
>> Linux build available here:
>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>>
>> Best regards,
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 03.02.22 um 23:18 schrieb Pedro Lino:
> Hi Matthias
>
>
>> On 02/03/2022 7:48 PM Matthias Seidel <ma...@hamburg.de> wrote:
>> Build is finished but it doesn't start on my ancient Ubuntu 16.04:
>>
>> The application cannot be started.
>> exception occured raising singleton
>> "/singletons/com.sun.star.deployment.ExtensionManager": loading
>> component library failed:
>> file:///opt/openoffice4/program/../program/deployment.uno.so
> Installed without any issues on my ancient Ubuntu 18.04.6 x64 and checking for updates and extensions (except for Marco's English dictionaries) worked as expected.
That is good to hear! The problem with update check seems to be fixed.
I wonder why it does not run on Ubuntu 16.04? The problem may be the
Ubuntu version of the buildbot...
Regards,
Matthias
> I will install it on my "brand new" Ubuntu 20.04.3 tomorrow
>
> Regards,
> Pedro
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 06.02.22 um 21:26 schrieb Pedro Lino:
> Hi Matthias
>
>> On 02/04/2022 6:41 AM Matthias Seidel <ma...@hamburg.de> wrote:
>>> I will install it on my "brand new" Ubuntu 20.04.3 tomorrow
>> That might look a bit odd since 20.04 introduced some kind of scaling
>> factor in the UI. This is known, but it would need someone to fix it... ;-)
> I don't see any scaling oddity. Can you show me what you mean?
The menu bar were be higher than needed, and the sidebar looked like
this for me:
https://home.apache.org/~mseidel/AOO420-Ubuntu2004.png
The bounding boxes overlap. This is only on Ubuntu with GNOME, looks
normal on Xubuntu with XFCE.
>
> One thing that I don't understand is what the "Automatic" Icon size does. The Icon size is always set to Small regardless of the screen density/resolution... Shouldn't it switch to Large on a FullHD display? At what ppi/resolution value is it set to switch?
I have no idea... ;-)
Regards,
Matthias
>
> Regards,
> Pedro
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Matthias
> On 02/04/2022 6:41 AM Matthias Seidel <ma...@hamburg.de> wrote:
> > I will install it on my "brand new" Ubuntu 20.04.3 tomorrow
>
> That might look a bit odd since 20.04 introduced some kind of scaling
> factor in the UI. This is known, but it would need someone to fix it... ;-)
I don't see any scaling oddity. Can you show me what you mean?
One thing that I don't understand is what the "Automatic" Icon size does. The Icon size is always set to Small regardless of the screen density/resolution... Shouldn't it switch to Large on a FullHD display? At what ppi/resolution value is it set to switch?
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 03.02.22 um 23:18 schrieb Pedro Lino:
> Hi Matthias
>
>
>> On 02/03/2022 7:48 PM Matthias Seidel <ma...@hamburg.de> wrote:
>> Build is finished but it doesn't start on my ancient Ubuntu 16.04:
>>
>> The application cannot be started.
>> exception occured raising singleton
>> "/singletons/com.sun.star.deployment.ExtensionManager": loading
>> component library failed:
>> file:///opt/openoffice4/program/../program/deployment.uno.so
> Installed without any issues on my ancient Ubuntu 18.04.6 x64 and checking for updates and extensions (except for Marco's English dictionaries) worked as expected.
I can now confirm after installing AOO 4.1.12-dev on Ubuntu 18.04 in a VM.
Update feed is working again, this is important for a new release.
> I will install it on my "brand new" Ubuntu 20.04.3 tomorrow
That might look a bit odd since 20.04 introduced some kind of scaling
factor in the UI. This is known, but it would need someone to fix it... ;-)
Regards,
Matthias
>
> Regards,
> Pedro
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Matthias
> On 02/03/2022 7:48 PM Matthias Seidel <ma...@hamburg.de> wrote:
> Build is finished but it doesn't start on my ancient Ubuntu 16.04:
>
> The application cannot be started.
> exception occured raising singleton
> "/singletons/com.sun.star.deployment.ExtensionManager": loading
> component library failed:
> file:///opt/openoffice4/program/../program/deployment.uno.so
Installed without any issues on my ancient Ubuntu 18.04.6 x64 and checking for updates and extensions (except for Marco's English dictionaries) worked as expected.
I will install it on my "brand new" Ubuntu 20.04.3 tomorrow
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 03.02.22 um 18:15 schrieb Pedro Lino:
> Thank you!
>
> I will try it later today
Build is finished but it doesn't start on my ancient Ubuntu 16.04:
The application cannot be started.
exception occured raising singleton
"/singletons/com.sun.star.deployment.ExtensionManager": loading
component library failed:
file:///opt/openoffice4/program/../program/deployment.uno.so
Maybe you have better luck?
Regards,
Matthias
>
> Regards,
> Pedro
>
>> On 02/03/2022 5:06 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>
>> Am 03.02.22 um 18:00 schrieb Pedro Lino:
>>> Thanks!
>>>
>>> Can I just compile branch 41X to get a Linux build?
>> The buildbot is already building if someone wants to try later:
>>
>> https://nightlies.apache.org/openoffice/install/linsnap-41x/?C=M;O=D
>>
>> Regards,
>>
>> Matthias
>>
>>> Regards,
>>> Pedro
>>>
>>>> On 02/03/2022 3:00 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>>
>>>>
>>>> Fresh new Windows builds:
>>>>
>>>> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>>>>
>>>> Regards,
>>>>
>>>> Matthias
>>>>
>>>> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
>>>>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>>>>>
>>>>>> Hello Matthias,
>>>>>>
>>>>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>>>>>
>>>>>>> Hi Arrigo,
>>>>>>>
>>>>>>> Can the changes to trunk be cherry-picked for AOO42X?
>>>>>> Done.
>>>>> Linux build available here:
>>>>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>>>>>
>>>>> Best regards,
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Thank you!
I will try it later today
Regards,
Pedro
> On 02/03/2022 5:06 PM Matthias Seidel <ma...@hamburg.de> wrote:
>
>
> Am 03.02.22 um 18:00 schrieb Pedro Lino:
> > Thanks!
> >
> > Can I just compile branch 41X to get a Linux build?
>
> The buildbot is already building if someone wants to try later:
>
> https://nightlies.apache.org/openoffice/install/linsnap-41x/?C=M;O=D
>
> Regards,
>
> Matthias
>
> >
> > Regards,
> > Pedro
> >
> >> On 02/03/2022 3:00 PM Matthias Seidel <ma...@hamburg.de> wrote:
> >>
> >>
> >> Fresh new Windows builds:
> >>
> >> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
> >>
> >> Regards,
> >>
> >> Matthias
> >>
> >> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
> >>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
> >>>
> >>>> Hello Matthias,
> >>>>
> >>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
> >>>>
> >>>>> Hi Arrigo,
> >>>>>
> >>>>> Can the changes to trunk be cherry-picked for AOO42X?
> >>>> Done.
> >>> Linux build available here:
> >>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
> >>>
> >>> Best regards,
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> > For additional commands, e-mail: dev-help@openoffice.apache.org
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 03.02.22 um 18:00 schrieb Pedro Lino:
> Thanks!
>
> Can I just compile branch 41X to get a Linux build?
The buildbot is already building if someone wants to try later:
https://nightlies.apache.org/openoffice/install/linsnap-41x/?C=M;O=D
Regards,
Matthias
>
> Regards,
> Pedro
>
>> On 02/03/2022 3:00 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>
>> Fresh new Windows builds:
>>
>> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>>
>> Regards,
>>
>> Matthias
>>
>> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
>>> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Hello Matthias,
>>>>
>>>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> Can the changes to trunk be cherry-picked for AOO42X?
>>>> Done.
>>> Linux build available here:
>>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>>>
>>> Best regards,
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Thanks!
Can I just compile branch 41X to get a Linux build?
Regards,
Pedro
> On 02/03/2022 3:00 PM Matthias Seidel <ma...@hamburg.de> wrote:
>
>
> Fresh new Windows builds:
>
> https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
>
> Regards,
>
> Matthias
>
> Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
> > On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
> >
> >> Hello Matthias,
> >>
> >> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
> >>
> >>> Hi Arrigo,
> >>>
> >>> Can the changes to trunk be cherry-picked for AOO42X?
> >> Done.
> > Linux build available here:
> > http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
> >
> > Best regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Fresh new Windows builds:
https://home.apache.org/~mseidel/AOO-builds/AOO-4112-Test/
Regards,
Matthias
Am 31.01.22 um 21:36 schrieb Arrigo Marchiori:
> On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
>
>> Hello Matthias,
>>
>> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>>
>>> Hi Arrigo,
>>>
>>> Can the changes to trunk be cherry-picked for AOO42X?
>> Done.
> Linux build available here:
> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
On Sun, Jan 30, 2022 at 10:29:57PM +0100, Arrigo Marchiori wrote:
> Hello Matthias,
>
> On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
>
> > Hi Arrigo,
> >
> > Can the changes to trunk be cherry-picked for AOO42X?
>
> Done.
Linux build available here:
http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-31-x86_64-installed.tar.bz2
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Matthias,
On Sun, Jan 30, 2022 at 05:55:26PM +0100, Matthias Seidel wrote:
> Hi Arrigo,
>
> Can the changes to trunk be cherry-picked for AOO42X?
Done.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Can the changes to trunk be cherry-picked for AOO42X?
Regards,
Matthias
Am 30.01.22 um 16:08 schrieb Arrigo Marchiori:
> Hello Pedro,
>
> On Sun, Jan 30, 2022 at 11:12:33AM +0000, Pedro Lino wrote:
>
>> Hi Arrigo
>>
>>> On 01/30/2022 9:32 AM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>>>>> If I build from his branch, I get the much awaited "already up to
>>>>> date" message!
>> I downloaded your tar.bz2 and both Updates (program and extensions) are working as expected under Linux x64 (in this case under Ubuntu 20.04.3).
>> Well done!
> Thank you! I just merged Don's work ;-)
>
>>> Do we want to work on merging the 'serf' branch now, or shall we wait?
>> Wouldn't it be better to fix for Mac before merging?
> Absolutely!
>
> But I am stuck here: the "serf" branch forks from trunk. At the
> moment, I cannot build trunk under MacOS; I only have a system able to
> build AOO41X.
>
> So I need somebody else's help to validate the serf branch on macOS.
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Pedro,
On Sun, Jan 30, 2022 at 11:12:33AM +0000, Pedro Lino wrote:
> Hi Arrigo
>
> > On 01/30/2022 9:32 AM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>
> > > > If I build from his branch, I get the much awaited "already up to
> > > > date" message!
>
> I downloaded your tar.bz2 and both Updates (program and extensions) are working as expected under Linux x64 (in this case under Ubuntu 20.04.3).
> Well done!
Thank you! I just merged Don's work ;-)
> > Do we want to work on merging the 'serf' branch now, or shall we wait?
>
> Wouldn't it be better to fix for Mac before merging?
Absolutely!
But I am stuck here: the "serf" branch forks from trunk. At the
moment, I cannot build trunk under MacOS; I only have a system able to
build AOO41X.
So I need somebody else's help to validate the serf branch on macOS.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Arrigo
> On 01/30/2022 9:32 AM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
> > > If I build from his branch, I get the much awaited "already up to
> > > date" message!
I downloaded your tar.bz2 and both Updates (program and extensions) are working as expected under Linux x64 (in this case under Ubuntu 20.04.3).
Well done!
> Do we want to work on merging the 'serf' branch now, or shall we wait?
Wouldn't it be better to fix for Mac before merging?
Thank you for your persistence!
All the best,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
On Fri, Jan 07, 2022 at 05:21:50PM +0100, Peter Kovacs wrote:
> On 07.01.22 13:47, Arrigo Marchiori wrote:
[...]
> > Don Lewis' proposed update to NSS seem to fix this problem!
> > If I build from his branch, I get the much awaited "already up to
> > date" message!
> > Proof:
> > https://home.apache.org/~ardovm/openoffice/linux/openoffice4-nss-x86_64-2022-01-07-installed.tar.bz2
> >
> > So, the way to go is probably the one I had just excluded in the first
> > place:
> >
> > 0- update NSS as per https://github.com/apache/openoffice/pull/100
> cool if it works merge it.
Done!
Test builds od AOO41X:
- Linux: https://home.apache.org/~ardovm/openoffice/linux/openoffice4-2022-01-30-x86_64-installed.tar.bz2
- Windows: https://home.apache.org/~ardovm/openoffice/windows/Apache_OpenOffice_2022-01-30_Win_x86_install_en-US.exe
macOS is still WIP.
Do we want to work on merging the 'serf' branch now, or shall we wait?
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Peter Kovacs <pe...@apache.org>.
On 07.01.22 13:47, Arrigo Marchiori wrote:
> Hello Peter, All,
>
> On Thu, Jan 06, 2022 at 09:34:22PM +0100, Peter Kovacs wrote:
>
>> On 06.01.22 16:04, Arrigo Marchiori wrote:
>>> Dear All,
>>>
>>> On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Dear All,
>>>>
>>>> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
>>>>
>>>>> Dear All,
>>>>>
>>>>> one more status update.
>>>>>
>>>>> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
>>>>>
>>>>>> Dear All,
>>>>>>
>>>>>> first of all: merry Christmas!
>>>>>>
>>>>>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>>>>>>
>>>>>>> Hi Matthias
>>>>>>>
>>>>>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>>>> Is this a real machine or a VM?
>>>>>>> It is a real machine
>>>>>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>>>>>>> it definitely worked on my Laptop.
>>>>>>> There were a lot of errors during unpack, as I said.
>>>>>> What kind of errors? Maybe permission issues?
>>>>>> I hope I will eventually get a trunk build right for everyone...
>>>>>>
>>>>>> By the way the problem _under Linux_ may or may not be due to
>>>>>> TLS... in fact the error message is "Device or resource busy". There
>>>>>> is something _inside_ serf that is failing; I am not sure it is a
>>>>>> network protocol issue.
>>>>>>
>>>>>> I am looking into this issue in my available time.
>>>>> It's true that the returned value (16) corresponds to "Device or
>>>>> resource busy"... but it _also_ corresponds to
>>>>> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
>>>>>
>>>>> This error is raised during the verification of the SSL certificate
>>>>> chain. We are in method SerfSession::verifySerfCertificateChain().
>>>>> Apparently, we have a certificate with subject "CN=*.apache.org" and
>>>>> we are asking our certificate container if it "has" and "trusts" such
>>>>> certificate for URL ooo-updates.apache.org.
>>>>>
>>>>> The call (simply described) is:
>>>>> CertificateContainer::hasCertificate("ooo-updates.apache.org",
>>>>> "*.apache.org")
>>>>>
>>>>> Surprisingly (to me at least), this returns
>>>>> security::CertificateContainerStatus_UNTRUSTED
>>>>>
>>>>> This breaks the update request process.
>>>> The culprit is the nss library. Our method
>>>> SecurityEnvironment_NssImpl::verifyCertificate calls
>>>> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
>>>> "Peer's certificate issuer has been marked as not trusted by the user."
>>> The problem is that NSS does not have access to an updated list of
>>> certification authorities.
>>>
>>> NSS has its own built-in list of CA's that is stored inside library
>>> libnssckbi.so. Such list does not include the CA used by our update
>>> server. For this reason, the check for updates fails as described.
>>>
>>> There are two possible solutions, given the fact that we may not be
>>> able to update our NSS to the latest and greatest version:
>>>
>>> 1- patch the latest CA list from current NSS into our NSS. I did it
>>> for the purpose of this development, and... it is horrible. We have
>>> to shave away some attributes that are not supported by our NSS:
>>> - CKA_NSS_SERVER_DISTRUST_AFTER
>>> - CKA_NSS_EMAIL_DISTRUST_AFTER
>>> - CKA_NSS_MOZILLA_CA_POLICY
>>> and I would not feel ``safe'' for our end-users if we did so.
>>>
>>> 2- try to access the system-level CA list, that every system should
>>> have.
>>>
>>> I think that 2- is the way to go.
>> Just an unqalified question, can we use OpenSSL instead?
> I am not sure how much the functionalities of NSS and OpenSSL overlap.
>
> It is true that we already have a codebase supporting NSS, and that
> NSS is fairly widespread IMHO. If possible, I prefer remaining with
> NSS.
sure, it is a dependency we have to maintain of some sort. Since we will
not use the edge Version.
So I thought if it is not working we could try to make it obsolete. But
you got it otherwise. nice.
>
> And... you know what?
>
> Don Lewis' proposed update to NSS seem to fix this problem!
> If I build from his branch, I get the much awaited "already up to
> date" message!
> Proof:
> https://home.apache.org/~ardovm/openoffice/linux/openoffice4-nss-x86_64-2022-01-07-installed.tar.bz2
>
> So, the way to go is probably the one I had just excluded in the first
> place:
>
> 0- update NSS as per https://github.com/apache/openoffice/pull/100
cool if it works merge it.
>
> Best regards,
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl... and NSS
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi all,
+1 for fixing the macOS issues and merging PR100.
Regards,
Matthias
Am 07.01.22 um 13:47 schrieb Arrigo Marchiori:
> Hello Peter, All,
>
> On Thu, Jan 06, 2022 at 09:34:22PM +0100, Peter Kovacs wrote:
>
>> On 06.01.22 16:04, Arrigo Marchiori wrote:
>>> Dear All,
>>>
>>> On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Dear All,
>>>>
>>>> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
>>>>
>>>>> Dear All,
>>>>>
>>>>> one more status update.
>>>>>
>>>>> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
>>>>>
>>>>>> Dear All,
>>>>>>
>>>>>> first of all: merry Christmas!
>>>>>>
>>>>>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>>>>>>
>>>>>>> Hi Matthias
>>>>>>>
>>>>>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>>>> Is this a real machine or a VM?
>>>>>>> It is a real machine
>>>>>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>>>>>>> it definitely worked on my Laptop.
>>>>>>> There were a lot of errors during unpack, as I said.
>>>>>> What kind of errors? Maybe permission issues?
>>>>>> I hope I will eventually get a trunk build right for everyone...
>>>>>>
>>>>>> By the way the problem _under Linux_ may or may not be due to
>>>>>> TLS... in fact the error message is "Device or resource busy". There
>>>>>> is something _inside_ serf that is failing; I am not sure it is a
>>>>>> network protocol issue.
>>>>>>
>>>>>> I am looking into this issue in my available time.
>>>>> It's true that the returned value (16) corresponds to "Device or
>>>>> resource busy"... but it _also_ corresponds to
>>>>> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
>>>>>
>>>>> This error is raised during the verification of the SSL certificate
>>>>> chain. We are in method SerfSession::verifySerfCertificateChain().
>>>>> Apparently, we have a certificate with subject "CN=*.apache.org" and
>>>>> we are asking our certificate container if it "has" and "trusts" such
>>>>> certificate for URL ooo-updates.apache.org.
>>>>>
>>>>> The call (simply described) is:
>>>>> CertificateContainer::hasCertificate("ooo-updates.apache.org",
>>>>> "*.apache.org")
>>>>>
>>>>> Surprisingly (to me at least), this returns
>>>>> security::CertificateContainerStatus_UNTRUSTED
>>>>>
>>>>> This breaks the update request process.
>>>> The culprit is the nss library. Our method
>>>> SecurityEnvironment_NssImpl::verifyCertificate calls
>>>> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
>>>> "Peer's certificate issuer has been marked as not trusted by the user."
>>> The problem is that NSS does not have access to an updated list of
>>> certification authorities.
>>>
>>> NSS has its own built-in list of CA's that is stored inside library
>>> libnssckbi.so. Such list does not include the CA used by our update
>>> server. For this reason, the check for updates fails as described.
>>>
>>> There are two possible solutions, given the fact that we may not be
>>> able to update our NSS to the latest and greatest version:
>>>
>>> 1- patch the latest CA list from current NSS into our NSS. I did it
>>> for the purpose of this development, and... it is horrible. We have
>>> to shave away some attributes that are not supported by our NSS:
>>> - CKA_NSS_SERVER_DISTRUST_AFTER
>>> - CKA_NSS_EMAIL_DISTRUST_AFTER
>>> - CKA_NSS_MOZILLA_CA_POLICY
>>> and I would not feel ``safe'' for our end-users if we did so.
>>>
>>> 2- try to access the system-level CA list, that every system should
>>> have.
>>>
>>> I think that 2- is the way to go.
>> Just an unqalified question, can we use OpenSSL instead?
> I am not sure how much the functionalities of NSS and OpenSSL overlap.
>
> It is true that we already have a codebase supporting NSS, and that
> NSS is fairly widespread IMHO. If possible, I prefer remaining with
> NSS.
>
> And... you know what?
>
> Don Lewis' proposed update to NSS seem to fix this problem!
> If I build from his branch, I get the much awaited "already up to
> date" message!
> Proof:
> https://home.apache.org/~ardovm/openoffice/linux/openoffice4-nss-x86_64-2022-01-07-installed.tar.bz2
>
> So, the way to go is probably the one I had just excluded in the first
> place:
>
> 0- update NSS as per https://github.com/apache/openoffice/pull/100
>
> Best regards,
Re: Openssl, serf and curl... and NSS
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Peter, All,
On Thu, Jan 06, 2022 at 09:34:22PM +0100, Peter Kovacs wrote:
>
> On 06.01.22 16:04, Arrigo Marchiori wrote:
> > Dear All,
> >
> > On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
> >
> > > Dear All,
> > >
> > > On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
> > >
> > > > Dear All,
> > > >
> > > > one more status update.
> > > >
> > > > On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
> > > >
> > > > > Dear All,
> > > > >
> > > > > first of all: merry Christmas!
> > > > >
> > > > > On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
> > > > >
> > > > > > Hi Matthias
> > > > > >
> > > > > > > On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> > > > > > > Is this a real machine or a VM?
> > > > > > It is a real machine
> > > > > > > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> > > > > > > it definitely worked on my Laptop.
> > > > > > There were a lot of errors during unpack, as I said.
> > > > > What kind of errors? Maybe permission issues?
> > > > > I hope I will eventually get a trunk build right for everyone...
> > > > >
> > > > > By the way the problem _under Linux_ may or may not be due to
> > > > > TLS... in fact the error message is "Device or resource busy". There
> > > > > is something _inside_ serf that is failing; I am not sure it is a
> > > > > network protocol issue.
> > > > >
> > > > > I am looking into this issue in my available time.
> > > > It's true that the returned value (16) corresponds to "Device or
> > > > resource busy"... but it _also_ corresponds to
> > > > SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
> > > >
> > > > This error is raised during the verification of the SSL certificate
> > > > chain. We are in method SerfSession::verifySerfCertificateChain().
> > > > Apparently, we have a certificate with subject "CN=*.apache.org" and
> > > > we are asking our certificate container if it "has" and "trusts" such
> > > > certificate for URL ooo-updates.apache.org.
> > > >
> > > > The call (simply described) is:
> > > > CertificateContainer::hasCertificate("ooo-updates.apache.org",
> > > > "*.apache.org")
> > > >
> > > > Surprisingly (to me at least), this returns
> > > > security::CertificateContainerStatus_UNTRUSTED
> > > >
> > > > This breaks the update request process.
> > > The culprit is the nss library. Our method
> > > SecurityEnvironment_NssImpl::verifyCertificate calls
> > > CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
> > > "Peer's certificate issuer has been marked as not trusted by the user."
> > The problem is that NSS does not have access to an updated list of
> > certification authorities.
> >
> > NSS has its own built-in list of CA's that is stored inside library
> > libnssckbi.so. Such list does not include the CA used by our update
> > server. For this reason, the check for updates fails as described.
> >
> > There are two possible solutions, given the fact that we may not be
> > able to update our NSS to the latest and greatest version:
> >
> > 1- patch the latest CA list from current NSS into our NSS. I did it
> > for the purpose of this development, and... it is horrible. We have
> > to shave away some attributes that are not supported by our NSS:
> > - CKA_NSS_SERVER_DISTRUST_AFTER
> > - CKA_NSS_EMAIL_DISTRUST_AFTER
> > - CKA_NSS_MOZILLA_CA_POLICY
> > and I would not feel ``safe'' for our end-users if we did so.
> >
> > 2- try to access the system-level CA list, that every system should
> > have.
> >
> > I think that 2- is the way to go.
> Just an unqalified question, can we use OpenSSL instead?
I am not sure how much the functionalities of NSS and OpenSSL overlap.
It is true that we already have a codebase supporting NSS, and that
NSS is fairly widespread IMHO. If possible, I prefer remaining with
NSS.
And... you know what?
Don Lewis' proposed update to NSS seem to fix this problem!
If I build from his branch, I get the much awaited "already up to
date" message!
Proof:
https://home.apache.org/~ardovm/openoffice/linux/openoffice4-nss-x86_64-2022-01-07-installed.tar.bz2
So, the way to go is probably the one I had just excluded in the first
place:
0- update NSS as per https://github.com/apache/openoffice/pull/100
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Peter Kovacs <pe...@apache.org>.
On 06.01.22 16:04, Arrigo Marchiori wrote:
> Dear All,
>
> On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
>
>> Dear All,
>>
>> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
>>
>>> Dear All,
>>>
>>> one more status update.
>>>
>>> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Dear All,
>>>>
>>>> first of all: merry Christmas!
>>>>
>>>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>>>>
>>>>> Hi Matthias
>>>>>
>>>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>>>> Is this a real machine or a VM?
>>>>> It is a real machine
>>>>>
>>>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>>>>> it definitely worked on my Laptop.
>>>>> There were a lot of errors during unpack, as I said.
>>>> What kind of errors? Maybe permission issues?
>>>> I hope I will eventually get a trunk build right for everyone...
>>>>
>>>> By the way the problem _under Linux_ may or may not be due to
>>>> TLS... in fact the error message is "Device or resource busy". There
>>>> is something _inside_ serf that is failing; I am not sure it is a
>>>> network protocol issue.
>>>>
>>>> I am looking into this issue in my available time.
>>> It's true that the returned value (16) corresponds to "Device or
>>> resource busy"... but it _also_ corresponds to
>>> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
>>>
>>> This error is raised during the verification of the SSL certificate
>>> chain. We are in method SerfSession::verifySerfCertificateChain().
>>> Apparently, we have a certificate with subject "CN=*.apache.org" and
>>> we are asking our certificate container if it "has" and "trusts" such
>>> certificate for URL ooo-updates.apache.org.
>>>
>>> The call (simply described) is:
>>> CertificateContainer::hasCertificate("ooo-updates.apache.org",
>>> "*.apache.org")
>>>
>>> Surprisingly (to me at least), this returns
>>> security::CertificateContainerStatus_UNTRUSTED
>>>
>>> This breaks the update request process.
>> The culprit is the nss library. Our method
>> SecurityEnvironment_NssImpl::verifyCertificate calls
>> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
>> "Peer's certificate issuer has been marked as not trusted by the user."
> The problem is that NSS does not have access to an updated list of
> certification authorities.
>
> NSS has its own built-in list of CA's that is stored inside library
> libnssckbi.so. Such list does not include the CA used by our update
> server. For this reason, the check for updates fails as described.
>
> There are two possible solutions, given the fact that we may not be
> able to update our NSS to the latest and greatest version:
>
> 1- patch the latest CA list from current NSS into our NSS. I did it
> for the purpose of this development, and... it is horrible. We have
> to shave away some attributes that are not supported by our NSS:
> - CKA_NSS_SERVER_DISTRUST_AFTER
> - CKA_NSS_EMAIL_DISTRUST_AFTER
> - CKA_NSS_MOZILLA_CA_POLICY
> and I would not feel ``safe'' for our end-users if we did so.
>
> 2- try to access the system-level CA list, that every system should
> have.
>
> I think that 2- is the way to go.
Just an unqalified question, can we use OpenSSL instead?
> But we are at least at the point that the serf library seems to be
> successfully integrated and working! I may make some more commits to
> the "serf" branch to synchronize it with my computer.
>
> I think we should integrate the "serf" branch only after the search
> for update is successful, even if the problem, at this moment, may not
> be related to the Serf library itself.
>
> I am of course open to discussion, as always.
>
> Best regards,
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
On Thu, Jan 06, 2022 at 03:02:21PM +0100, Arrigo Marchiori wrote:
> Dear All,
>
> On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
>
> > Dear All,
> >
> > one more status update.
> >
> > On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
> >
> > > Dear All,
> > >
> > > first of all: merry Christmas!
> > >
> > > On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
> > >
> > > > Hi Matthias
> > > >
> > > > > On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> > > >
> > > > > Is this a real machine or a VM?
> > > >
> > > > It is a real machine
> > > >
> > > > > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> > > > > it definitely worked on my Laptop.
> > > >
> > > > There were a lot of errors during unpack, as I said.
> > >
> > > What kind of errors? Maybe permission issues?
> > > I hope I will eventually get a trunk build right for everyone...
> > >
> > > By the way the problem _under Linux_ may or may not be due to
> > > TLS... in fact the error message is "Device or resource busy". There
> > > is something _inside_ serf that is failing; I am not sure it is a
> > > network protocol issue.
> > >
> > > I am looking into this issue in my available time.
> >
> > It's true that the returned value (16) corresponds to "Device or
> > resource busy"... but it _also_ corresponds to
> > SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
> >
> > This error is raised during the verification of the SSL certificate
> > chain. We are in method SerfSession::verifySerfCertificateChain().
> > Apparently, we have a certificate with subject "CN=*.apache.org" and
> > we are asking our certificate container if it "has" and "trusts" such
> > certificate for URL ooo-updates.apache.org.
> >
> > The call (simply described) is:
> > CertificateContainer::hasCertificate("ooo-updates.apache.org",
> > "*.apache.org")
> >
> > Surprisingly (to me at least), this returns
> > security::CertificateContainerStatus_UNTRUSTED
> >
> > This breaks the update request process.
>
> The culprit is the nss library. Our method
> SecurityEnvironment_NssImpl::verifyCertificate calls
> CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
> "Peer's certificate issuer has been marked as not trusted by the user."
The problem is that NSS does not have access to an updated list of
certification authorities.
NSS has its own built-in list of CA's that is stored inside library
libnssckbi.so. Such list does not include the CA used by our update
server. For this reason, the check for updates fails as described.
There are two possible solutions, given the fact that we may not be
able to update our NSS to the latest and greatest version:
1- patch the latest CA list from current NSS into our NSS. I did it
for the purpose of this development, and... it is horrible. We have
to shave away some attributes that are not supported by our NSS:
- CKA_NSS_SERVER_DISTRUST_AFTER
- CKA_NSS_EMAIL_DISTRUST_AFTER
- CKA_NSS_MOZILLA_CA_POLICY
and I would not feel ``safe'' for our end-users if we did so.
2- try to access the system-level CA list, that every system should
have.
I think that 2- is the way to go.
But we are at least at the point that the serf library seems to be
successfully integrated and working! I may make some more commits to
the "serf" branch to synchronize it with my computer.
I think we should integrate the "serf" branch only after the search
for update is successful, even if the problem, at this moment, may not
be related to the Serf library itself.
I am of course open to discussion, as always.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
> Dear All,
>
> one more status update.
>
> On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
>
> > Dear All,
> >
> > first of all: merry Christmas!
> >
> > On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
> >
> > > Hi Matthias
> > >
> > > > On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> > >
> > > > Is this a real machine or a VM?
> > >
> > > It is a real machine
> > >
> > > > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> > > > it definitely worked on my Laptop.
> > >
> > > There were a lot of errors during unpack, as I said.
> >
> > What kind of errors? Maybe permission issues?
> > I hope I will eventually get a trunk build right for everyone...
> >
> > By the way the problem _under Linux_ may or may not be due to
> > TLS... in fact the error message is "Device or resource busy". There
> > is something _inside_ serf that is failing; I am not sure it is a
> > network protocol issue.
> >
> > I am looking into this issue in my available time.
>
> It's true that the returned value (16) corresponds to "Device or
> resource busy"... but it _also_ corresponds to
> SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
>
> This error is raised during the verification of the SSL certificate
> chain. We are in method SerfSession::verifySerfCertificateChain().
> Apparently, we have a certificate with subject "CN=*.apache.org" and
> we are asking our certificate container if it "has" and "trusts" such
> certificate for URL ooo-updates.apache.org.
>
> The call (simply described) is:
> CertificateContainer::hasCertificate("ooo-updates.apache.org",
> "*.apache.org")
>
> Surprisingly (to me at least), this returns
> security::CertificateContainerStatus_UNTRUSTED
>
> This breaks the update request process.
The culprit is the nss library. Our method
SecurityEnvironment_NssImpl::verifyCertificate calls
CERT_PKIXVerifyCert() that returns failure. The reason is error -8172,
"Peer's certificate issuer has been marked as not trusted by the user."
Work is still in progress...
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 05.01.22 um 17:05 schrieb Arrigo Marchiori:
> Hello Matthias, All,
>
> On Sun, Dec 26, 2021 at 04:22:24PM +0100, Matthias Seidel wrote:
>
>> Hi Arrigo,
>>
>> I think the OS/2 port uses system libraries, so they don't need to build
>> Serf, NSS or OpenSSL:
>>
>> https://github.com/apache/openoffice/blob/trunk/main/configure.cmd
> This is great news! Upgrading serf will not affect our OS/2 users.
>
> The fact that SCons does not seem to be supported on OS/2 is a problem
> for the overall migration of AOO to SCons... but this is another
> story.
We need to talk to Yuri and/or Silvan (bww) if SCons can be ported.
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Matthias, All,
On Sun, Dec 26, 2021 at 04:22:24PM +0100, Matthias Seidel wrote:
> Hi Arrigo,
>
> I think the OS/2 port uses system libraries, so they don't need to build
> Serf, NSS or OpenSSL:
>
> https://github.com/apache/openoffice/blob/trunk/main/configure.cmd
This is great news! Upgrading serf will not affect our OS/2 users.
The fact that SCons does not seem to be supported on OS/2 is a problem
for the overall migration of AOO to SCons... but this is another
story.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
I think the OS/2 port uses system libraries, so they don't need to build
Serf, NSS or OpenSSL:
https://github.com/apache/openoffice/blob/trunk/main/configure.cmd
Regards,
Matthias
Am 26.12.21 um 15:25 schrieb Matthias Seidel:
> Hi Arrigo,
>
> Am 25.12.21 um 21:57 schrieb Arrigo Marchiori:
>> Dear All,
>>
>> first of all: merry Christmas!
> Thanks, I hope you have a good time?
>> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>>
>>> Hi Matthias
>>>
>>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>>> Is this a real machine or a VM?
>>> It is a real machine
>>>
>>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>>> it definitely worked on my Laptop.
>>> There were a lot of errors during unpack, as I said.
>> What kind of errors? Maybe permission issues?
>> I hope I will eventually get a trunk build right for everyone...
>>
>> By the way the problem _under Linux_ may or may not be due to
>> TLS... in fact the error message is "Device or resource busy". There
>> is something _inside_ serf that is failing; I am not sure it is a
>> network protocol issue.
>>
>> I am looking into this issue in my available time.
>>
>> However, one question came into my mind: if we finally decide to
>> switch to the new Serf and to use SCons... will OS/2 builds still be
>> possible? I quickly browsed www.python.org and could not find any
>> downloads for OS/2.
> I doubt that there is a port for OS/2 at python.org.
>
> Normally (almost) everything is maintained by Bitwise:
>
> https://github.com/orgs/bitwiseworks/repositories
>
> I couldn't find SCons there...
>
> Regards,
>
> Matthias
>
>> Best regards,
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 25.12.21 um 21:57 schrieb Arrigo Marchiori:
> Dear All,
>
> first of all: merry Christmas!
Thanks, I hope you have a good time?
>
> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>
>> Hi Matthias
>>
>>> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>> Is this a real machine or a VM?
>> It is a real machine
>>
>>> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
>>> it definitely worked on my Laptop.
>> There were a lot of errors during unpack, as I said.
> What kind of errors? Maybe permission issues?
> I hope I will eventually get a trunk build right for everyone...
>
> By the way the problem _under Linux_ may or may not be due to
> TLS... in fact the error message is "Device or resource busy". There
> is something _inside_ serf that is failing; I am not sure it is a
> network protocol issue.
>
> I am looking into this issue in my available time.
>
> However, one question came into my mind: if we finally decide to
> switch to the new Serf and to use SCons... will OS/2 builds still be
> possible? I quickly browsed www.python.org and could not find any
> downloads for OS/2.
I doubt that there is a port for OS/2 at python.org.
Normally (almost) everything is maintained by Bitwise:
https://github.com/orgs/bitwiseworks/repositories
I couldn't find SCons there...
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
one more status update.
On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote:
> Dear All,
>
> first of all: merry Christmas!
>
> On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
>
> > Hi Matthias
> >
> > > On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> >
> > > Is this a real machine or a VM?
> >
> > It is a real machine
> >
> > > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> > > it definitely worked on my Laptop.
> >
> > There were a lot of errors during unpack, as I said.
>
> What kind of errors? Maybe permission issues?
> I hope I will eventually get a trunk build right for everyone...
>
> By the way the problem _under Linux_ may or may not be due to
> TLS... in fact the error message is "Device or resource busy". There
> is something _inside_ serf that is failing; I am not sure it is a
> network protocol issue.
>
> I am looking into this issue in my available time.
It's true that the returned value (16) corresponds to "Device or
resource busy"... but it _also_ corresponds to
SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error!
This error is raised during the verification of the SSL certificate
chain. We are in method SerfSession::verifySerfCertificateChain().
Apparently, we have a certificate with subject "CN=*.apache.org" and
we are asking our certificate container if it "has" and "trusts" such
certificate for URL ooo-updates.apache.org.
The call (simply described) is:
CertificateContainer::hasCertificate("ooo-updates.apache.org",
"*.apache.org")
Surprisingly (to me at least), this returns
security::CertificateContainerStatus_UNTRUSTED
This breaks the update request process.
I will look into this. If anyone has any insights... they could
greatly help.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
first of all: merry Christmas!
On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote:
> Hi Matthias
>
> > On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
>
> > Is this a real machine or a VM?
>
> It is a real machine
>
> > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> > it definitely worked on my Laptop.
>
> There were a lot of errors during unpack, as I said.
What kind of errors? Maybe permission issues?
I hope I will eventually get a trunk build right for everyone...
By the way the problem _under Linux_ may or may not be due to
TLS... in fact the error message is "Device or resource busy". There
is something _inside_ serf that is failing; I am not sure it is a
network protocol issue.
I am looking into this issue in my available time.
However, one question came into my mind: if we finally decide to
switch to the new Serf and to use SCons... will OS/2 builds still be
possible? I quickly browsed www.python.org and could not find any
downloads for OS/2.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Matthias
> On 12/09/2021 3:20 PM Matthias Seidel <ma...@hamburg.de> wrote:
> Is this a real machine or a VM?
It is a real machine
> I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
> it definitely worked on my Laptop.
There were a lot of errors during unpack, as I said.
If Arigo can send me the deb installer, I can try it again.
Regards,
Pedro
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Pedro,
Am 08.12.21 um 22:55 schrieb Pedro Lino:
> Hi Arrigo
>
> I got some errors while unpacking the tar.bz2 file so I'm not sure it is working as expected. It did run and it still reported "Checking for an update failed."
> I'm running Ubuntu 18.04 x64
Is this a real machine or a VM?
I ask, because I have seen the Update Feed fail on Ubuntu in a VM when
it definitely worked on my Laptop.
Regards,
Matthias
>
> Regards,
> Pedro
>
>> On 12/08/2021 7:08 PM Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>
>> Hi Arrigo,
>>
>> Am 07.12.21 um 22:05 schrieb Arrigo Marchiori:
>>> Dear All,
>>>
>>> we are getting somewhere! I am replying myself again below.
>>>
>>> On Fri, Nov 26, 2021 at 08:26:55PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Dear All,
>>>>
>>>> On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
>>>>
>>>>> Hello All,
>>>>>
>>>>> just a little update.
>>>>>
>>>>> On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
>>>>>
>>>>>> Hello Matthias, All,
>>>>>>
>>>>>> On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
>>>>>>
>>>>>>> Hi Arrigo,
>>>>>>>
>>>>>>> Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
>>>>>>>> Dear All,
>>>>>>>>
>>>>>>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>>>>>>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>>>>>>>> serf library to 1.3.9.
>>>>>>>>
>>>>>>>> A small patch is included to allow building with Python3-based SCons.
>>>>>>>>
>>>>>>>> The oox module also needed minor patching because it uses some OpenSSL
>>>>>>>> functions that were refactored since OpenSSL 1.1.0.
>>>>>>>>
>>>>>>>> I tested it under Linux with Peter's Docker image (adding SCons). It
>>>>>>>> builds and runs, but I am not sure how to verify if the SSL related
>>>>>>>> problems are solved.
>>>>>>>>
>>>>>>>> I could not yet test if it builds under Windows and Mac. Any help
>>>>>>>> would be appreciated. Please note that the "serf" branch derives from
>>>>>>>> trunk.
>>>>>>> I cannot get it to build on Windows.
>>>>>>>
>>>>>>> The build just stops at a certain point. No error messages.
>>>>>> I had not tested it under Windows, when I commited it. Sorry.
>>>>>>
>>>>>> The build stops because the existing patch to OpenSSL does not apply.
>>>>>>
>>>>>> If we disable it, we face another challenge: OpenSSL does not build
>>>>>> with Cygwin's Perl!
>>>>>> https://github.com/openssl/openssl/issues/9048
>>>>>>
>>>>>> I will investigate if we need Strawberry Perl as suggested in the
>>>>>> above link. It's sure this is getting more complex than expected.
>>>>> I could patch the configure scripts to use Windows and Cygwin paths as
>>>>> necessary. Now the compilation is failing because of missing symbols,
>>>>> at link time.
>>>>>
>>>>> As soon as I have something almost usable, I will commit it.
>>>> I think I fixed the OpenSSL module and the depending Python.
>>> Not yet... there were more places in which the libraries were named,
>>> and more fixes were necessary.
>>>
>>>> Serf is now posing another challenge.
>>>>
>>>> Apparently, SCons needs to access the Windows registry in order to
>>>> detect the presence of Visual Studio. This is reasonable: also our
>>>> "oowintool" script does so.
>>>>
>>>> Python scripts can access the Windows registry using the "winreg"
>>>> module. The problem is that such module _is not included_ in Cygwin's
>>>> Python distribution!
>>>>
>>>> There is a "cygwinreg" module available, but it does not seem to work.
>>>>
>>>> So instead of using an ``external'' Perl, we will need to use an
>>>> ``external'' Python.
>>> We will need an ``external'' SCons. I added the configure script
>>> option "--with-scons" that must be used under Windows to point to a
>>> ``native'' SCons.exe
>>>
>>> I added a minimal SConscript that checks the validity of the indicated
>>> SCons.
>>>
>>> Unix users should just need to install SCons in some ways (either
>>> using pip or the distribution's package) and it will be auto-detected
>>> by the configure script.
>>>
>>> - Linux build:
>>> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2021-12-07-x86_64-installed.tar.bz2
>>>
>>> - Windows build:
>>> https://home.apache.org/~ardovm/openoffice/windows/Apache_OpenOffice-2021-12-06_Win_x86_install_en-US.exe
>>>
>>> Do they work as expected?
>> I tested on Windows, it works as expected.
>>
>> The main problem on Linux was the update feed...
>>
>> Regards,
>>
>> Matthias
>>
>>> Best regards,
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Hi Arrigo
I got some errors while unpacking the tar.bz2 file so I'm not sure it is working as expected. It did run and it still reported "Checking for an update failed."
I'm running Ubuntu 18.04 x64
Regards,
Pedro
> On 12/08/2021 7:08 PM Matthias Seidel <ma...@hamburg.de> wrote:
>
>
> Hi Arrigo,
>
> Am 07.12.21 um 22:05 schrieb Arrigo Marchiori:
> > Dear All,
> >
> > we are getting somewhere! I am replying myself again below.
> >
> > On Fri, Nov 26, 2021 at 08:26:55PM +0100, Arrigo Marchiori wrote:
> >
> >> Dear All,
> >>
> >> On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
> >>
> >>> Hello All,
> >>>
> >>> just a little update.
> >>>
> >>> On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
> >>>
> >>>> Hello Matthias, All,
> >>>>
> >>>> On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
> >>>>
> >>>>> Hi Arrigo,
> >>>>>
> >>>>> Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> >>>>>> Dear All,
> >>>>>>
> >>>>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
> >>>>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
> >>>>>> serf library to 1.3.9.
> >>>>>>
> >>>>>> A small patch is included to allow building with Python3-based SCons.
> >>>>>>
> >>>>>> The oox module also needed minor patching because it uses some OpenSSL
> >>>>>> functions that were refactored since OpenSSL 1.1.0.
> >>>>>>
> >>>>>> I tested it under Linux with Peter's Docker image (adding SCons). It
> >>>>>> builds and runs, but I am not sure how to verify if the SSL related
> >>>>>> problems are solved.
> >>>>>>
> >>>>>> I could not yet test if it builds under Windows and Mac. Any help
> >>>>>> would be appreciated. Please note that the "serf" branch derives from
> >>>>>> trunk.
> >>>>> I cannot get it to build on Windows.
> >>>>>
> >>>>> The build just stops at a certain point. No error messages.
> >>>> I had not tested it under Windows, when I commited it. Sorry.
> >>>>
> >>>> The build stops because the existing patch to OpenSSL does not apply.
> >>>>
> >>>> If we disable it, we face another challenge: OpenSSL does not build
> >>>> with Cygwin's Perl!
> >>>> https://github.com/openssl/openssl/issues/9048
> >>>>
> >>>> I will investigate if we need Strawberry Perl as suggested in the
> >>>> above link. It's sure this is getting more complex than expected.
> >>> I could patch the configure scripts to use Windows and Cygwin paths as
> >>> necessary. Now the compilation is failing because of missing symbols,
> >>> at link time.
> >>>
> >>> As soon as I have something almost usable, I will commit it.
> >> I think I fixed the OpenSSL module and the depending Python.
> > Not yet... there were more places in which the libraries were named,
> > and more fixes were necessary.
> >
> >> Serf is now posing another challenge.
> >>
> >> Apparently, SCons needs to access the Windows registry in order to
> >> detect the presence of Visual Studio. This is reasonable: also our
> >> "oowintool" script does so.
> >>
> >> Python scripts can access the Windows registry using the "winreg"
> >> module. The problem is that such module _is not included_ in Cygwin's
> >> Python distribution!
> >>
> >> There is a "cygwinreg" module available, but it does not seem to work.
> >>
> >> So instead of using an ``external'' Perl, we will need to use an
> >> ``external'' Python.
> > We will need an ``external'' SCons. I added the configure script
> > option "--with-scons" that must be used under Windows to point to a
> > ``native'' SCons.exe
> >
> > I added a minimal SConscript that checks the validity of the indicated
> > SCons.
> >
> > Unix users should just need to install SCons in some ways (either
> > using pip or the distribution's package) and it will be auto-detected
> > by the configure script.
> >
> > - Linux build:
> > http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2021-12-07-x86_64-installed.tar.bz2
> >
> > - Windows build:
> > https://home.apache.org/~ardovm/openoffice/windows/Apache_OpenOffice-2021-12-06_Win_x86_install_en-US.exe
> >
> > Do they work as expected?
>
> I tested on Windows, it works as expected.
>
> The main problem on Linux was the update feed...
>
> Regards,
>
> Matthias
>
> >
> > Best regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 07.12.21 um 22:05 schrieb Arrigo Marchiori:
> Dear All,
>
> we are getting somewhere! I am replying myself again below.
>
> On Fri, Nov 26, 2021 at 08:26:55PM +0100, Arrigo Marchiori wrote:
>
>> Dear All,
>>
>> On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
>>
>>> Hello All,
>>>
>>> just a little update.
>>>
>>> On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
>>>
>>>> Hello Matthias, All,
>>>>
>>>> On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
>>>>
>>>>> Hi Arrigo,
>>>>>
>>>>> Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
>>>>>> Dear All,
>>>>>>
>>>>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>>>>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>>>>>> serf library to 1.3.9.
>>>>>>
>>>>>> A small patch is included to allow building with Python3-based SCons.
>>>>>>
>>>>>> The oox module also needed minor patching because it uses some OpenSSL
>>>>>> functions that were refactored since OpenSSL 1.1.0.
>>>>>>
>>>>>> I tested it under Linux with Peter's Docker image (adding SCons). It
>>>>>> builds and runs, but I am not sure how to verify if the SSL related
>>>>>> problems are solved.
>>>>>>
>>>>>> I could not yet test if it builds under Windows and Mac. Any help
>>>>>> would be appreciated. Please note that the "serf" branch derives from
>>>>>> trunk.
>>>>> I cannot get it to build on Windows.
>>>>>
>>>>> The build just stops at a certain point. No error messages.
>>>> I had not tested it under Windows, when I commited it. Sorry.
>>>>
>>>> The build stops because the existing patch to OpenSSL does not apply.
>>>>
>>>> If we disable it, we face another challenge: OpenSSL does not build
>>>> with Cygwin's Perl!
>>>> https://github.com/openssl/openssl/issues/9048
>>>>
>>>> I will investigate if we need Strawberry Perl as suggested in the
>>>> above link. It's sure this is getting more complex than expected.
>>> I could patch the configure scripts to use Windows and Cygwin paths as
>>> necessary. Now the compilation is failing because of missing symbols,
>>> at link time.
>>>
>>> As soon as I have something almost usable, I will commit it.
>> I think I fixed the OpenSSL module and the depending Python.
> Not yet... there were more places in which the libraries were named,
> and more fixes were necessary.
>
>> Serf is now posing another challenge.
>>
>> Apparently, SCons needs to access the Windows registry in order to
>> detect the presence of Visual Studio. This is reasonable: also our
>> "oowintool" script does so.
>>
>> Python scripts can access the Windows registry using the "winreg"
>> module. The problem is that such module _is not included_ in Cygwin's
>> Python distribution!
>>
>> There is a "cygwinreg" module available, but it does not seem to work.
>>
>> So instead of using an ``external'' Perl, we will need to use an
>> ``external'' Python.
> We will need an ``external'' SCons. I added the configure script
> option "--with-scons" that must be used under Windows to point to a
> ``native'' SCons.exe
>
> I added a minimal SConscript that checks the validity of the indicated
> SCons.
>
> Unix users should just need to install SCons in some ways (either
> using pip or the distribution's package) and it will be auto-detected
> by the configure script.
>
> - Linux build:
> http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2021-12-07-x86_64-installed.tar.bz2
>
> - Windows build:
> https://home.apache.org/~ardovm/openoffice/windows/Apache_OpenOffice-2021-12-06_Win_x86_install_en-US.exe
>
> Do they work as expected?
I tested on Windows, it works as expected.
The main problem on Linux was the update feed...
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
we are getting somewhere! I am replying myself again below.
On Fri, Nov 26, 2021 at 08:26:55PM +0100, Arrigo Marchiori wrote:
> Dear All,
>
> On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
>
> > Hello All,
> >
> > just a little update.
> >
> > On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
> >
> > > Hello Matthias, All,
> > >
> > > On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
> > >
> > > > Hi Arrigo,
> > > >
> > > > Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> > > > > Dear All,
> > > > >
> > > > > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > > > > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > > > > serf library to 1.3.9.
> > > > >
> > > > > A small patch is included to allow building with Python3-based SCons.
> > > > >
> > > > > The oox module also needed minor patching because it uses some OpenSSL
> > > > > functions that were refactored since OpenSSL 1.1.0.
> > > > >
> > > > > I tested it under Linux with Peter's Docker image (adding SCons). It
> > > > > builds and runs, but I am not sure how to verify if the SSL related
> > > > > problems are solved.
> > > > >
> > > > > I could not yet test if it builds under Windows and Mac. Any help
> > > > > would be appreciated. Please note that the "serf" branch derives from
> > > > > trunk.
> > > >
> > > > I cannot get it to build on Windows.
> > > >
> > > > The build just stops at a certain point. No error messages.
> > >
> > > I had not tested it under Windows, when I commited it. Sorry.
> > >
> > > The build stops because the existing patch to OpenSSL does not apply.
> > >
> > > If we disable it, we face another challenge: OpenSSL does not build
> > > with Cygwin's Perl!
> > > https://github.com/openssl/openssl/issues/9048
> > >
> > > I will investigate if we need Strawberry Perl as suggested in the
> > > above link. It's sure this is getting more complex than expected.
> >
> > I could patch the configure scripts to use Windows and Cygwin paths as
> > necessary. Now the compilation is failing because of missing symbols,
> > at link time.
> >
> > As soon as I have something almost usable, I will commit it.
>
> I think I fixed the OpenSSL module and the depending Python.
Not yet... there were more places in which the libraries were named,
and more fixes were necessary.
> Serf is now posing another challenge.
>
> Apparently, SCons needs to access the Windows registry in order to
> detect the presence of Visual Studio. This is reasonable: also our
> "oowintool" script does so.
>
> Python scripts can access the Windows registry using the "winreg"
> module. The problem is that such module _is not included_ in Cygwin's
> Python distribution!
>
> There is a "cygwinreg" module available, but it does not seem to work.
>
> So instead of using an ``external'' Perl, we will need to use an
> ``external'' Python.
We will need an ``external'' SCons. I added the configure script
option "--with-scons" that must be used under Windows to point to a
``native'' SCons.exe
I added a minimal SConscript that checks the validity of the indicated
SCons.
Unix users should just need to install SCons in some ways (either
using pip or the distribution's package) and it will be auto-detected
by the configure script.
- Linux build:
http://home.apache.org/~ardovm/openoffice/linux/openoffice4-2021-12-07-x86_64-installed.tar.bz2
- Windows build:
https://home.apache.org/~ardovm/openoffice/windows/Apache_OpenOffice-2021-12-06_Win_x86_install_en-US.exe
Do they work as expected?
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Pedro Lino <pe...@mailbox.org.INVALID>.
Dear Arrigo
Thank you for your effort!
Please don't take lack of feedback for lack of interest!
I volunteer to test any binaries on Windows 7, 10 or Linux if needed
I can compile on Linux but not on Windows
Regards,
Pedro
> On 11/26/2021 7:26 PM Arrigo Marchiori <ar...@yahoo.it.invalid> wrote:
>
>
> Dear All,
>
> On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
>
> > Hello All,
> >
> > just a little update.
> >
> > On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
> >
> > > Hello Matthias, All,
> > >
> > > On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
> > >
> > > > Hi Arrigo,
> > > >
> > > > Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> > > > > Dear All,
> > > > >
> > > > > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > > > > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > > > > serf library to 1.3.9.
> > > > >
> > > > > A small patch is included to allow building with Python3-based SCons.
> > > > >
> > > > > The oox module also needed minor patching because it uses some OpenSSL
> > > > > functions that were refactored since OpenSSL 1.1.0.
> > > > >
> > > > > I tested it under Linux with Peter's Docker image (adding SCons). It
> > > > > builds and runs, but I am not sure how to verify if the SSL related
> > > > > problems are solved.
> > > > >
> > > > > I could not yet test if it builds under Windows and Mac. Any help
> > > > > would be appreciated. Please note that the "serf" branch derives from
> > > > > trunk.
> > > >
> > > > I cannot get it to build on Windows.
> > > >
> > > > The build just stops at a certain point. No error messages.
> > >
> > > I had not tested it under Windows, when I commited it. Sorry.
> > >
> > > The build stops because the existing patch to OpenSSL does not apply.
> > >
> > > If we disable it, we face another challenge: OpenSSL does not build
> > > with Cygwin's Perl!
> > > https://github.com/openssl/openssl/issues/9048
> > >
> > > I will investigate if we need Strawberry Perl as suggested in the
> > > above link. It's sure this is getting more complex than expected.
> >
> > I could patch the configure scripts to use Windows and Cygwin paths as
> > necessary. Now the compilation is failing because of missing symbols,
> > at link time.
> >
> > As soon as I have something almost usable, I will commit it.
>
> I think I fixed the OpenSSL module and the depending Python.
>
> Serf is now posing another challenge.
>
> Apparently, SCons needs to access the Windows registry in order to
> detect the presence of Visual Studio. This is reasonable: also our
> "oowintool" script does so.
>
> Python scripts can access the Windows registry using the "winreg"
> module. The problem is that such module _is not included_ in Cygwin's
> Python distribution!
>
> There is a "cygwinreg" module available, but it does not seem to work.
>
> So instead of using an ``external'' Perl, we will need to use an
> ``external'' Python.
>
> I will try to follow this path.
>
> Questions and comments are welcome as usual.
>
> Best regards,
> --
> Arrigo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
On Sun, Nov 21, 2021 at 09:29:18PM +0100, Arrigo Marchiori wrote:
> Hello All,
>
> just a little update.
>
> On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
>
> > Hello Matthias, All,
> >
> > On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
> >
> > > Hi Arrigo,
> > >
> > > Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> > > > Dear All,
> > > >
> > > > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > > > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > > > serf library to 1.3.9.
> > > >
> > > > A small patch is included to allow building with Python3-based SCons.
> > > >
> > > > The oox module also needed minor patching because it uses some OpenSSL
> > > > functions that were refactored since OpenSSL 1.1.0.
> > > >
> > > > I tested it under Linux with Peter's Docker image (adding SCons). It
> > > > builds and runs, but I am not sure how to verify if the SSL related
> > > > problems are solved.
> > > >
> > > > I could not yet test if it builds under Windows and Mac. Any help
> > > > would be appreciated. Please note that the "serf" branch derives from
> > > > trunk.
> > >
> > > I cannot get it to build on Windows.
> > >
> > > The build just stops at a certain point. No error messages.
> >
> > I had not tested it under Windows, when I commited it. Sorry.
> >
> > The build stops because the existing patch to OpenSSL does not apply.
> >
> > If we disable it, we face another challenge: OpenSSL does not build
> > with Cygwin's Perl!
> > https://github.com/openssl/openssl/issues/9048
> >
> > I will investigate if we need Strawberry Perl as suggested in the
> > above link. It's sure this is getting more complex than expected.
>
> I could patch the configure scripts to use Windows and Cygwin paths as
> necessary. Now the compilation is failing because of missing symbols,
> at link time.
>
> As soon as I have something almost usable, I will commit it.
I think I fixed the OpenSSL module and the depending Python.
Serf is now posing another challenge.
Apparently, SCons needs to access the Windows registry in order to
detect the presence of Visual Studio. This is reasonable: also our
"oowintool" script does so.
Python scripts can access the Windows registry using the "winreg"
module. The problem is that such module _is not included_ in Cygwin's
Python distribution!
There is a "cygwinreg" module available, but it does not seem to work.
So instead of using an ``external'' Perl, we will need to use an
``external'' Python.
I will try to follow this path.
Questions and comments are welcome as usual.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 21.11.21 um 21:29 schrieb Arrigo Marchiori:
> Hello All,
>
> just a little update.
>
> On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
>
>> Hello Matthias, All,
>>
>> On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
>>
>>> Hi Arrigo,
>>>
>>> Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
>>>> Dear All,
>>>>
>>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>>>> serf library to 1.3.9.
>>>>
>>>> A small patch is included to allow building with Python3-based SCons.
>>>>
>>>> The oox module also needed minor patching because it uses some OpenSSL
>>>> functions that were refactored since OpenSSL 1.1.0.
>>>>
>>>> I tested it under Linux with Peter's Docker image (adding SCons). It
>>>> builds and runs, but I am not sure how to verify if the SSL related
>>>> problems are solved.
>>>>
>>>> I could not yet test if it builds under Windows and Mac. Any help
>>>> would be appreciated. Please note that the "serf" branch derives from
>>>> trunk.
>>> I cannot get it to build on Windows.
>>>
>>> The build just stops at a certain point. No error messages.
>> I had not tested it under Windows, when I commited it. Sorry.
>>
>> The build stops because the existing patch to OpenSSL does not apply.
>>
>> If we disable it, we face another challenge: OpenSSL does not build
>> with Cygwin's Perl!
>> https://github.com/openssl/openssl/issues/9048
>>
>> I will investigate if we need Strawberry Perl as suggested in the
>> above link. It's sure this is getting more complex than expected.
> I could patch the configure scripts to use Windows and Cygwin paths as
> necessary. Now the compilation is failing because of missing symbols,
> at link time.
>
> As soon as I have something almost usable, I will commit it.
Sounds great!
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello All,
just a little update.
On Sat, Nov 20, 2021 at 01:44:43PM +0100, Arrigo Marchiori wrote:
> Hello Matthias, All,
>
> On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
>
> > Hi Arrigo,
> >
> > Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> > > Dear All,
> > >
> > > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > > serf library to 1.3.9.
> > >
> > > A small patch is included to allow building with Python3-based SCons.
> > >
> > > The oox module also needed minor patching because it uses some OpenSSL
> > > functions that were refactored since OpenSSL 1.1.0.
> > >
> > > I tested it under Linux with Peter's Docker image (adding SCons). It
> > > builds and runs, but I am not sure how to verify if the SSL related
> > > problems are solved.
> > >
> > > I could not yet test if it builds under Windows and Mac. Any help
> > > would be appreciated. Please note that the "serf" branch derives from
> > > trunk.
> >
> > I cannot get it to build on Windows.
> >
> > The build just stops at a certain point. No error messages.
>
> I had not tested it under Windows, when I commited it. Sorry.
>
> The build stops because the existing patch to OpenSSL does not apply.
>
> If we disable it, we face another challenge: OpenSSL does not build
> with Cygwin's Perl!
> https://github.com/openssl/openssl/issues/9048
>
> I will investigate if we need Strawberry Perl as suggested in the
> above link. It's sure this is getting more complex than expected.
I could patch the configure scripts to use Windows and Cygwin paths as
necessary. Now the compilation is failing because of missing symbols,
at link time.
As soon as I have something almost usable, I will commit it.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Carl Marcum <cm...@apache.org>.
Hi Arrigo,
On 11/18/21 2:09 AM, Arrigo Marchiori wrote:
> Hello Carl,
>
> On Wed, Nov 17, 2021 at 07:36:37PM -0500, Carl Marcum wrote:
>
>> Hi Arrigo,
>>
>> On 11/17/21 2:16 AM, Arrigo Marchiori wrote:
>>> Dear All,
>>>
>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>>> serf library to 1.3.9.
>>>
>>> A small patch is included to allow building with Python3-based SCons.
>>>
>>> The oox module also needed minor patching because it uses some OpenSSL
>>> functions that were refactored since OpenSSL 1.1.0.
>>>
>>> I tested it under Linux with Peter's Docker image (adding SCons). It
>>> builds and runs, but I am not sure how to verify if the SSL related
>>> problems are solved.
>>>
>>> I could not yet test if it builds under Windows and Mac. Any help
>>> would be appreciated. Please note that the "serf" branch derives from
>>> trunk.
>>>
>>> Best regards,
>> I tried to build the serf branch but it broke on serf module. I think I
>> need Scons.
>> Are there instructions to add it?
> Not yet. I think we should only document it if we ``officially''
> choose this path.
>
> If you are using Peter's Docker image, you can install SCons in a
> temporary container with the command:
>
> # yum install scons
I was able to install python2-scons on CentOS 7 and build the serf branch.
I'm getting the same 9 build verification test failures on filetypes as
with trunk.
Are there any tests for this change branch I can do manually to verify?
Best regards,
Carl
>
> In order to make the installation permanent, we should edit the
> Dockerfile.
>
> If you are using your own computer, then you will need to install the
> scons package using your distribution's package manager (apt, yum,
> zypper...)
>
> I hope this helps.
>
> Best regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Carl,
On Wed, Nov 17, 2021 at 07:36:37PM -0500, Carl Marcum wrote:
> Hi Arrigo,
>
> On 11/17/21 2:16 AM, Arrigo Marchiori wrote:
> > Dear All,
> >
> > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > serf library to 1.3.9.
> >
> > A small patch is included to allow building with Python3-based SCons.
> >
> > The oox module also needed minor patching because it uses some OpenSSL
> > functions that were refactored since OpenSSL 1.1.0.
> >
> > I tested it under Linux with Peter's Docker image (adding SCons). It
> > builds and runs, but I am not sure how to verify if the SSL related
> > problems are solved.
> >
> > I could not yet test if it builds under Windows and Mac. Any help
> > would be appreciated. Please note that the "serf" branch derives from
> > trunk.
> >
> > Best regards,
> I tried to build the serf branch but it broke on serf module. I think I
> need Scons.
> Are there instructions to add it?
Not yet. I think we should only document it if we ``officially''
choose this path.
If you are using Peter's Docker image, you can install SCons in a
temporary container with the command:
# yum install scons
In order to make the installation permanent, we should edit the
Dockerfile.
If you are using your own computer, then you will need to install the
scons package using your distribution's package manager (apt, yum,
zypper...)
I hope this helps.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Matthias, All,
On Fri, Nov 19, 2021 at 12:26:37AM +0100, Matthias Seidel wrote:
> Hi Arrigo,
>
> Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> > Dear All,
> >
> > I pushed a new branch "serf", that contains the OpenSSL upgrade
> > commits (I reverted the reverts ;-) plus a tentative upgrade of the
> > serf library to 1.3.9.
> >
> > A small patch is included to allow building with Python3-based SCons.
> >
> > The oox module also needed minor patching because it uses some OpenSSL
> > functions that were refactored since OpenSSL 1.1.0.
> >
> > I tested it under Linux with Peter's Docker image (adding SCons). It
> > builds and runs, but I am not sure how to verify if the SSL related
> > problems are solved.
> >
> > I could not yet test if it builds under Windows and Mac. Any help
> > would be appreciated. Please note that the "serf" branch derives from
> > trunk.
>
> I cannot get it to build on Windows.
>
> The build just stops at a certain point. No error messages.
I had not tested it under Windows, when I commited it. Sorry.
The build stops because the existing patch to OpenSSL does not apply.
If we disable it, we face another challenge: OpenSSL does not build
with Cygwin's Perl!
https://github.com/openssl/openssl/issues/9048
I will investigate if we need Strawberry Perl as suggested in the
above link. It's sure this is getting more complex than expected.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Arrigo,
Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> Dear All,
>
> I pushed a new branch "serf", that contains the OpenSSL upgrade
> commits (I reverted the reverts ;-) plus a tentative upgrade of the
> serf library to 1.3.9.
>
> A small patch is included to allow building with Python3-based SCons.
>
> The oox module also needed minor patching because it uses some OpenSSL
> functions that were refactored since OpenSSL 1.1.0.
>
> I tested it under Linux with Peter's Docker image (adding SCons). It
> builds and runs, but I am not sure how to verify if the SSL related
> problems are solved.
>
> I could not yet test if it builds under Windows and Mac. Any help
> would be appreciated. Please note that the "serf" branch derives from
> trunk.
I cannot get it to build on Windows.
The build just stops at a certain point. No error messages.
Regards,
Matthias
>
> Best regards,
Re: Openssl, serf and curl
Posted by Peter Kovacs <pe...@apache.org>.
On 19.11.21 13:51, Jim Jagielski wrote:
>
>> On Nov 17, 2021, at 7:36 PM, Carl Marcum <cm...@apache.org> wrote:
>>
>> Hi Arrigo,
>>
>> On 11/17/21 2:16 AM, Arrigo Marchiori wrote:
>>> Dear All,
>>>
>>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>>> serf library to 1.3.9.
>>>
>>> A small patch is included to allow building with Python3-based SCons.
>>>
>>> The oox module also needed minor patching because it uses some OpenSSL
>>> functions that were refactored since OpenSSL 1.1.0.
>>>
>>> I tested it under Linux with Peter's Docker image (adding SCons). It
>>> builds and runs, but I am not sure how to verify if the SSL related
>>> problems are solved.
>>>
>>> I could not yet test if it builds under Windows and Mac. Any help
>>> would be appreciated. Please note that the "serf" branch derives from
>>> trunk.
>>>
>>> Best regards,
>> I tried to build the serf branch but it broke on serf module. I think I need Scons.
>> Are there instructions to add it?
>>
> Yeah, SCons is a problem, esp if we intend to this for AOO4.1.x
Did not wanted the project wanted to move to cmake?
there is an interesting discussion on the serf community.
https://lists.apache.org/thread/xht1sp41p954dyt9mxl8jrn9bnz2yqzq
>
--
This is the Way! http://www.apache.org/theapacheway/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 17, 2021, at 7:36 PM, Carl Marcum <cm...@apache.org> wrote:
>
> Hi Arrigo,
>
> On 11/17/21 2:16 AM, Arrigo Marchiori wrote:
>> Dear All,
>>
>> I pushed a new branch "serf", that contains the OpenSSL upgrade
>> commits (I reverted the reverts ;-) plus a tentative upgrade of the
>> serf library to 1.3.9.
>>
>> A small patch is included to allow building with Python3-based SCons.
>>
>> The oox module also needed minor patching because it uses some OpenSSL
>> functions that were refactored since OpenSSL 1.1.0.
>>
>> I tested it under Linux with Peter's Docker image (adding SCons). It
>> builds and runs, but I am not sure how to verify if the SSL related
>> problems are solved.
>>
>> I could not yet test if it builds under Windows and Mac. Any help
>> would be appreciated. Please note that the "serf" branch derives from
>> trunk.
>>
>> Best regards,
> I tried to build the serf branch but it broke on serf module. I think I need Scons.
> Are there instructions to add it?
>
Yeah, SCons is a problem, esp if we intend to this for AOO4.1.x
Re: Openssl, serf and curl
Posted by Carl Marcum <cm...@apache.org>.
Hi Arrigo,
On 11/17/21 2:16 AM, Arrigo Marchiori wrote:
> Dear All,
>
> I pushed a new branch "serf", that contains the OpenSSL upgrade
> commits (I reverted the reverts ;-) plus a tentative upgrade of the
> serf library to 1.3.9.
>
> A small patch is included to allow building with Python3-based SCons.
>
> The oox module also needed minor patching because it uses some OpenSSL
> functions that were refactored since OpenSSL 1.1.0.
>
> I tested it under Linux with Peter's Docker image (adding SCons). It
> builds and runs, but I am not sure how to verify if the SSL related
> problems are solved.
>
> I could not yet test if it builds under Windows and Mac. Any help
> would be appreciated. Please note that the "serf" branch derives from
> trunk.
>
> Best regards,
I tried to build the serf branch but it broke on serf module. I think
I need Scons.
Are there instructions to add it?
Thanks,
Carl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
HI Arrigo,
Am 17.11.21 um 08:16 schrieb Arrigo Marchiori:
> Dear All,
>
> I pushed a new branch "serf", that contains the OpenSSL upgrade
> commits (I reverted the reverts ;-) plus a tentative upgrade of the
> serf library to 1.3.9.
>
> A small patch is included to allow building with Python3-based SCons.
>
> The oox module also needed minor patching because it uses some OpenSSL
> functions that were refactored since OpenSSL 1.1.0.
>
> I tested it under Linux with Peter's Docker image (adding SCons). It
> builds and runs, but I am not sure how to verify if the SSL related
> problems are solved.
On Linux simply look for AOO updates or new extensions.
Regards,
Matthias
>
> I could not yet test if it builds under Windows and Mac. Any help
> would be appreciated. Please note that the "serf" branch derives from
> trunk.
>
> Best regards,
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Dear All,
I pushed a new branch "serf", that contains the OpenSSL upgrade
commits (I reverted the reverts ;-) plus a tentative upgrade of the
serf library to 1.3.9.
A small patch is included to allow building with Python3-based SCons.
The oox module also needed minor patching because it uses some OpenSSL
functions that were refactored since OpenSSL 1.1.0.
I tested it under Linux with Peter's Docker image (adding SCons). It
builds and runs, but I am not sure how to verify if the SSL related
problems are solved.
I could not yet test if it builds under Windows and Mac. Any help
would be appreciated. Please note that the "serf" branch derives from
trunk.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Jim,
On Mon, Nov 15, 2021 at 02:56:37PM -0500, Jim Jagielski wrote:
> I'm gonna look into the serf->(lib)curl option... Since we don't use
> any of the fancy features of serf, I'm thinking that the easy option
> might be best
FWIW I have about 30 more minutes and I am looking at the opposite
way: integrating a newer Serf into trunk.
I think I am almost there; I have just fixed oox that did not compile
with the new openssl. If you do not want do double the
effort... please see this: http://home.apache.org/~ardovm/oox.patch
I hope it helps. I will be on Slack!
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
I'm gonna look into the serf->(lib)curl option... Since we don't use any of the fancy features of serf, I'm thinking that the easy option might be best
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello All,
excuse my late reply.
On Thu, Nov 11, 2021 at 08:59:33AM -0500, Jim Jagielski wrote:
> Wild question: Why do we even need TLS? I know, I know, that there
> is this push for SSL everywhere, but really, despite what the powers
> behind the "new internet" think, not all comms require TLS.
+1
I can understand the importance of downloading AOO through https, as
it gives an additional proof of the identity of the serving web site.
But simple information such as "there is a new version" is IMHO not so
important to require encryption, protection from man-in-the-middle
attacks and all the other goodies of https.
[...]
> So we think/know that OpenSSL1.1 would NOT have that problem because it works around the LetsEncrypt issue. Which means we have 2 options:
>
> 1. Stay w/ OpenSSL 1.0.2 and use the LE hack mentioned in this thread
> 2. Upgrade all to OpenSSL 1.1
>
> My assumption is that dropping Serf for Curl wouldn't make a difference since both use OpenSSL
>
Then OpenSSL should be upgraded nevertheless! ;-)
If I understood correctly, upgrading Serf would also require:
1- installing Scons. We could argue that we could ``throw our heart
over the bar'' and engage into this, as it could be the (somewhat
distant) future of AOO build system.
2- upgrading APR. I am a bit worried about what an APR upgrade would
depend on by itself. But upgrading our dependencies should be
considered A Good Thing, right?
Dropping Serf could also be a good path to follow, as _lowering_ the
number of our dependencies may be A Good Thing as well. But I have no
idea of the effort that replacing Serf calls with equivalent Curl calls
will require.
I hope the above makes sense. Comments are welcome.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 11.11.21 um 19:15 schrieb Jim Jagielski:
>
>> On Nov 11, 2021, at 10:51 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>>
>>
>> I still think we should work on 2. somehow.
> For AOO42X and above, I agree. It's a lot of work for AOO41X simply because of the additional requirements for the old build systems.
OK for me, if we can reconfigure the server.
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
> On Nov 11, 2021, at 10:51 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>
>
>
> I still think we should work on 2. somehow.
For AOO42X and above, I agree. It's a lot of work for AOO41X simply because of the additional requirements for the old build systems.
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 11.11.21 um 14:59 schrieb Jim Jagielski:
> Wild question: Why do we even need TLS? I know, I know, that there is this push for SSL everywhere, but really, despite what the powers behind the "new internet" think, not all comms require TLS.
>
> But Ok, with that off my chest :)
>
> So we think/know that OpenSSL1.1 would NOT have that problem because it works around the LetsEncrypt issue. Which means we have 2 options:
>
> 1. Stay w/ OpenSSL 1.0.2 and use the LE hack mentioned in this thread
> 2. Upgrade all to OpenSSL 1.1
In the short term we should do 1.
We would need to ask SourceForge if they can configure the certificates
for the extension site as mentioned.
And we should start to move our Update Feed locations to a seperate
server which also could have older TLS enabled.
I still think we should work on 2. somehow.
>
> My assumption is that dropping Serf for Curl wouldn't make a difference since both use OpenSSL
>
>> On Nov 11, 2021, at 8:46 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>> Hi Jim,
>>
>> Am 11.11.21 um 14:16 schrieb Jim Jagielski:
>>> According to the serf mailing list, there are issues, at least with the test suite.
>>>
>>> Can someone confirm that AOO42X/trunk do NOT have the problem? It would be a lot easier to back port the openssl and apr/serf stuff from those branches to AOO41X than upgrade all to openssl1.1/serf1.3.9
>> I just started my xubuntu VM with AOO 4.2.0 and it has the same problem.
>> No connection to our Update Feed/Extension site.
>>
>>>> On Nov 11, 2021, at 7:35 AM, Arrigo Marchiori <ar...@yahoo.it.INVALID> wrote:
>>>>
>>>> Hello Jim, All,
>>>>
>>>> On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote:
>>>>
>>>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf
>>>>> is upgraded to support 1.1
>>>> Sorry... do you mean _our_ serf?
>>>>
>>>> Because serf 1.3.9 seems to build and run fine standalone with openssl
>>>> 1.1.1.
>>>>
>>>> Thank you in advance for making this clear.
>>>>
>>>> Best regards,
>>>> --
>>>> Arrigo
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
Wild question: Why do we even need TLS? I know, I know, that there is this push for SSL everywhere, but really, despite what the powers behind the "new internet" think, not all comms require TLS.
But Ok, with that off my chest :)
So we think/know that OpenSSL1.1 would NOT have that problem because it works around the LetsEncrypt issue. Which means we have 2 options:
1. Stay w/ OpenSSL 1.0.2 and use the LE hack mentioned in this thread
2. Upgrade all to OpenSSL 1.1
My assumption is that dropping Serf for Curl wouldn't make a difference since both use OpenSSL
> On Nov 11, 2021, at 8:46 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Hi Jim,
>
> Am 11.11.21 um 14:16 schrieb Jim Jagielski:
>> According to the serf mailing list, there are issues, at least with the test suite.
>>
>> Can someone confirm that AOO42X/trunk do NOT have the problem? It would be a lot easier to back port the openssl and apr/serf stuff from those branches to AOO41X than upgrade all to openssl1.1/serf1.3.9
>
> I just started my xubuntu VM with AOO 4.2.0 and it has the same problem.
> No connection to our Update Feed/Extension site.
>
>>
>>> On Nov 11, 2021, at 7:35 AM, Arrigo Marchiori <ar...@yahoo.it.INVALID> wrote:
>>>
>>> Hello Jim, All,
>>>
>>> On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote:
>>>
>>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf
>>>> is upgraded to support 1.1
>>> Sorry... do you mean _our_ serf?
>>>
>>> Because serf 1.3.9 seems to build and run fine standalone with openssl
>>> 1.1.1.
>>>
>>> Thank you in advance for making this clear.
>>>
>>> Best regards,
>>> --
>>> Arrigo
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org <ma...@openoffice.apache.org>
>> For additional commands, e-mail: dev-help@openoffice.apache.org <ma...@openoffice.apache.org>
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Jim,
Am 11.11.21 um 14:16 schrieb Jim Jagielski:
> According to the serf mailing list, there are issues, at least with the test suite.
>
> Can someone confirm that AOO42X/trunk do NOT have the problem? It would be a lot easier to back port the openssl and apr/serf stuff from those branches to AOO41X than upgrade all to openssl1.1/serf1.3.9
I just started my xubuntu VM with AOO 4.2.0 and it has the same problem.
No connection to our Update Feed/Extension site.
>
>> On Nov 11, 2021, at 7:35 AM, Arrigo Marchiori <ar...@yahoo.it.INVALID> wrote:
>>
>> Hello Jim, All,
>>
>> On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote:
>>
>>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf
>>> is upgraded to support 1.1
>> Sorry... do you mean _our_ serf?
>>
>> Because serf 1.3.9 seems to build and run fine standalone with openssl
>> 1.1.1.
>>
>> Thank you in advance for making this clear.
>>
>> Best regards,
>> --
>> Arrigo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
According to the serf mailing list, there are issues, at least with the test suite.
Can someone confirm that AOO42X/trunk do NOT have the problem? It would be a lot easier to back port the openssl and apr/serf stuff from those branches to AOO41X than upgrade all to openssl1.1/serf1.3.9
> On Nov 11, 2021, at 7:35 AM, Arrigo Marchiori <ar...@yahoo.it.INVALID> wrote:
>
> Hello Jim, All,
>
> On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote:
>
>> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf
>> is upgraded to support 1.1
>
> Sorry... do you mean _our_ serf?
>
> Because serf 1.3.9 seems to build and run fine standalone with openssl
> 1.1.1.
>
> Thank you in advance for making this clear.
>
> Best regards,
> --
> Arrigo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Arrigo Marchiori <ar...@yahoo.it.INVALID>.
Hello Jim, All,
On Wed, Nov 10, 2021 at 01:19:16PM -0500, Jim Jagielski wrote:
> To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf
> is upgraded to support 1.1
Sorry... do you mean _our_ serf?
Because serf 1.3.9 seems to build and run fine standalone with openssl
1.1.1.
Thank you in advance for making this clear.
Best regards,
--
Arrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
To be honest, I think we are *stuck* with OpenSSL 1.0.2 until Serf is upgraded to support 1.1
> On Nov 10, 2021, at 12:22 PM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Am 10.11.21 um 18:05 schrieb Jim Jagielski:
>> Ugg ugg and double ugg
>>
>> We seem to be stuck in a chicken-and-egg situation.
>>
>> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>>
>> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
>
> The main problem is that Let's Encrypt root certificates expired at the
> end of October and OpenSSL 1.0.2 has problems with the new ones:
>
> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
>
> For whatever reason it still works on Windows, but AOO on Linux and
> macOS cannot connect to our Update Feed and the extensions site anymore.
>
> Workaround 3 (mentioned in the article) would be a possibility to fix
> that on the server side.
>
>>
>> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 10.11.21 um 18:05 schrieb Jim Jagielski:
> Ugg ugg and double ugg
>
> We seem to be stuck in a chicken-and-egg situation.
>
> Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
>
> What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
The main problem is that Let's Encrypt root certificates expired at the
end of October and OpenSSL 1.0.2 has problems with the new ones:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
For whatever reason it still works on Windows, but AOO on Linux and
macOS cannot connect to our Update Feed and the extensions site anymore.
Workaround 3 (mentioned in the article) would be a possibility to fix
that on the server side.
>
> PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
Ugg ugg and double ugg
We seem to be stuck in a chicken-and-egg situation.
Do we *really* need OpenSSL 1.1? Because even the latest release of serf doesn't really support that.
What is the issue w/ using OpenSSL 1.0.2 that is driving us to OpenSSL 1.1?
PS: OpenSSL is universally, IMO, becoming a major PITA. I'm all for upgrades and keeping things fresh, but it seems like it is moving way too fast for its consumers.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Am 10.11.21 um 16:51 schrieb Jim Jagielski:
> Yeah... I'm not sure which is the bigger effort: All the required serf/apr/scons upgrade or the Curl one.
Some time ago the maintainer of Serf offered us help. I also think he
wanted to move away from Scons in the next build.
Meanwhile, I found this:
https://bz.apache.org/ooo/show_bug.cgi?id=126312
Maybe that helps?
>
> For 4.1.X it's much more a big deal, because we support such ancient OSs. For 4.2.x and trunk, not so much.
>
>> On Nov 10, 2021, at 10:42 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>>
>> Hi Jim,
>>
>> Am 09.11.21 um 21:50 schrieb Jim Jagielski:
>>> I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
>>>
>>> To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
>>>
>>> One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
>>>
>>> The focus would be on ./main/ucb/source/ucp/webdav and migrating it from Serf to curl...
>> Looking at that code it may be a bigger rewrite?
>>
>> If it takes longer, can we do that in a separate branch?
>>
>> Regards,
>>
>> Matthias
>>
>>> Comments? Suggestions? Alternatives?
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
Yeah... I'm not sure which is the bigger effort: All the required serf/apr/scons upgrade or the Curl one.
For 4.1.X it's much more a big deal, because we support such ancient OSs. For 4.2.x and trunk, not so much.
> On Nov 10, 2021, at 10:42 AM, Matthias Seidel <ma...@hamburg.de> wrote:
>
> Hi Jim,
>
> Am 09.11.21 um 21:50 schrieb Jim Jagielski:
>> I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
>>
>> To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
>>
>> One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
>>
>> The focus would be on ./main/ucb/source/ucp/webdav and migrating it from Serf to curl...
>
> Looking at that code it may be a bigger rewrite?
>
> If it takes longer, can we do that in a separate branch?
>
> Regards,
>
> Matthias
>
>>
>> Comments? Suggestions? Alternatives?
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Openssl, serf and curl
Posted by Matthias Seidel <ma...@hamburg.de>.
Hi Jim,
Am 09.11.21 um 21:50 schrieb Jim Jagielski:
> I've recently folded in openssl-1.1 to trunk and all branches, but this gets us in a corner.
>
> To support this version of openssl, we need to upgrade Serf. This means that we need to also update apr and apr-util as well as include a requirement that the build server also as SCons installed. This could be problematic, esp for those older, legacy systems that we want to continue to support.
>
> One alternative is to simply drop Serf completely; we already require curl, and we could start using curl for the WebDav functionality instead of it being the (sole, afaict) reason for Serf.
>
> The focus would be on ./main/ucb/source/ucp/webdav and migrating it from Serf to curl...
Looking at that code it may be a bigger rewrite?
If it takes longer, can we do that in a separate branch?
Regards,
Matthias
>
> Comments? Suggestions? Alternatives?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
Re: Openssl, serf and curl
Posted by Jim Jagielski <ji...@jaguNET.com>.
I wonder if maybe we should also consider dropping OpenSSL for LibreSSL
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org