Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2024.1] Separate FIPS version from other OpenSSL version, bump OpenSSL to 3.0.15 #289

Merged
merged 4 commits into from
Oct 23, 2024
Merged

[2024.1] Separate FIPS version from other OpenSSL version, bump OpenSSL to 3.0.15 #289

merged 4 commits into from
Oct 23, 2024

Conversation

es1024
Copy link
Contributor

@es1024 es1024 commented Oct 19, 2024
edited
Loading

Bumping OpenSSL to 3.0.15. FIPS must stay on 3.0.8, so separating the two. Same as #285

Also moved aarch64 builds from CircleCI (which no longer works) to GitHub Actions and removed EOL CentOS 7 builds.

@es1024 es1024 requested review from mbautin and svarnau October 19, 2024 00:28
@es1024 es1024 force-pushed the 2024.1 branch 3 times, most recently from 656c7d3 to f35bac1 Compare October 23, 2024 09:46
mbautin
mbautin approved these changes Oct 23, 2024
View reviewed changes
python/build_definitions/openssl_fips.py
Comment on lines +42 to +47
# Patch fixes the following error on kernel versions < 4.1.0:
# ld.lld: error: version script assignment of 'global' to symbol 'bind_engine' failed:
# symbol not defined
# ld.lld: error: version script assignment of 'global' to symbol 'v_check' failed:
# symbol not defined
self.patches = ['openssl-fix-afalg-link-on-centos7.patch']
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps a better approach to patch management is to create a yugabyte fork of the upstream project, push our code there along with our patches in a separate branch, and create a tag. If you think that is a good idea, feel free to do that as a separate change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for this patch we might actually be able to drop it entirely from both OpenSSL builds -- CentOS 7 should be the only build target we had that ran on a linux kernel under 4.1.0, and we don't build that anymore.

@es1024 es1024 merged commit 06f6a13 into yugabyte:2024.1 Oct 23, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbautin mbautin mbautin approved these changes

@svarnau svarnau Awaiting requested review from svarnau

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@es1024 @mbautin