Merged, I reword the commit message to give more context.
Thanks,
On Sat, Jan 17, 2026 at 09:00:47PM +0100, Ilia Shipitsin wrote:
> Subject: [PATCH] CI: switch monthly Fedora Rawhide build to OpenSSL
> we already run QuicTLS builds on push, also QuicTLS is not being
> actively developed compared to OpenSSL, likely we could catch some
> regression on OpenSSL, let's switch to it
> ---
> .github/workflows/fedora-rawhide.yml | 25 +++++++++++++++----------
> 1 file changed, 15 insertions(+), 10 deletions(-)
>
> diff --git a/.github/workflows/fedora-rawhide.yml
> b/.github/workflows/fedora-rawhide.yml
> index c01c8c59f..691ae453b 100644
> --- a/.github/workflows/fedora-rawhide.yml
> +++ b/.github/workflows/fedora-rawhide.yml
> @@ -1,4 +1,4 @@
> -name: Fedora/Rawhide/QuicTLS
> +name: Fedora/Rawhide/OpenSSL
>
> on:
> schedule:
> @@ -13,10 +13,10 @@ jobs:
> strategy:
> matrix:
> platform: [
> - { name: x64, cc: gcc, QUICTLS_EXTRA_ARGS: "", ADDLIB_ATOMIC: "",
> ARCH_FLAGS: "" },
> - { name: x64, cc: clang, QUICTLS_EXTRA_ARGS: "", ADDLIB_ATOMIC: "",
> ARCH_FLAGS: "" },
> - { name: x86, cc: gcc, QUICTLS_EXTRA_ARGS: "-m32
> linux-generic32", ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS: "-m32" },
> - { name: x86, cc: clang, QUICTLS_EXTRA_ARGS: "-m32
> linux-generic32", ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS: "-m32" }
> + { name: x64, cc: gcc, ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> + { name: x64, cc: clang, ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> + { name: x86, cc: gcc, ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS:
> "-m32" },
> + { name: x86, cc: clang, ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS:
> "-m32" }
> ]
> fail-fast: false
> name: ${{ matrix.platform.cc }}.${{ matrix.platform.name }}
> @@ -28,11 +28,9 @@ jobs:
> - uses: actions/checkout@v5
> - name: Install dependencies
> run: |
> - dnf -y install awk diffutils git pcre-devel zlib-devel pcre2-devel
> 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)'
> lua-devel socat findutils systemd-devel clang
> - dnf -y install 'perl(FindBin)' 'perl(File::Compare)' perl-IPC-Cmd
> 'perl(File::Copy)' glibc-devel.i686 lua-devel.i686 lua-devel.x86_64
> systemd-devel.i686 zlib-ng-compat-devel.i686 pcre-devel.i686 libatomic.i686
> + dnf -y install awk diffutils git pcre-devel zlib-devel pcre2-devel
> 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)' 'perl(File::Compare)'
> lua-devel socat findutils systemd-devel clang openssl-devel.x86_64
> + dnf -y install 'perl(FindBin)' 'perl(File::Compare)' perl-IPC-Cmd
> 'perl(File::Copy)' glibc-devel.i686 lua-devel.i686 lua-devel.x86_64
> systemd-devel.i686 zlib-ng-compat-devel.i686 pcre-devel.i686 libatomic.i686
> openssl-devel.i686
> - uses: ./.github/actions/setup-vtest
> - - name: Install QuicTLS
> - run: QUICTLS=yes QUICTLS_EXTRA_ARGS="${{
> matrix.platform.QUICTLS_EXTRA_ARGS }}" scripts/build-ssl.sh
> - name: Build contrib tools
> run: |
> make admin/halog/halog
> @@ -41,7 +39,7 @@ jobs:
> make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht
> - name: Compile HAProxy with ${{ matrix.platform.cc }}
> run: |
> - make -j3 CC=${{ matrix.platform.cc }} V=1 ERR=1 TARGET=linux-glibc
> DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" USE_OPENSSL=1 USE_QUIC=1
> USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 ADDLIB="${{
> matrix.platform.ADDLIB_ATOMIC }} -Wl,-rpath,${HOME}/opt/lib"
> SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include ARCH_FLAGS="${{
> matrix.platform.ARCH_FLAGS }}"
> + make -j3 CC=${{ matrix.platform.cc }} V=1 ERR=1 TARGET=linux-glibc
> DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" USE_PROMEX=1 USE_OPENSSL=1
> USE_QUIC=1 USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 ADDLIB="${{
> matrix.platform.ADDLIB_ATOMIC }}" ARCH_FLAGS="${{ matrix.platform.ARCH_FLAGS
> }}"
> make install
> - name: Show HAProxy version
> id: show-version
> @@ -51,6 +49,13 @@ jobs:
> echo "::endgroup::"
> haproxy -vv
> echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT
> +#
> +# TODO: review this workaround later
> + - name: relax crypto policies
> + run: |
> + dnf -y install crypto-policies-scripts
> + echo LEGACY > /etc/crypto-policies/config
> + update-crypto-policies
> - name: Run VTest for HAProxy ${{ steps.show-version.outputs.version }}
> id: vtest
> run: |
> --
> 2.46.0.windows.1
>
>
>
--
William Lallemand
