Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1516860

Summary: nodejs: Builds against compat-openssl10-devel which will be removed
Product: [Fedora] Fedora Reporter: Tomas Mraz <tmraz>
Component: nodejsAssignee: NodeJS Packaging SIG <nodejs-sig>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: alessandro.polidori, hkario, jamielinux, mrunge, nodejs-sig, piotr1212, sgallagh, tchollingsworth, thrcka, zsvetlik
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-01 11:58:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1383740    

Description Tomas Mraz 2017-11-23 12:57:55 UTC 
The package currently depends on compat-openssl10-devel which will be removed. It needs to be ported to OpenSSL 1.1 API and built against regular openssl-devel package.

If you need help with porting the package feel free to contact me.
Comment 1 Stephen Gallagher 2017-11-27 13:42:24 UTC 
(In reply to Tomas Mraz from comment #0)
> The package currently depends on compat-openssl10-devel which will be
> removed. It needs to be ported to OpenSSL 1.1 API and built against regular
> openssl-devel package.
> 
> If you need help with porting the package feel free to contact me.

This *cannot* happen. We need this to remain for F27 (but we can drop it in F28).

The reason is that Node.js upstream has only added support for OpenSSL 1.1 as of version 9.x. However, 9.x will be EOL before Fedora 28 is (it ends all support in July 2018). There has also been a long and involved upstream discussion about this support[1] and why it had to wait until 9.x. As a result, we need to continue to carry Node.js 8.x in Fedora until Fedora 29.

In May 2018, Node.js will release version 10.x which we will carry in F29 and F30, which supports OpenSSL 1.1.

In short, please don't remove compat-openssl10-devel in Fedora 28, as it will force us to be unable to ship Node.js in that release. This is a critical piece of software.

Also, changes of this magnitude really need to go through the https://fedoraproject.org/wiki/Mass_package_changes process, which this did not. In particular, there was no gaining of consensus. Also, a change like this probably should go to FESCo via the Change Process, since it affects a huge amount of software.

[1] https://github.com/nodejs/node/issues/4270
Comment 2 Tomas Mraz 2017-11-27 15:24:23 UTC 
I did not say when it will be removed. I just said it will be at some point.
Comment 5 Fedora End Of Life 2018-02-20 15:23:57 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle.
Changing version to '28'.
Comment 7 Stephen Gallagher 2018-06-01 11:58:16 UTC 
Node.js 10.x (slated to be default in Fedora 29) has upstream support for OpenSSL 1.1.
Comment 8 Zuzana Svetlikova 2018-06-04 08:50:40 UTC 
Node.js v8.x is compatible with both versions of openssl