Updating "lua-resty-jwt" and "lua-resty-hmac" for OpenSSL 1.1

[cdbattags]

Follow along as we get updated package added to root manifest: luarocks/luarocks-site#133

Hopefully HMAC is close behind: jkeys089/lua-resty-hmac#9

But until then can we get something temporary added on here to depend on @jkeys089 instead?

[cdbattags]

Just saw that y'all are already using jkeys089/lua-resty-hmac (https://github.com/zmartzone/lua-resty-openidc/blob/master/dist.ini#L7) so no worries. As soon as we get my fork added to the root manifest we'll be all set.

[cdbattags]

Why are y'all using two different package dependencies for OPM and LuaRocks? Looks like for OPM it's jkeys089/lua-resty-hmac but on LuaRocks y'all are using jamesmarlowe/lua-resty-hmac?

[zandbelt]

I believe lua-resty-jwt from luarocks includes its own lua-resty-hmac version.

[cdbattags]

check out https://github.com/cdbattags/lua-resty-jwt for a working OpenSSL 1.1.x implementation

latest update can be found at https://opm.openresty.org/ with v0.1.14

[Lawri-van-Buel]

I had an error like

*1 lua entry thread aborted: runtime error: /usr/local/openresty/site/lualib/resty/evp.lua:216: /usr/local/openresty/luajit/lib/libluajit-5.1.so.2: undefined symbol: EVP_MD_CTX_create
stack traceback:
coroutine 0:
	[C]: in function '__index'
	/usr/local/openresty/site/lualib/resty/evp.lua:216: in function 'verify'
	/usr/local/openresty/site/lualib/resty/jwt.lua:812: in function 'verify_jwt_obj'
	/usr/local/openresty/site/lualib/resty/openidc.lua:819: in function 'openidc_load_jwt_and_verify_crypto'
	/usr/local/openresty/site/lualib/resty/openidc.lua:884: in function 'authenticate'
	/usr/local/openresty/nginx/conf/lua/oidc.lua:2: in function </usr/local/openresty/nginx/conf/lua/oidc.lua:1>, client: 127.0.0.1, server: localhost.ld, request: "GET /redirect?code=<CODE>&state=<state> HTTP/1.1", host: "localhost.ld"

To resolve it I did the following:

opm remove SkyLothar/lua-resty-jwt
opm get cdbattags/lua-resty-jwt

@zandbelt got any idea why? and can we use a different one?

[zandbelt]

@cdbattags could you remove the lua-resty-openidc version 1.6.0 associated with your repo in the OPM listing at opm.openresty.org? That will only cause confusion.

[ChristianCiach]

@Lawri-van-Buel Thank you, that worked for us, too!

@zandbelt Could you please update your OPM-dependency to the jwt module by @cdbattags ? The module by SkyLothar seems to be abandoned. A simple "yum update" just broke our production system just because it updated OpenResty, while the module by SkyLothar became incompatible.

[cdbattags]

Hola folks, sorry for the delay on this! So I realized this after the fact but OPM doesn't allow deletions from their registry. I figured the best scenario is to keep all tags up until when I took it over and go ahead and bump the versioning to v0.2.0 and move on from there. Would this satisfy y'all?

@zandbelt, could respond on this asap as to how we want to proceed? Again, I can't currently remove anything from OPM registry at this time (per openresty/opm#62). Meanwhile, I can be sure that LuaRocks is an exact mirror of the tags in the repo easily through any deletions.

I'm also updating travic-ci tests for lua-resty-jwt to use the latest version of OpenResty.

[cdbattags]

Ok! So we are all set with v0.2.0 on http://luarocks.org/modules/cdbattags/lua-resty-jwt/0.2.0-0 and at https://opm.openresty.org/!

We should be all set to update this package!

[cdbattags]

@agentzh hopefully will be removing everything else shortly!

[cdbattags]

More updates: my fork of this package has now been removed from OPM. Shall I submit a PR for this one-liner?

[cdbattags]

Please see #165