Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): update aws-lc-rs version to remove paste deps #5192

Merged
merged 1 commit into from
Mar 14, 2025
Merged

build(deps): update aws-lc-rs version to remove paste deps #5192

merged 1 commit into from
Mar 14, 2025

Conversation

boquan-fang
Copy link
Contributor

Release Summary:

Resolved issues:

resolves #5171

Description of changes:

Paste is archived, but it is a dependencies of aws-ls-rs. AWS-LC has remove that dependencies and release their aws-lc-rs and aws-lc-fips-sys crates. We should use the most up to date aws-lc-rs crate, so that paste will not be one of our dependencies.

Cargo tree before:

paste v1.0.15 (proc-macro)
├── aws-lc-rs v1.12.2
│   └── s2n-tls-sys v0.3.13 (/home/ubuntu/workspace/s2n-tls/bindings/rust/extended/s2n-tls-sys)
│       └── s2n-tls v0.3.13 (/home/ubuntu/workspace/s2n-tls/bindings/rust/extended/s2n-tls)
│           └── s2n-tls-tokio v0.3.13 (/home/ubuntu/workspace/s2n-tls/bindings/rust/extended/s2n-tls-tokio)
│           [dev-dependencies]
│           └── s2n-tls-tokio v0.3.13 (/home/ubuntu/workspace/s2n-tls/bindings/rust/extended/s2n-tls-tokio)
└── aws-lc-sys v0.25.1
    └── aws-lc-rs v1.12.2 (*)

Cargo tree after such change:

ubuntu@ip-172-31-59-74:~/workspace/s2n-tls/bindings/rust/extended$ cargo tree --invert paste
error: package ID specification `paste` did not match any packages

Call-outs:

I am aware of the comments that were put in Cargo.toml to specify aws-lc-rs deps:

s2n-tls/bindings/rust/extended/s2n-tls-sys/templates/Cargo.template

Lines 38 to 44 in 785ed14

[dependencies]
# aws-lc-rs 1.6.4 adds DEP_AWS_LC environment variables which are required to build s2n-tls-sys:
# https://github.com/aws/aws-lc-rs/pull/335
aws-lc-rs = { version = "1.6.4" }
# aws-lc-rs 1.6.4 depends on aws-lc-sys 0.14.0, which requires libc 0.2.121:
# https://github.com/aws/aws-lc-rs/blob/2298ca861234d4f43aecef2c7d7e822c60bc488a/aws-lc-sys/Cargo.toml#L65
libc = "0.2.121"

I check the previous PR that updates this part: #5028
@goatgoose said:

There are currently dependency versions in the s2n-tls rust bindings that are specified as acceptable but are impossible to actually use. For example, we specify "1" as an acceptable aws-lc-rs version, but versions before 1.6.4 result in a build failure. This PR updates these dependency versions to the correct minimum versions

Hence, we just need to make sure that the aws-lc-rs is later than v1.6.4. I am proposing to use v1.12.6 and later which shouldn't have any problems.

Testing:

CI test should show that such change will not cause issues in the binding.
I have show that paste will be removed from the codebase in Description of Changes.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Mar 14, 2025
@boquan-fang boquan-fang marked this pull request as ready for review March 14, 2025 00:02
@boquan-fang boquan-fang requested a review from dougch March 14, 2025 18:02
@boquan-fang boquan-fang added this pull request to the merge queue Mar 14, 2025
Merged via the queue into aws:main with commit 4fc1521 Mar 14, 2025
47 checks passed
@boquan-fang boquan-fang deleted the paste-deprecation branch March 14, 2025 19:22
@BrewTestBot BrewTestBot mentioned this pull request Mar 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camshaft camshaft camshaft approved these changes

@dougch dougch dougch approved these changes

@maddeleine maddeleine Awaiting requested review from maddeleine

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RUSTSEC-2024-0436: paste - no longer maintained
3 participants
@boquan-fang @camshaft @dougch