Building with MbedTLS 3.x on Debian

[Tachi107]

Hi all!

I'm in the process of transitioning Debian to use the new MbedTLS 3.6 LTS release, which supersedes the older 2.28.x branch currently packaged in Debian and Ubuntu.

Unfortunately, bibledit is among the packages which are failing to build with this new MbedTLS release, and is hence holding back the transition.

I tried looking into the failures, but this project is quite complex and haven't been able to provide a patch myself. Here is one of the failures I've encountered while building your software:

webserver/webserver.cpp:34:10: fatal error: mbedtls/certs.h: No such file or directory
   34 | #include <mbedtls/certs.h>
      |          ^~~~~~~~~~~~~~~~~

According to MbedTLS' 3.0 migration guide, available at https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/3.0-migration-guide.md, the "certs" module has been removed from the library as it was always considered suitable for production use.

Hope this can get fixed soon! If you need help with MbedTLS, I'll do my best to be helpful :)

Bye!

[teusbenschop]

Hello Andrea,

Thank you for the update. Yes, so the time has now come to move to MbedTLS 3.x from v 2.x.

There's a plan to do this in phases, and this issue causes this plan to be put into motion.

These are the phases:

• Open a bug in the Debian BTS about the migration needed for bibledit: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074325
• Open a bug in the Debian BTS about the migration needed for bibledit-cloud: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074326
• Upload an interim version of Bibledit that integrates the current 2.x branch within its source code. The result of this will be that it no longer blocks the MbedTLS transition you are working on.
• Upload an interim version of Bibledit Cloud that integrates the current 2.x branch within its source code. The result of this will be that it no longer blocks the MbedTLS transition you are working on.
• Take the time to properly upgrade Bibledit to MbedTLS 3.x.
• Take the time to properly upgrade Bibledit Cloud to MbedTLS 3.x.
• Wait till package mbedtls version 3.x has made it into Debian unstable. See https://tracker.debian.org/pkg/mbedtls and https://release.debian.org/transitions/html/auto-mbedtls.html
• Strip the integrated MbedTLS from Bibledit and let it link to version 3.x.
• Strip the integrated MbedTLS from Bibledit Cloud and let it link to version 3.x.
• Upload the new Bibledit to Debian.
• Upload the new Bibledit Cloud to Debian.

[teusbenschop]

Hello @Tachi107 , a new upload was made and is now building in Debian unstable, that won't hold back the transition to MbedTLS 3.6 any more. It temporarily embeds the code from mbedtls. The plan is that once mbedtls 3.6 has made it to unstable, that I make a new upload that again links to the system-provided mbedtls library.

Thanks for your work on transitioning MbedTLS, and good luck!

[Tachi107]

Hi Teus, thanks for your super fast action and spot-on suggestions! I'll go ahead with the transition, I still have quite a few packages to look into :)

Thanks again!