Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl: new release 3.4.0 #31548

Merged
merged 2 commits into from
Oct 29, 2024
Merged

openssl: new release 3.4.0 #31548

merged 2 commits into from
Oct 29, 2024

Conversation

xnox
Copy link
Member

@xnox xnox commented Oct 22, 2024
edited
Loading

Enable jitter seed source, compiled with jitterentropy-library, using
manually fetched certified build.

Enable PIE (position independent executables).

Enable executing test-suite.

Update hardening-check to expected values, no CF protection on
libcrypto, due to jitterentroply library being linked.

Fixes: #31548

@xnox xnox marked this pull request as draft October 22, 2024 09:29
@xnox xnox force-pushed the draft-openssl-3.4 branch from 74d944b to 36aaa8c Compare October 22, 2024 12:59
@xnox xnox marked this pull request as ready for review October 22, 2024 12:59
@xnox xnox mentioned this pull request Oct 22, 2024
Closed
xnox added a commit to xnox/os that referenced this pull request Oct 22, 2024
@xnox
openss: new release 3.4.0
b37ac18 
Enable jitter seed source, compiled with jitterentropy-library, using
manually fetched certified build.

Enable PIE (position independent executables).

Enable executing test-suite.

Update hardening-check to expected values, no CF protection on
libcrypto, due to jitterentroply library being linked.

Fixes: wolfi-dev#31548
@xnox xnox force-pushed the draft-openssl-3.4 branch from 36aaa8c to b37ac18 Compare October 22, 2024 13:00
@xnox xnox changed the title openss: new release 3.4.0 openssl: new release 3.4.0 Oct 22, 2024
xnox added a commit to xnox/os that referenced this pull request Oct 22, 2024
@xnox
openssl: new release 3.4.0
1414433 
Enable jitter seed source, compiled with jitterentropy-library, using
manually fetched certified build.

Enable PIE (position independent executables).

Enable executing test-suite.

Update hardening-check to expected values, no CF protection on
libcrypto, due to jitterentroply library being linked.

Fixes: wolfi-dev#31548
@xnox xnox force-pushed the draft-openssl-3.4 branch from b37ac18 to 1414433 Compare October 22, 2024 13:07
smoser
smoser previously approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@smoser smoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks good.

luhring
luhring reviewed Oct 22, 2024
View reviewed changes
openssl.yaml Outdated Show resolved Hide resolved
xnox added a commit to xnox/os that referenced this pull request Oct 22, 2024
@xnox
openssl: new release 3.4.0
60a0ea7 
Enable jitter seed source, compiled with jitterentropy-library, using
manually fetched certified build.

Enable PIE (position independent executables).

Enable executing test-suite.

Update hardening-check to expected values, no CF protection on
libcrypto, due to jitterentroply library being linked.

Fixes: wolfi-dev#31548
@xnox xnox force-pushed the draft-openssl-3.4 branch from 161c4d4 to 60a0ea7 Compare October 22, 2024 17:25
This was referenced Oct 22, 2024
Closed
Closed
@xnox
Copy link
Member Author

xnox commented Oct 23, 2024

Failed Packages
dotnet-8 (error | 35m36s)
falco-no-driver (error | 6m39s)
fluent-bit-3.1 (error | 18s)
freerdp (error | 1m17s)
guacamole-server (error | 0s)
istio-envoy-1.23 (error | 2m0s)
libpulsar (error | 1m40s)
nodejs-16 (error | 6m28s)
nodejs-19 (error | 6m11s)
powershell (error | 0s)
pulseaudio (error | 7s)
py3-tkinter (error | 8m10s)
tcl-tls (error | 1m32s)

World test rebuild of 200+ packages is mostly good. Will spot check above if they are openssl induced or pre-existing FTBFS.

xnox added 2 commits October 29, 2024 10:57
@xnox
openssl: new release 3.4.0
3730783 
Enable jitter seed source, compiled with jitterentropy-library, using
manually fetched certified build.

Enable PIE (position independent executables).

Enable executing test-suite.

Update hardening-check to expected values, no CF protection on
libcrypto, due to jitterentroply library being linked.

Fixes: wolfi-dev#31548
@xnox
Add jitterentropy
1c21bff
@xnox xnox force-pushed the draft-openssl-3.4 branch from 718aef4 to 1c21bff Compare October 29, 2024 11:00
@xnox xnox mentioned this pull request Oct 29, 2024
Draft
@xnox
Copy link
Member Author

xnox commented Oct 29, 2024

Failed Packages dotnet-8 (error | 35m36s) falco-no-driver (error | 6m39s) fluent-bit-3.1 (error | 18s) freerdp (error | 1m17s) guacamole-server (error | 0s) istio-envoy-1.23 (error | 2m0s) libpulsar (error | 1m40s) nodejs-16 (error | 6m28s) nodejs-19 (error | 6m11s) powershell (error | 0s) pulseaudio (error | 7s) py3-tkinter (error | 8m10s) tcl-tls (error | 1m32s)

World test rebuild of 200+ packages is mostly good. Will spot check above if they are openssl induced or pre-existing FTBFS.

All of the above FTBFS are unrelated to openssl upgrade and are related to download errors/timeouts; gcc-14; python upgrades; uninstallable build dependencies; etc. I have fixed some of them, and others may need to open bug reports.

Overall this is good to merge now, and all the SBOM and build-time deps have been resolved in a better way since original request (by using forbidden repositories & keys).

smoser
smoser approved these changes Oct 29, 2024
View reviewed changes
Copy link
Member

@smoser smoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks.

luhring
luhring approved these changes Oct 29, 2024
View reviewed changes
Copy link
Member

@luhring luhring left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the effort here! This looks much better.

@xnox xnox merged commit 1416ae9 into wolfi-dev:main Oct 29, 2024
11 checks passed
@mattmoor mattmoor mentioned this pull request Oct 29, 2024
Merged
xnox pushed a commit that referenced this pull request Oct 29, 2024
@mattmoor
Backfill the pinned entropy package. (#32250)
d438411 
ref: #31548

Signed-off-by: Matt Moore <[email protected]>
@xnox xnox mentioned this pull request Oct 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luhring luhring luhring approved these changes

@smoser smoser smoser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xnox @smoser @luhring