Web lists-archives.com

Planning the removal of c_rehash | mass bug filling




Hi,

the openssl package provides the c_rehash script which creates the links
from XXXXXXXX.Y to the actual certificate in /etc/ssl/certs/. During the
transition from 0.9.8 to 1.0.0 the hash (for the X part) changed from
md5 to sha1. Since that transition in Debian the c_rehash script
provides both symlinks: the old hash (md5) and the new (sha1) one. 

The c_rehash script is considered by upstream as a fallback script and
will disappear at some point. The recommended way is to use the "openssl
rehash" command instead which appeared in 1.1.0.  This command creates
half that many symlinks (one per certificate instead of two) because it
uses only the sha1 hash. There is also the -compat option which creates
both symlinks (and behaves like c_rehash currently does) but as
explained above it should not be required to use it.

I am planning to fill bugs against 23 packages which use "c_rehash" to
use "openssl rehash" instead. Here is the dd-list of packages I
identified:

Alessio Di Mauro <alessio@xxxxxxxxxx>
   yubico-piv-tool (U)

Antonio Terceiro <terceiro@xxxxxxxxxx>
   ruby-openssl (U)

Christian Perrier <bubulle@xxxxxxxxxx>
   ca-certificates (U)

Cyril Brulebois <kibi@xxxxxxxxxx>
   debian-installer (U)

Cédric Boutillier <boutil@xxxxxxxxxx>
   ruby-httparty (U)

Dain Nilsson <dain@xxxxxxxxxx>
   yubico-piv-tool (U)

David Bremner <bremner@xxxxxxxxxx>
   racket

Debian AppArmor Team <pkg-apparmor-team@xxxxxxxxxxxxxxxxxxxxxxx>
   apparmor

Debian Authentication Maintainers <pkg-auth-maintainers@xxxxxxxxxxxxxxxxxxxxxxx>
   yubico-piv-tool

Debian Chromium Maintainers <pkg-chromium-maint@xxxxxxxxxxxxxxxxxxxxxxx>
   chromium-browser

Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@xxxxxxxxxxxxxxxxxxxxxxx>
   freeradius

Debian Install System Team <debian-boot@xxxxxxxxxxxxxxxx>
   debian-installer

Debian OpenLDAP Maintainers <pkg-openldap-devel@xxxxxxxxxxxxxxxxxxxxxxx>
   openldap

Debian QA Group <packages@xxxxxxxxxxxxx>
   sendmail

Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@xxxxxxxxxxxxxxxxxxxxxxx>
   ruby-httparty
   ruby-openssl

Felix Lechner <felix.lechner@xxxxxxxxxxxx>
   wolfssl

Iain R. Learmonth <irl@xxxxxxxxxx>
   scapy (U)
   scapy3k (U)

Internet Measurement Packaging Team <pkg-netmeasure-discuss@xxxxxxxxxxxxxxxxxxxxxxx>
   scapy
   scapy3k

intrigeri <intrigeri@xxxxxxxxxx>
   apparmor (U)

Josip Rodin <joy-packages@xxxxxxxxxx>
   freeradius (U)

Klas Lindfors <klas@xxxxxxxxxx>
   yubico-piv-tool (U)

LaMont Jones <lamont@xxxxxxxxxx>
   postfix

Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>
   sx

Mark Brown <broonie@xxxxxxxxxx>
   xemacs21-packages

Mark Hymers <mhy@xxxxxxxxxx>
   freeradius (U)

Markus Wanner <markus@xxxxxxxxxx>
   courier

Matthijs Möhlmann <matthijs@xxxxxxxxxxxx>
   openldap (U)

Michael Gilbert <mgilbert@xxxxxxxxxx>
   chromium-browser (U)

Michael Shuler <michael@xxxxxxxxxxxxxx>
   ca-certificates

Michael Stapelberg <stapelberg@xxxxxxxxxx>
   freeradius (U)

Raphael Geissert <geissert@xxxxxxxxxx>
   ca-certificates (U)

Riku Voipio <riku.voipio@xxxxxxxxxx>
   chromium-browser (U)

Roger A. Light <roger@xxxxxxxxxx>
   mosquitto

Ryan Tandy <ryan@xxxxxxxxx>
   openldap (U)

Sam Hartman <hartmans@xxxxxxxxxx>
   freeradius (U)

Scott Kitterman <scott@xxxxxxxxxxxxx>
   postfix (U)

Sebastian Reichel <sre@xxxxxxxxxx>
   python-paho-mqtt

Sebastien Delafond <seb@xxxxxxxxxx>
   mitmproxy

Simon Josefsson <simon@xxxxxxxxxxxxx>
   yubico-piv-tool (U)

Stephen Gran <sgran@xxxxxxxxxx>
   freeradius (U)

Steve Langasek <vorlon@xxxxxxxxxx>
   openldap (U)

Tatsuya Kinoshita <tats@xxxxxxxxxx>
   wl
   wl-beta

Thijs Kinkhorst <thijs@xxxxxxxxxx>
   ca-certificates (U)

Torsten Landschoff <torsten@xxxxxxxxxx>
   openldap (U)

Sebastian