[cppget] git tags or versions
Boris Kolpackov
boris at codesynthesis.com
Mon Jul 31 14:53:08 UTC 2023
Lucas Gonze via users <users at cppget.org> writes:
> Is it safe to assume that these libraries were built from 1.1.1 branch?
>
> libcrypto 1.1
> libssl 1.1
Hm, are you referring to the .so binaries (e.g., libcrypto-1.1.so) that
were built from the build2 libcrypto package[1]?
If the answer is yes, then, yes, all the libcrypto-1.1.so binaries
would have been built from the libcrypto-1.1.1+X packages which in
turn are all based on (upstream) OpenSSL 1.1.1Y.
Generally, if you want to trace the provenance of a binary that was
built from a build2 package, the recommended procedure would be:
1. Determine the version of the source package that this binary
has been built from. So in the above example it could be:
libcrypto-1.1.so -> 1.1.1+21
2. If the source package doesn't use the same versioning scheme as
upstream, then look for the upstream-version value. So in the above
example:
1.1.1+21 -> 1.1.1u
3. If you want to trace the version to upstream commit id, use the
package-url value to locate the package git repository. In the
above example:
package-url: git.build2.org/cgit/packaging/openssl/
Then, in that git repository locate the v<version> tag (v1.1.1+21
in the above example) and from that tag get the commit id of the
upstream submodule (70c2912 in the above example).
You can then take this commit id and use it in the upstream git
repository. In the above example:
https://github.com/openssl/openssl/commit/70c2912
[1] https://cppget.org/libcrypto
More information about the users
mailing list