Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

treewide: Default openssl version to 3.0 #150093

Merged
merged 81 commits into from
Aug 17, 2022
Merged

treewide: Default openssl version to 3.0 #150093

merged 81 commits into from
Aug 17, 2022

Conversation

dasJ
Copy link
Member

@dasJ dasJ commented Dec 10, 2021
edited
Loading

Motivation for this change

Newer version and kTLS finally.

I'll be adding a changelog entry when this is close to being merged because I don't want to resolve conflicts every 2 days ;)

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@Izorkin
Copy link
Contributor

Izorkin commented Dec 10, 2021

To activate kTLS support in openssl, need to add this changes:

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index ca2e240dd869f..b8cd042cb3012 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -108,6 +108,7 @@ let
       "-DUSE_CRYPTODEV_DIGESTS"
     ] ++ lib.optional enableSSL2 "enable-ssl2"
       ++ lib.optional enableSSL3 "enable-ssl3"
+      ++ lib.optional (versionAtLeast version "3.0.0") "enable-ktls"
       ++ lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng"
       # OpenSSL needs a specific `no-shared` configure flag.
       # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options

Added on this PR - #147027

@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild label Dec 10, 2021
@ofborg ofborg bot requested review from adevress, lovek323, edolstra and np December 10, 2021 18:24
@ajs124 ajs124 force-pushed the openssl3 branch 2 times, most recently from 2afb683 to ecf3fa0 Compare December 19, 2021 11:22
@FliegendeWurst FliegendeWurst added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jan 29, 2022
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 7, 2022
@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Apr 3, 2022
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Apr 3, 2022
@ajs124 ajs124 force-pushed the openssl3 branch 3 times, most recently from 8e4bd16 to 57c9919 Compare April 9, 2022 15:13
@ajs124 ajs124 mentioned this pull request Apr 10, 2022
Merged
13 tasks
@dasJ dasJ removed the 8.has: package (new) This PR adds a new package label Aug 17, 2022
mweinelt
mweinelt approved these changes Aug 17, 2022
View reviewed changes
Copy link
Member

@mweinelt mweinelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python changes look reasonable. Thank you!

@Lassulus Lassulus merged commit 187d0e6 into staging Aug 17, 2022
@ajs124 ajs124 deleted the openssl3 branch August 17, 2022 18:26
@ofborg ofborg bot added the 8.has: package (new) This PR adds a new package label Aug 17, 2022
@SuperSandro2000
Copy link
Member

SuperSandro2000 commented Aug 21, 2022
edited
Loading

This broke eval for node 18

error: anonymous function at /var/lib/ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/mr-est/ofborg-evaluator-5/pkgs/development/web/nodejs/v18.nix:1:1 called with unexpected argument 'openssl'

https://gist.github.com/GrahamcOfBorg/c8bdf4f7c30f233e103973486000eff9

@ajs124 ajs124 mentioned this pull request Aug 21, 2022
Merged
13 tasks
@jtojnar jtojnar mentioned this pull request Sep 15, 2022
Merged
13 tasks
@Atry Atry mentioned this pull request Sep 17, 2022
Closed
@ajs124 ajs124 mentioned this pull request Sep 20, 2022
Merged
13 tasks
facebook-github-bot pushed a commit to facebook/hhvm that referenced this pull request Sep 21, 2022
@Atry @facebook-github-bot
Pin OpenSSL version to 1.1 (#9208)
86960df 
Summary:
#9184 fails because recently nixpkgs unstable changes the default OpenSSL version to 3.0, which is not compatible with Folly.
- See https://github.com/facebook/hhvm/actions/runs/3065306837 for build log.
- See NixOS/nixpkgs#150093 for the nixpkgs commit.

This PR pins OpenSSL version to 1.1 to suppress the error.

Pull Request resolved: #9208

Test Plan: GitHub Actions should pass

Reviewed By: alexeyt

Differential Revision: D39596559

Pulled By: Atry

fbshipit-source-id: c1afa8c3eb30b1354d1cc5972325795d39a1ce13
@roberth roberth mentioned this pull request Sep 23, 2022
Merged
13 tasks
Yarny0 added a commit to Yarny0/nixpkgs that referenced this pull request Sep 29, 2022
@Yarny0
tsm-client: pin to openssl_1_1
021cff2 
The switch to openssl 3 broke tsm-client
as it still requires openssl 1.1 .
In the sprit of many commits of

NixOS#150093

the commit at hand pins the openssl version for
tsm-client to version 1.1 .

Sadly, IBM's documentation of requirements

https://www.ibm.com/support/pages/node/660813

does not mention openssl in any way
(at the time of this writing).
@ajs124 ajs124 mentioned this pull request Jan 12, 2023
Closed
@ajs124 ajs124 mentioned this pull request May 2, 2023
Closed
12 tasks
j6carey pushed a commit to awakesecurity/nixpkgs that referenced this pull request Nov 13, 2023
@Lassulus @j6carey
Merge pull request NixOS#150093 from NixOS/openssl3
065893b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sternenseemann sternenseemann sternenseemann approved these changes

@mweinelt mweinelt mweinelt approved these changes

@stigtsp stigtsp stigtsp approved these changes

@adevress adevress Awaiting requested review from adevress

@lovek323 lovek323 Awaiting requested review from lovek323

@edolstra edolstra Awaiting requested review from edolstra

@np np Awaiting requested review from np

@IvarWithoutBones IvarWithoutBones Awaiting requested review from IvarWithoutBones

@jtojnar jtojnar Awaiting requested review from jtojnar

@aanderse aanderse Awaiting requested review from aanderse

@etu etu Awaiting requested review from etu

@globin globin Awaiting requested review from globin

@Ma27 Ma27 Awaiting requested review from Ma27

@talyz talyz Awaiting requested review from talyz

@marsam marsam Awaiting requested review from marsam

@zakame zakame Awaiting requested review from zakame

@cdepillabout cdepillabout Awaiting requested review from cdepillabout

@maralorn maralorn Awaiting requested review from maralorn

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

Assignees
No one assigned
Labels
6.topic: erlang 6.topic: haskell 6.topic: lua 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python 6.topic: ruby 8.has: changelog 8.has: clean-up 8.has: documentation This PR adds or changes documentation 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.