For instance, the packages xmltooling, xml-security-c, and opensaml2 all still depend on the older openssl. Happily, Ubuntu 18.10 has updated these packages, and it's not hard to backport them to Ubuntu 18.04. I did that and uploaded the backport sources to a ppa.
To stop using them, uninstall the packages you installed (!), then purge the ppa (which also removes any remaining packages from that ppa), e.g.$ sudo add-apt-repository ppa:dank/openssl-uplift $ sudo apt dist-upgrade $ sudo apt install libsaml2-dev libxml-security-c-dev libxmltooling-dev
It's a bit odd that I had to do apt dist-upgrade before installing the dev packages, and uninstall them manually before running ppa-purge, but apt needs a little manual help to avoid getting confused by the twisty dependencies.$ sudo apt install ppa-purge aptitude $ sudo apt remove libsaml2-dev libxml-security-c-dev libxmltooling-dev $ sudo ppa-purge ppa:dank/openssl-uplift
First, I created a fresh ubuntu 18.10 instance with
In it, I retrieved the new package sources with the small script grab.sh.txt.$ lxc launch ubuntu:18.10 demo-ubu1810
I then created a fresh ubuntu 18.04 instance with
logged into it, transferred the downloaded sources to it, and applied two very small patches to fix dependencies, version numbers, and add appropriate changelog entries:$ lxc launch ubuntu:18.04 demo-ubu1804
$ wget http://kegel.com/linux/openssl-ubuntu18.04-snafu/ubu1804-backport.patch $ wget http://kegel.com/linux/openssl-ubuntu18.04-snafu/changelogs.patch $ rm -f *.debian.tar* # old debian tarballs now stale... $ patch -p0 < ubu1804-backport.patch $ patch -p1 < changelogs.patch
Then I backed up the edited source trees, and did a check build with the small script build.sh.txt.
Once that succeeded, I followed Gert van Dijk's backport tutorial to set up for building signed packages.
Dealing with gpg is always traumatic for me, mostly because I forget the passphrase for my secret key... so I had to generate a new one and upload it to the ubuntu keyserver; see my Uploading to an Ubuntu PPA page.
I then repeated the build without the "-b -uc -us" options on debuild, and verified that nice signed packages were generated.
I then restored the backup to get the source trees without any build products, and did a source-only build with the small script srcbuild.sh.txt. since launchpad does not allow mixed source/binary builds.
When that succeeded, I the source packages to my ppa. Because they have to build in a certain order, I did this one at a time in build order, i.e. I first did
and waited for the ppa page to show the build succeeded, then I uploaded xmltooling, waited again, and uploaded opensaml2.dput ppa:dank/openssl-uplift xml-security-c_2.0.1-1~bionic_source.changes
Careful, if you forget to specify the ppa to dput, it tries to upload... elsewhere, which is probably bad.