Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

2023-11-23 Thread Илья Шипицин 
чт, 23 нояб. 2023 г. в 22:18, William Lallemand :

> Hi Ilya,
>
> On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote:
> > for development branches let's use "latest" and fixed for stable
> >
> > LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
> > switch back to the latest LibreSSL available
>
>
> I think you made a mistake, doesn't seem related to libreSSL at all.
>
> > ---
> >  .github/matrix.py | 8 +++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/.github/matrix.py b/.github/matrix.py
> > index b5a971c5a..2d1831a4d 100755
> > --- a/.github/matrix.py
> > +++ b/.github/matrix.py
> > @@ -195,7 +195,6 @@ def main(ref_name):
> >  "OPENSSL_VERSION=1.1.1s",
> >  "QUICTLS=yes",
> >  "WOLFSSL_VERSION=5.6.4",
> > -"AWS_LC_VERSION=1.16.0",
> >  # "BORINGSSL=yes",
> >  ]
> >
> > @@ -203,6 +202,11 @@ def main(ref_name):
> >  ssl_versions = ssl_versions + [
> >  "OPENSSL_VERSION=latest",
> >  "LIBRESSL_VERSION=latest",
> > +"AWS_LC_VERSION=latest",
> > +]
> > +else: # stable branch
> > +ssl_versions = ssl_versions + [
> > +"AWS_LC_VERSION=1.17.3",
> >  ]
> >
> >  for ssl in ssl_versions:
> > @@ -213,6 +217,8 @@ def main(ref_name):
> >  flags.append("USE_OPENSSL_WOLFSSL=1")
> >  if "AWS_LC" in ssl:
> >  flags.append("USE_OPENSSL_AWSLC=1")
> > +if "latest" in ssl:
> > +ssl = determine_latest_aws_lc(ssl)
> >  if ssl != "stock":
> >  flags.append("SSL_LIB=${HOME}/opt/lib")
> >  flags.append("SSL_INC=${HOME}/opt/include")
>
>
> Well, the idea was to build the "latest" aws-lc outside the push CI, so
> we are already doing this here:
>
> http://github.com/haproxy/haproxy/blob/master/.github/workflows/aws-lc.yml
>
> I'm not really confortable with having everything in "latest" in the
> master in fact, we already have the "openssl-3.2.0-*"
> builds for a while without even testing 3.1 anymore, and I didn't
> noticed.
>


in theory we can do like that.

we can pin openssl=3.2.0beta1 and we can dynamically check during a build
whether it still resolves to the latest.
if not, we fail a build


>
> That's a problem, maybe we should put the "latest" builds in a daily
> build so it can evolve on its own without impacting the dev.
>
> Having a library which change its version between 2 pushes can be quite
> confusing, even more if the library broke something, usually you want to
> test your code when you push in master, not the libraries!
>
> For example we could have had build breakage when switching
> automatically to 3.2-alpha them 3.2-beta etc.
>
> But since we didn't had any problem for now, maybe we could just try it,
> it can be reverted easily anyway...
>
> --
> William Lallemand
>

Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

2023-11-23 Thread Илья Шипицин 
чт, 23 нояб. 2023 г. в 22:18, William Lallemand :

> Hi Ilya,
>
> On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote:
> > for development branches let's use "latest" and fixed for stable
> >
> > LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
> > switch back to the latest LibreSSL available
>
>
> I think you made a mistake, doesn't seem related to libreSSL at all.
>

it's a copy paste error, sorry


>
> > ---
> >  .github/matrix.py | 8 +++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/.github/matrix.py b/.github/matrix.py
> > index b5a971c5a..2d1831a4d 100755
> > --- a/.github/matrix.py
> > +++ b/.github/matrix.py
> > @@ -195,7 +195,6 @@ def main(ref_name):
> >  "OPENSSL_VERSION=1.1.1s",
> >  "QUICTLS=yes",
> >  "WOLFSSL_VERSION=5.6.4",
> > -"AWS_LC_VERSION=1.16.0",
> >  # "BORINGSSL=yes",
> >  ]
> >
> > @@ -203,6 +202,11 @@ def main(ref_name):
> >  ssl_versions = ssl_versions + [
> >  "OPENSSL_VERSION=latest",
> >  "LIBRESSL_VERSION=latest",
> > +"AWS_LC_VERSION=latest",
> > +]
> > +else: # stable branch
> > +ssl_versions = ssl_versions + [
> > +"AWS_LC_VERSION=1.17.3",
> >  ]
> >
> >  for ssl in ssl_versions:
> > @@ -213,6 +217,8 @@ def main(ref_name):
> >  flags.append("USE_OPENSSL_WOLFSSL=1")
> >  if "AWS_LC" in ssl:
> >  flags.append("USE_OPENSSL_AWSLC=1")
> > +if "latest" in ssl:
> > +ssl = determine_latest_aws_lc(ssl)
> >  if ssl != "stock":
> >  flags.append("SSL_LIB=${HOME}/opt/lib")
> >  flags.append("SSL_INC=${HOME}/opt/include")
>
>
> Well, the idea was to build the "latest" aws-lc outside the push CI, so
> we are already doing this here:
>
> http://github.com/haproxy/haproxy/blob/master/.github/workflows/aws-lc.yml
>
> I'm not really confortable with having everything in "latest" in the
> master in fact, we already have the "openssl-3.2.0-*"
> builds for a while without even testing 3.1 anymore, and I didn't
> noticed.
>
> That's a problem, maybe we should put the "latest" builds in a daily
> build so it can evolve on its own without impacting the dev.
>
> Having a library which change its version between 2 pushes can be quite
> confusing, even more if the library broke something, usually you want to
> test your code when you push in master, not the libraries!
>
> For example we could have had build breakage when switching
> automatically to 3.2-alpha them 3.2-beta etc.
>
> But since we didn't had any problem for now, maybe we could just try it,
> it can be reverted easily anyway...
>

accidental breakage is not a big issue. you can always get back to fixed
version if you want to.

we definitely should try. if we'll find better way later, we'll switch to it


>
> --
> William Lallemand
>

Re: [PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

2023-11-23 Thread William Lallemand 
Hi Ilya,

On Thu, Nov 23, 2023 at 06:57:52PM +0100, Ilya Shipitsin wrote:
> for development branches let's use "latest" and fixed for stable
> 
> LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
> switch back to the latest LibreSSL available


I think you made a mistake, doesn't seem related to libreSSL at all.

> ---
>  .github/matrix.py | 8 +++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/.github/matrix.py b/.github/matrix.py
> index b5a971c5a..2d1831a4d 100755
> --- a/.github/matrix.py
> +++ b/.github/matrix.py
> @@ -195,7 +195,6 @@ def main(ref_name):
>  "OPENSSL_VERSION=1.1.1s",
>  "QUICTLS=yes",
>  "WOLFSSL_VERSION=5.6.4",
> -"AWS_LC_VERSION=1.16.0",
>  # "BORINGSSL=yes",
>  ]
>  
> @@ -203,6 +202,11 @@ def main(ref_name):
>  ssl_versions = ssl_versions + [
>  "OPENSSL_VERSION=latest",
>  "LIBRESSL_VERSION=latest",
> +"AWS_LC_VERSION=latest",
> +]
> +else: # stable branch
> +ssl_versions = ssl_versions + [
> +"AWS_LC_VERSION=1.17.3",
>  ]
>  
>  for ssl in ssl_versions:
> @@ -213,6 +217,8 @@ def main(ref_name):
>  flags.append("USE_OPENSSL_WOLFSSL=1")
>  if "AWS_LC" in ssl:
>  flags.append("USE_OPENSSL_AWSLC=1")
> +if "latest" in ssl:
> +ssl = determine_latest_aws_lc(ssl)
>  if ssl != "stock":
>  flags.append("SSL_LIB=${HOME}/opt/lib")
>  flags.append("SSL_INC=${HOME}/opt/include")


Well, the idea was to build the "latest" aws-lc outside the push CI, so
we are already doing this here:

http://github.com/haproxy/haproxy/blob/master/.github/workflows/aws-lc.yml

I'm not really confortable with having everything in "latest" in the
master in fact, we already have the "openssl-3.2.0-*"
builds for a while without even testing 3.1 anymore, and I didn't
noticed.

That's a problem, maybe we should put the "latest" builds in a daily
build so it can evolve on its own without impacting the dev.

Having a library which change its version between 2 pushes can be quite
confusing, even more if the library broke something, usually you want to
test your code when you push in master, not the libraries!

For example we could have had build breakage when switching
automatically to 3.2-alpha them 3.2-beta etc.

But since we didn't had any problem for now, maybe we could just try it,
it can be reverted easily anyway...

-- 
William Lallemand

[PATCH 1/1] CI: switch aws-lc builds to "latest" semantic

2023-11-23 Thread Ilya Shipitsin 
for development branches let's use "latest" and fixed for stable

LibreSSL-3.6.0 had some regression, it was fixed in 3.6.1, let us
switch back to the latest LibreSSL available
---
 .github/matrix.py | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/matrix.py b/.github/matrix.py
index b5a971c5a..2d1831a4d 100755
--- a/.github/matrix.py
+++ b/.github/matrix.py
@@ -195,7 +195,6 @@ def main(ref_name):
 "OPENSSL_VERSION=1.1.1s",
 "QUICTLS=yes",
 "WOLFSSL_VERSION=5.6.4",
-"AWS_LC_VERSION=1.16.0",
 # "BORINGSSL=yes",
 ]
 
@@ -203,6 +202,11 @@ def main(ref_name):
 ssl_versions = ssl_versions + [
 "OPENSSL_VERSION=latest",
 "LIBRESSL_VERSION=latest",
+"AWS_LC_VERSION=latest",
+]
+else: # stable branch
+ssl_versions = ssl_versions + [
+"AWS_LC_VERSION=1.17.3",
 ]
 
 for ssl in ssl_versions:
@@ -213,6 +217,8 @@ def main(ref_name):
 flags.append("USE_OPENSSL_WOLFSSL=1")
 if "AWS_LC" in ssl:
 flags.append("USE_OPENSSL_AWSLC=1")
+if "latest" in ssl:
+ssl = determine_latest_aws_lc(ssl)
 if ssl != "stock":
 flags.append("SSL_LIB=${HOME}/opt/lib")
 flags.append("SSL_INC=${HOME}/opt/include")
-- 
2.42.0