чт, 23 нояб. 2023 г. в 22:18, William Lallemand <wlallem...@haproxy.com>:
> Hi Ilya,
>
> On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote:
> > for development branches let's use "latest" and fixed for stable
> >
> > LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
> > switch back to the latest LibreSSL available
>
>
> I think you made a mistake, doesn't seem related to libreSSL at all.
>
> > ---
> > .github/matrix.py | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/.github/matrix.py b/.github/matrix.py
> > index b5a971c5a..2d1831a4d 100755
> > --- a/.github/matrix.py
> > +++ b/.github/matrix.py
> > @@ -195,7 +195,6 @@ def main(ref_name):
> > "OPENSSL_VERSION=1.1.1s",
> > "QUICTLS=yes",
> > "WOLFSSL_VERSION=5.6.4",
> > - "AWS_LC_VERSION=1.16.0",
> > # "BORINGSSL=yes",
> > ]
> >
> > @@ -203,6 +202,11 @@ def main(ref_name):
> > ssl_versions = ssl_versions + [
> > "OPENSSL_VERSION=latest",
> > "LIBRESSL_VERSION=latest",
> > + "AWS_LC_VERSION=latest",
> > + ]
> > + else: # stable branch
> > + ssl_versions = ssl_versions + [
> > + "AWS_LC_VERSION=1.17.3",
> > ]
> >
> > for ssl in ssl_versions:
> > @@ -213,6 +217,8 @@ def main(ref_name):
> > flags.append("USE_OPENSSL_WOLFSSL=1")
> > if "AWS_LC" in ssl:
> > flags.append("USE_OPENSSL_AWSLC=1")
> > + if "latest" in ssl:
> > + ssl = determine_latest_aws_lc(ssl)
> > if ssl != "stock":
> > flags.append("SSL_LIB=${HOME}/opt/lib")
> > flags.append("SSL_INC=${HOME}/opt/include")
>
>
> Well, the idea was to build the "latest" aws-lc outside the push CI, so
> we are already doing this here:
>
> http://github.com/haproxy/haproxy/blob/master/.github/workflows/aws-lc.yml
>
> I'm not really confortable with having everything in "latest" in the
> master in fact, we already have the "openssl-3.2.0-*"
> builds for a while without even testing 3.1 anymore, and I didn't
> noticed.
>
in theory we can do like that.
we can pin openssl=3.2.0beta1 and we can dynamically check during a build
whether it still resolves to the latest.
if not, we fail a build
>
> That's a problem, maybe we should put the "latest" builds in a daily
> build so it can evolve on its own without impacting the dev.
>
> Having a library which change its version between 2 pushes can be quite
> confusing, even more if the library broke something, usually you want to
> test your code when you push in master, not the libraries!
>
> For example we could have had build breakage when switching
> automatically to 3.2-alpha them 3.2-beta etc.
>
> But since we didn't had any problem for now, maybe we could just try it,
> it can be reverted easily anyway...
>
> --
> William Lallemand
>
