Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: update openssl to openssl1.1.1k+quic #37916

Closed

Conversation

hassaanp
Copy link
Contributor

Updated openssl dep to openssl1.1.1k+quic using the maintenance guide.

Fixes: #37913

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. labels Mar 25, 2021
@hassaanp hassaanp force-pushed the deps/update-openssl-to-openssl1.1.1k branch 2 times, most recently from d41048a to 6e20276 Compare March 25, 2021 17:08
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1k+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences  .travis-create-release.sh
    $ cd ..
    $ git add --all openssl
    $ git commit openssl
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@hassaanp hassaanp force-pushed the deps/update-openssl-to-openssl1.1.1k branch from 6e20276 to 16da9a7 Compare March 26, 2021 05:04
@hassaanp hassaanp requested a review from jasnell March 26, 2021 10:48
@tniessen
Copy link
Member

Manually verified 16da9a7 (tree 250f02dc10d0029dd0a51e26c4d6a274f8599d52).

All changes are legit.

tniessen added a commit to tniessen/node that referenced this pull request Mar 26, 2021
@nodejs-github-bot
Copy link
Collaborator

@jasnell
Copy link
Member

jasnell commented Mar 26, 2021

Thank you so much @hassaanp for putting this together :-) ... saved me part of my afternoon yesterday!

@millerick
Copy link

Can someone give estimates on when this will be included in the existing LTS versions?

@richardlau
Copy link
Member

Can someone give estimates on when this will be included in the existing LTS versions?

It would be helpful if someone could open a PR to update openssl (from the original openssl project and not the quic fork) for the LTS staging branches as this PR isn't applicable to those versions.

@mhdawson
Copy link
Member

@richardlau should it not just be the same PR minus the deps: upgrade openssl sources to 1.1.1k+quic commit ?

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau
Copy link
Member

@richardlau should it not just be the same PR minus the deps: upgrade openssl sources to 1.1.1k+quic commit ?

No, since for master we've switched upstream OpenSSL to https://github.com/quictls/openssl whereas the older release lines keep upstream to the official OpenSSL releases. We're not talking about quic support in Node.js here (as I understand it, that hasn't been added back yet) -- the +quic bit is denoting the openssl source is coming from the fork with additional patches for quic support in OpenSSL (for use in a subsequent Node.js patch).

@mhdawson
Copy link
Member

@richardlau in the discussion around the switch my understanding is that the https://github.com/quictls/openssl should always be exactly the same as what is in the openssl repo EXCEPT for the addition of that one extra commit. That was a key point (at least for me) as to why it would not require a bunch of extra work to support. @jasnell can you please confirm? Key thing is to understand if we'll need 2 PRs for every openSSL update (1 for master and 1 for LTS versions)

@jasnell
Copy link
Member

jasnell commented Mar 26, 2021

For the downlevel branches, the openssl update should continue to come from the main openssl/openssl release distribution as it has in the past. The quictls/openssl distribution is only for master now and possibly 16.x assuming it picks it up from master.

The quictls/openssl branch will always be exactly the same as what is in the official repo + multiple additional commits necessary to add the QUIC support. Those additional bits, however, are built by default and must be explicitly turned off, and the older Node.js release lines do not have the necessary guards to do so. Therefore, @richardlau is correct, we need separate PRS for the other release lines that are pulled from openssl/openssl

@millerick
Copy link

Therefore, @richardlau is correct, we need separate PRS for the other release lines that are pulled from openssl/openssl

Are the maintainers working on addressing this, or is the expectation that someone from the community will make those proposals?

@tniessen
Copy link
Member

The quictls/openssl distribution is only for master now and possibly 16.x assuming it picks it up from master.

@jasnell I was going to do the update for 15.x but it seems that 6d77b61 is in that line (and released as of 15.12).

@tniessen
Copy link
Member

v14.x in #37938

@tniessen
Copy link
Member

v12.x in #37939

@nodejs-github-bot
Copy link
Collaborator

@tniessen
Copy link
Member

v10.x in #37940

@nodejs-github-bot
Copy link
Collaborator

gengjiawen pushed a commit that referenced this pull request Mar 31, 2021
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1k+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences  .travis-create-release.sh
    $ cd ..
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
gengjiawen pushed a commit that referenced this pull request Mar 31, 2021
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
@gengjiawen
Copy link
Member

Landed in 30fe4ed...f638d8d

@gengjiawen gengjiawen closed this Mar 31, 2021
@gengjiawen
Copy link
Member

Thanks for the contribution :)

gengjiawen pushed a commit that referenced this pull request Mar 31, 2021
Refs: #37916

PR-URL: #37927
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Apr 4, 2021
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz
    $ mv openssl-1.1.1k openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#37938
Refs: nodejs#37913
Refs: nodejs#37916
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Apr 4, 2021
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: nodejs#37938
Refs: nodejs#37913
Refs: nodejs#37916
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz
    $ mv openssl-1.1.1k openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37939
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #37939
Refs: #37913
Refs: #37916
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1k+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences  .travis-create-release.sh
    $ cd ..
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #37916
Fixes: #37913
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
Refs: #37916

PR-URL: #37927
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
@MylesBorins MylesBorins mentioned this pull request Apr 4, 2021
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz
    $ mv openssl-1.1.1k openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #37940
Refs: #37913
Refs: #37916
Reviewed-By: Daniel Bevenius <[email protected]>
MylesBorins pushed a commit that referenced this pull request Apr 4, 2021
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #37940
Refs: #37913
Refs: #37916
Reviewed-By: Daniel Bevenius <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update to quictls/openssl 1_1_1k+quic
10 participants