Re: [PATCH] CI: switch monthly Fedora Rawhide build to OpenSSL

Mon, 19 Jan 2026 02:18:36 -0800 

" The patch also contains a workaround to re-enable legacy algorithms which
are still tested on the CI."

that's pretty valid use case, user can still (try) to enable some so called
legacy algorithm without knowing it became legacy.
I think we should somehow improve error handling to let him know what went
wrong.

пн, 19 янв. 2026 г. в 11:00, William Lallemand <[email protected]>:

> Merged, I reword the commit message to give more context.
>
> Thanks,
>
>
> On Sat, Jan 17, 2026 at 09:00:47PM +0100, Ilia Shipitsin wrote:
> > Subject: [PATCH] CI: switch monthly Fedora Rawhide build to OpenSSL
> > we already run QuicTLS builds on push, also QuicTLS is not being
> > actively developed compared to OpenSSL, likely we could catch some
> > regression on OpenSSL, let's switch to it
> > ---
> >  .github/workflows/fedora-rawhide.yml | 25 +++++++++++++++----------
> >  1 file changed, 15 insertions(+), 10 deletions(-)
> >
> > diff --git a/.github/workflows/fedora-rawhide.yml
> b/.github/workflows/fedora-rawhide.yml
> > index c01c8c59f..691ae453b 100644
> > --- a/.github/workflows/fedora-rawhide.yml
> > +++ b/.github/workflows/fedora-rawhide.yml
> > @@ -1,4 +1,4 @@
> > -name: Fedora/Rawhide/QuicTLS
> > +name: Fedora/Rawhide/OpenSSL
> >
> >  on:
> >    schedule:
> > @@ -13,10 +13,10 @@ jobs:
> >      strategy:
> >        matrix:
> >          platform: [
> > -          { name: x64, cc: gcc,   QUICTLS_EXTRA_ARGS: "",
> ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> > -          { name: x64, cc: clang, QUICTLS_EXTRA_ARGS: "",
> ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> > -          { name: x86, cc: gcc,   QUICTLS_EXTRA_ARGS: "-m32
> linux-generic32", ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS: "-m32" },
> > -          { name: x86, cc: clang, QUICTLS_EXTRA_ARGS: "-m32
> linux-generic32", ADDLIB_ATOMIC: "-latomic", ARCH_FLAGS: "-m32" }
> > +          { name: x64, cc: gcc,   ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> > +          { name: x64, cc: clang, ADDLIB_ATOMIC: "", ARCH_FLAGS: "" },
> > +          { name: x86, cc: gcc,   ADDLIB_ATOMIC: "-latomic",
> ARCH_FLAGS: "-m32" },
> > +          { name: x86, cc: clang, ADDLIB_ATOMIC: "-latomic",
> ARCH_FLAGS: "-m32" }
> >          ]
> >        fail-fast: false
> >      name: ${{ matrix.platform.cc }}.${{ matrix.platform.name }}
> > @@ -28,11 +28,9 @@ jobs:
> >      - uses: actions/checkout@v5
> >      - name: Install dependencies
> >        run: |
> > -        dnf -y install awk diffutils git pcre-devel zlib-devel
> pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)'
> 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang
> > -        dnf -y install 'perl(FindBin)' 'perl(File::Compare)'
> perl-IPC-Cmd 'perl(File::Copy)' glibc-devel.i686 lua-devel.i686
> lua-devel.x86_64 systemd-devel.i686 zlib-ng-compat-devel.i686
> pcre-devel.i686 libatomic.i686
> > +        dnf -y install awk diffutils git pcre-devel zlib-devel
> pcre2-devel 'perl(FindBin)' perl-IPC-Cmd 'perl(File::Copy)'
> 'perl(File::Compare)' lua-devel socat findutils systemd-devel clang
> openssl-devel.x86_64
> > +        dnf -y install 'perl(FindBin)' 'perl(File::Compare)'
> perl-IPC-Cmd 'perl(File::Copy)' glibc-devel.i686 lua-devel.i686
> lua-devel.x86_64 systemd-devel.i686 zlib-ng-compat-devel.i686
> pcre-devel.i686 libatomic.i686 openssl-devel.i686
> >      - uses: ./.github/actions/setup-vtest
> > -    - name: Install QuicTLS
> > -      run: QUICTLS=yes QUICTLS_EXTRA_ARGS="${{
> matrix.platform.QUICTLS_EXTRA_ARGS }}" scripts/build-ssl.sh
> >      - name: Build contrib tools
> >        run: |
> >          make admin/halog/halog
> > @@ -41,7 +39,7 @@ jobs:
> >          make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht
> >      - name: Compile HAProxy with ${{ matrix.platform.cc }}
> >        run: |
> > -        make -j3 CC=${{ matrix.platform.cc }} V=1 ERR=1
> TARGET=linux-glibc DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT"
> USE_OPENSSL=1 USE_QUIC=1 USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1
> ADDLIB="${{ matrix.platform.ADDLIB_ATOMIC }} -Wl,-rpath,${HOME}/opt/lib"
> SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include ARCH_FLAGS="${{
> matrix.platform.ARCH_FLAGS }}"
> > +        make -j3 CC=${{ matrix.platform.cc }} V=1 ERR=1
> TARGET=linux-glibc DEBUG="-DDEBUG_POOL_INTEGRITY -DDEBUG_UNIT" USE_PROMEX=1
> USE_OPENSSL=1 USE_QUIC=1 USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1
> ADDLIB="${{ matrix.platform.ADDLIB_ATOMIC }}" ARCH_FLAGS="${{
> matrix.platform.ARCH_FLAGS }}"
> >          make install
> >      - name: Show HAProxy version
> >        id: show-version
> > @@ -51,6 +49,13 @@ jobs:
> >          echo "::endgroup::"
> >          haproxy -vv
> >          echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >>
> $GITHUB_OUTPUT
> > +#
> > +# TODO: review this workaround later
> > +    - name: relax crypto policies
> > +      run: |
> > +        dnf -y install crypto-policies-scripts
> > +        echo LEGACY > /etc/crypto-policies/config
> > +        update-crypto-policies
> >      - name: Run VTest for HAProxy ${{
> steps.show-version.outputs.version }}
> >        id: vtest
> >        run: |
> > --
> > 2.46.0.windows.1
> >
> >
> >
>
> --
> William Lallemand
>

Reply via email to