Skip to content

Commit

Permalink
reduce further and document better support level of single integratio…
Browse files Browse the repository at this point in the history 
…ns (#275)

* reduce further and document better support level of single integrations

Signed-off-by: Michael Baentsch <[email protected]>

* resolving README discussions [skip ci]

Signed-off-by: Michael Baentsch <[email protected]>

---------

Signed-off-by: Michael Baentsch <[email protected]>
  • Loading branch information
@baentsch
baentsch authored Jun 26, 2024
1 parent 60ccb70 commit cbff4b7
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 40 deletions.
30 changes: 20 additions & 10 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ jobs:
docker tag oqs-nginx-img $TARGETNAME/nginx:latest &&
docker push $TARGETNAME/nginx:latest
# Not actively maintained:
ubuntu_x64_openlitespeed:
description: Building and pushing OQS-openlitespeed demo Docker images
docker:
Expand Down Expand Up @@ -143,6 +144,7 @@ jobs:
docker tag oqs-openlitespeed $TARGETNAME/openlitespeed:latest &&
docker push $TARGETNAME/openlitespeed:latest
# Not actively maintained:
ubuntu_x64_quic:
description: Building and pushing OQS-QUIC-nginx and OQS-msquic demo Docker images
docker:
Expand Down Expand Up @@ -246,6 +248,7 @@ jobs:
docker tag oqs-httpd-img $TARGETNAME/httpd:latest &&
docker push $TARGETNAME/httpd:latest
# Not actively maintained:
ubuntu_x64_haproxy:
description: Building OQS-based HAproxy docker image
docker:
Expand Down Expand Up @@ -284,6 +287,7 @@ jobs:
docker tag oqs-haproxy-img $TARGETNAME/haproxy:latest &&
docker push $TARGETNAME/haproxy:latest
# Not actively maintained:
ubuntu_x64_openvpn:
description: Building OQS-based OpenVPN docker image
docker:
Expand Down Expand Up @@ -321,6 +325,7 @@ jobs:
docker tag oqs-openvpn $TARGETNAME/openvpn:latest &&
docker push $TARGETNAME/openvpn:latest
# Not actively maintained:
ubuntu_x64_mosquitto:
description: Building OQS-based Mosquitto docker image
docker:
Expand Down Expand Up @@ -363,6 +368,7 @@ jobs:
docker tag oqs-mosquitto $TARGETNAME/mosquitto:latest &&
docker push $TARGETNAME/mosquitto:latest
# Not actively maintained:
ubuntu_x64_wireshark:
description: Building OQS-based wireshark docker image
docker:
Expand Down Expand Up @@ -393,6 +399,7 @@ jobs:
command: |
docker push $TARGETNAME/wireshark
# Not actively maintained:
ubuntu_x64_ngtcp2:
description: Building OQS-based ngtcp2 docker image
docker:
Expand Down Expand Up @@ -439,6 +446,7 @@ jobs:
docker push $TARGETNAME/ngtcp2-server:latest &&
docker push $TARGETNAME/ngtcp2-client:latest
# Not actively maintained:
ubuntu_x64_openssh:
description: A template for building and pushing OQS demo Docker images on
Ubuntu that do not use OQS-OpenSSL, but rather liboqs in another form
Expand Down Expand Up @@ -471,6 +479,7 @@ jobs:
docker tag oqs-openssh-img $TARGETNAME/openssh:latest &&
docker push $TARGETNAME/openssh:latest
# Not actively maintained:
ubuntu_x64_envoy:
description: Building and pushing OQS-enabled envoy
docker:
Expand Down Expand Up @@ -525,6 +534,7 @@ jobs:
docker tag envoy-oqs $TARGETNAME/envoy:latest &&
docker push $TARGETNAME/envoy:latest
# Not actively maintained:
ubuntu_x64_h2load:
description: Building and pushing OQS-h2load demo Docker images
docker:
Expand Down Expand Up @@ -576,22 +586,22 @@ workflows:
context: openquantumsafe
#- ubuntu_x64_haproxy:
# context: openquantumsafe
- ubuntu_x64_openvpn:
context: openquantumsafe
#- ubuntu_x64_openvpn:
# context: openquantumsafe
#- ubuntu_x64_mosquitto:
# context: openquantumsafe
- ubuntu_x64_ngtcp2:
context: openquantumsafe
- ubuntu_x64_openssh:
context: openquantumsafe
#- ubuntu_x64_ngtcp2:
# context: openquantumsafe
#- ubuntu_x64_openssh:
# context: openquantumsafe
# Disabled in CI as failing to conclude test properly as per
# https://github.com/open-quantum-safe/oqs-demos/pull/167#issuecomment-1383673300
# - ubuntu_x64_openlitespeed:
# context: openquantumsafe
- ubuntu_x64_wireshark:
context: openquantumsafe
#- ubuntu_x64_wireshark:
# context: openquantumsafe
# Disable as it takes too long on OQS CCI plan
#- ubuntu_x64_envoy:
# context: openquantumsafe
- ubuntu_x64_h2load:
context: openquantumsafe
#- ubuntu_x64_h2load:
# context: openquantumsafe
58 changes: 28 additions & 30 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,31 +10,32 @@ A repository of instructions (with associated patches and scripts) to enable, th

In most cases, Dockerfiles encode the instructions for ease-of-use: Just do `docker build -t <package_name> .`. For more detailed usage instructions (parameters, algorithms, etc.) refer to the README for each package. Pre-built Docker images may also be available.

Currently supported packages:

| | **Build instructions** | **Pre-built Docker image or binary files** |
| ---------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl) |
| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) |
| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx) |
| **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - |
| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) |
| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) |
| **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) |
| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) |
| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) |
| **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) |
| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) |

<!---
| **QUIC** | [Github: oqs-demos/quic](quic) | Dockerhub: [Server: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic), [Client: openquantumsafe/msquic](https://hub.docker.com/repository/docker/openquantumsafe/msquic-reach) |
| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) |
| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) |
| **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) |
| **Unbound** | [Github: oqs-demos/unbound](unbound) | [ Dockerhub: openquantumsafe/unbound](https://hub.docker.com/repository/docker/openquantumsafe/unbound) |
-->

You can use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.5.2` and `liboqs v0.9.0`). Chromium and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl) are no longer maintained to the same set of algorithms, so are not to be expected to (inter)operate fully with the test server.
As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "unsupported". If that tag is listed, no CI and github support for the integration is available and the code shall be seen as a snapshot that once worked only.

We are explicitly soliciting contributors to maintain those integrations labelled "unsupported".

Currently available integrations at their respective support level:

| | **Build instructions** | **Pre-built Docker image or binary files** | Support? |
| ---------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -------- |
| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl) | @baentsch
| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | @baentsch
| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx) | @baentsch, @bhess
| **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - | @pi-314159 |
| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | unsupported
| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | unsupported
| **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | unsupported
| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | unsupported
| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | unsupported
| **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) | unsupported
| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | unsupported
| **QUIC** | [Github: oqs-demos/quic](quic) | Dockerhub: [Server: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic), [Client: openquantumsafe/msquic](https://hub.docker.com/repository/docker/openquantumsafe/msquic-reach) | unsupported
| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | unsupported
| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | unsupported
| **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) | unsupported
| **Unbound** | [Github: oqs-demos/unbound](unbound) | [ Dockerhub: openquantumsafe/unbound](https://hub.docker.com/repository/docker/openquantumsafe/unbound) | unsupported

It should be possible to use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.6.0` and `liboqs v0.10.0`) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Also Chromium and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl) are no longer maintained to the same set of algorithms, so are not to be expected to (inter)operate fully with the test server.

## Contributing

Expand All @@ -46,8 +47,6 @@ All modifications to this repository are released under the same terms as [liboq

## Team

The Open Quantum Safe project is led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/)at the University of Waterloo.

## Contributors to oqs-demos include:

Christian Paquin (Microsoft Research)
Expand All @@ -66,8 +65,7 @@ The Open Quantum Safe project is led by [Douglas Stebila](https://www.douglas.st

## Acknowledgments

Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian Centre for Cyber Security.
Most effort in this project has been provided by individual contributors working in their own time and out of personal interest to see how PQ crypto integrates into existing software stacks.

We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, evolutionQ, Microsoft Research, Cisco Systems, IBM Research and Fachhochschule Nordwestschweiz.
This project is part of [Open Quantum Safe](https://openquantumsafe.org/news/).

Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see here and here for funding acknowledgments.

0 comments on commit cbff4b7

Please sign in to comment.