Skip to content

treewide: Default openssl version to 3.0#150093

Merged
Lassulus merged 81 commits intostagingfrom
openssl3
Aug 17, 2022
Merged

treewide: Default openssl version to 3.0#150093
Lassulus merged 81 commits intostagingfrom
openssl3

Conversation

@dasJ
Copy link
Member

@dasJ dasJ commented Dec 10, 2021
edited
Loading

Motivation for this change

Newer version and kTLS finally.

I'll be adding a changelog entry when this is close to being merged because I don't want to resolve conflicts every 2 days ;)

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@Izorkin
Copy link
Contributor

Izorkin commented Dec 10, 2021

To activate kTLS support in openssl, need to add this changes:

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index ca2e240dd869f..b8cd042cb3012 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -108,6 +108,7 @@ let
       "-DUSE_CRYPTODEV_DIGESTS"
     ] ++ lib.optional enableSSL2 "enable-ssl2"
       ++ lib.optional enableSSL3 "enable-ssl3"
+      ++ lib.optional (versionAtLeast version "3.0.0") "enable-ktls"
       ++ lib.optional (versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng"
       # OpenSSL needs a specific `no-shared` configure flag.
       # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options

Added on this PR - #147027

@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. label Dec 10, 2021
@ofborg ofborg bot requested review from adevress, edolstra, lovek323 and np December 10, 2021 18:24
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Dec 10, 2021
@ofborg ofborg bot added the 8.has: clean-up This PR removes packages or removes other cruft label Dec 11, 2021
@ajs124 ajs124 force-pushed the openssl3 branch 2 times, most recently from 2afb683 to ecf3fa0 Compare December 19, 2021 11:22
@FliegendeWurst FliegendeWurst added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jan 29, 2022
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 7, 2022
@github-actions github-actions bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Apr 3, 2022
@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Apr 3, 2022
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Apr 3, 2022
@ajs124 ajs124 force-pushed the openssl3 branch 4 times, most recently from 8e4bd16 to 57c9919 Compare April 9, 2022 15:13
@github-actions github-actions bot added the 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. label Apr 9, 2022
@ajs124 ajs124 mentioned this pull request Apr 10, 2022
Merged
13 tasks
@dasJ dasJ removed the 8.has: package (new) This PR adds a new package label Aug 17, 2022
mweinelt
mweinelt approved these changes Aug 17, 2022
View reviewed changes
Copy link
Member

@mweinelt mweinelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python changes look reasonable. Thank you!

@Lassulus Lassulus merged commit 187d0e6 into staging Aug 17, 2022
@ajs124 ajs124 deleted the openssl3 branch August 17, 2022 18:26
@ofborg ofborg bot added the 8.has: package (new) This PR adds a new package label Aug 17, 2022
@SuperSandro2000
Copy link
Member

SuperSandro2000 commented Aug 21, 2022
edited
Loading

This broke eval for node 18

error: anonymous function at /var/lib/ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/mr-est/ofborg-evaluator-5/pkgs/development/web/nodejs/v18.nix:1:1 called with unexpected argument 'openssl'

https://gist.github.com/GrahamcOfBorg/c8bdf4f7c30f233e103973486000eff9

@ajs124 ajs124 mentioned this pull request Aug 21, 2022
Merged
13 tasks
@jtojnar jtojnar mentioned this pull request Sep 15, 2022
Merged
13 tasks
@Atry Atry mentioned this pull request Sep 17, 2022
Closed
@ajs124 ajs124 mentioned this pull request Sep 20, 2022
Merged
13 tasks
facebook-github-bot pushed a commit to facebook/hhvm that referenced this pull request Sep 21, 2022
@Atry @facebook-github-bot
Pin OpenSSL version to 1.1 (#9208)
86960df 
Summary:
#9184 fails because recently nixpkgs unstable changes the default OpenSSL version to 3.0, which is not compatible with Folly.
- See https://github.com/facebook/hhvm/actions/runs/3065306837 for build log.
- See NixOS/nixpkgs#150093 for the nixpkgs commit.

This PR pins OpenSSL version to 1.1 to suppress the error.

Pull Request resolved: #9208

Test Plan: GitHub Actions should pass

Reviewed By: alexeyt

Differential Revision: D39596559

Pulled By: Atry

fbshipit-source-id: c1afa8c3eb30b1354d1cc5972325795d39a1ce13
@roberth roberth mentioned this pull request Sep 23, 2022
Merged
13 tasks
Yarny0 added a commit to Yarny0/nixpkgs that referenced this pull request Sep 29, 2022
@Yarny0
tsm-client: pin to openssl_1_1
021cff2 
The switch to openssl 3 broke tsm-client
as it still requires openssl 1.1 .
In the sprit of many commits of

NixOS#150093

the commit at hand pins the openssl version for
tsm-client to version 1.1 .

Sadly, IBM's documentation of requirements

https://www.ibm.com/support/pages/node/660813

does not mention openssl in any way
(at the time of this writing).
@ajs124 ajs124 mentioned this pull request Jan 12, 2023
Closed
@ajs124 ajs124 mentioned this pull request May 2, 2023
Closed
12 tasks
j6carey pushed a commit to awakesecurity/nixpkgs that referenced this pull request Nov 13, 2023
@Lassulus @j6carey
Merge pull request NixOS#150093 from NixOS/openssl3
065893b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stigtsp stigtsp stigtsp approved these changes

@mweinelt mweinelt mweinelt approved these changes

@sternenseemann sternenseemann sternenseemann approved these changes

@adevress adevress Awaiting requested review from adevress

@lovek323 lovek323 Awaiting requested review from lovek323

@edolstra edolstra Awaiting requested review from edolstra

@np np Awaiting requested review from np

@IvarWithoutBones IvarWithoutBones Awaiting requested review from IvarWithoutBones

@jtojnar jtojnar Awaiting requested review from jtojnar

@aanderse aanderse Awaiting requested review from aanderse

@etu etu Awaiting requested review from etu

@globin globin Awaiting requested review from globin

@Ma27 Ma27 Awaiting requested review from Ma27

@talyz talyz Awaiting requested review from talyz

@marsam marsam Awaiting requested review from marsam

@zakame zakame Awaiting requested review from zakame

@cdepillabout cdepillabout Awaiting requested review from cdepillabout

@maralorn maralorn Awaiting requested review from maralorn

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

Assignees

No one assigned

Labels

6.topic: erlang General-purpose, concurrent, functional high-level programming language 6.topic: haskell General-purpose, statically typed, purely functional programming language 6.topic: lua Lua is a powerful, efficient, lightweight, embeddable scripting language. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: ruby A dynamic, open source programming language with a focus on simplicity and productivity. 8.has: changelog This PR adds or changes release notes 8.has: clean-up This PR removes packages or removes other cruft 8.has: documentation This PR adds or changes documentation 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.