Skip to content

Commit

Permalink
Separate FIPS version from other OpenSSL version, bump OpenSSL to 3.0…
Browse files Browse the repository at this point in the history
….15 (#285)

Bumping OpenSSL to 3.0.15. FIPS must stay on 3.0.8, so separating the
two.
  • Loading branch information
es1024 authored Oct 14, 2024
1 parent d4cf290 commit 0470ebd
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 3 deletions.
6 changes: 3 additions & 3 deletions python/build_definitions/openssl.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ class OpenSSLDependency(Dependency):
def __init__(self) -> None:
super(OpenSSLDependency, self).__init__(
name='openssl',
version='3.0.8',
version='3.0.15',
url_pattern='https://www.openssl.org/source/openssl-{0}.tar.gz',
build_group=BuildGroup.COMMON)
self.copy_sources = True
Expand All @@ -46,7 +46,7 @@ def __init__(self) -> None:
self.patches = ['openssl-fix-afalg-link-on-centos7.patch']

def build(self, builder: BuilderInterface) -> None:
common_configure_options = ['shared', 'no-tests', 'enable-fips']
common_configure_options = ['shared', 'no-tests']
install_path = os.path.join(
builder.fs_layout.tp_installed_common_dir, "lib")
if is_macos_arm64_build():
Expand All @@ -59,7 +59,7 @@ def build(self, builder: BuilderInterface) -> None:
dep=self,
configure_cmd=configure_cmd,
# https://bit.ly/openssl_install_without_manpages
install_targets=['install_sw', 'install_fips']
install_targets=['install_sw']
)

def use_cppflags_env_var(self) -> bool:
Expand Down
66 changes: 66 additions & 0 deletions python/build_definitions/openssl_fips.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#
# Copyright (c) YugaByte, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied. See the License for the specific language governing permissions and limitations
# under the License.
#

import os
from typing import List

from yugabyte_db_thirdparty.build_definition_helpers import * # noqa


def use_arm64_bash_in_script(script_path: str) -> None:
with open(script_path) as script_file:
lines = [line.rstrip() for line in script_file]

if not lines:
return
if not lines[0].startswith('#!') and lines[0].endswith('bash'):
return
lines[0] = '#!/opt/homebrew/bin/bash'
with open(script_path, 'w') as output_file:
output_file.write('\n'.join(lines) + '\n')


class OpenSSLFIPSDependency(Dependency):
def __init__(self) -> None:
super(OpenSSLFIPSDependency, self).__init__(
name='openssl_fips',
version='3.0.8',
url_pattern='https://www.openssl.org/source/openssl-{0}.tar.gz',
build_group=BuildGroup.COMMON)
self.copy_sources = True
# Patch fixes the following error on kernel versions < 4.1.0:
# ld.lld: error: version script assignment of 'global' to symbol 'bind_engine' failed:
# symbol not defined
# ld.lld: error: version script assignment of 'global' to symbol 'v_check' failed:
# symbol not defined
self.patches = ['openssl-fix-afalg-link-on-centos7.patch']

def build(self, builder: BuilderInterface) -> None:
common_configure_options = ['shared', 'no-tests', 'enable-fips']
install_path = os.path.join(
builder.fs_layout.tp_installed_common_dir, "lib")
if is_macos_arm64_build():
use_arm64_bash_in_script('config')
configure_cmd = ['./config'] + common_configure_options
if not is_macos():
configure_cmd += ['-Wl,-rpath=' + install_path]

builder.build_with_configure(
dep=self,
configure_cmd=configure_cmd,
install_targets=['install_fips']
)

def use_cppflags_env_var(self) -> bool:
return True
1 change: 1 addition & 0 deletions python/yugabyte_db_thirdparty/dependency_selection.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

'lz4',
'openssl',
'openssl_fips',
'libev',
'rapidjson',
'squeasel',
Expand Down
2 changes: 2 additions & 0 deletions thirdparty_src_checksums.txt
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,8 @@ c48450d27524c2e5856997133e059e3cf9909241110a6e21ad278890ac425afc lz4-r130.tar.g
8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b openssl-1.1.1t.tar.gz
cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8 openssl-1.1.1w.tar.gz
6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e openssl-3.0.8.tar.gz
6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e openssl_fips-3.0.8.tar.gz
23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533 openssl-3.0.15.tar.gz
f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6 openssl-3.1.3.tar.gz
0fdbefbdc2c154634728097e26de52a8210ed95cb032beb5f35da0a493cd5066 opentelemetry-cpp-1.9.0.tar.gz
464bc2b348e674a1a03142e403cbccb01be8655b6de0f8bfe733ea31fcd421be opentelemetry-proto-0.19.0.tar.gz
Expand Down

0 comments on commit 0470ebd

Please sign in to comment.