On 2016-08-26 20:11:11 +0000, Richard Levitte said:
>
> Note that I'm only embedding the major/minor version number. So "edit"
> and "letter" updates will keep the same library names. This is on par
> with our versioning policy, that a changed minor version number implies
> incompatible API/ABI changes, while "edit" changes only adds to the
> API/ABI, and "letter" changes don't even do that.
> (in OpenSSL terminology, 1.1 is a new major version, which deviates
> from the norm...)
Ayup; aware of that. That approach is something I prefer to avoid,
but it works.
> I did look at the manual after someone pointed this out, and if I
> understand correctly, they do this by fiddling with logicals, correct?
> I don't have access to a Rdb kit, so can't look for myself. But either
> way, fiddling with logicals is exactly what's done in the OpenSSL
> installation on VMS.
Rdb uses the version in the path, not in the filenames. That version
string is "masked" through the consistent use of logical names for the
path. The provided tool selects which version of the product to use,
and then all of the reference are identical and — depending on whether
the logical names are process or group or system or otherwise, the
default for the respective environment is established.
There's no mechanism nor framework nor dicumentation for this in
OpenVMS, so folks roll their own. PCSI could be better here, too. But
having everybody roll their own just means we repeat the same mistakes.
> Ok, so here's a question, would you use a third party package? I'm
> building one for OpenSSL, and plan on releasing a field test next week,
> mostly to make sure I don't make any gaffe (first time I build a
> .pcsi), and to collect opinions.
Probably not. Not here. I've used third-party distros, though
downloading and building from the canonical distribution site tends to
be preferred by various of the folks I work with. (The general lack
of support for code signing and verification is problematic on OpenVMS.
Even with posted SHA-2 values to verify the integrity of the
download, there are potential considerations around trust and security
of what actually gets downloaded. I can't recall encountering a
cryptographically signed app nor signed source code for OpenVMS,
either. Yes, HPE and VSI have what they call "secure delivery", and
that's a discussion for another day. But I digress.) Once you're up
for building your own bits, then downloading and verifying and building
from the canonical sources isn't a substantial incremental effort.
FWIW... PCSI kits can be multi-architecture, if you've not already
discovered that. The PCSI kits can be signed, too, though I don't know
if VSI has a process in place to offer that just yet.