Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread Илья Шипицин 
пн, 7 июн. 2021 г. в 18:50, William Lallemand :

> On Mon, Jun 07, 2021 at 02:17:24PM +0200, William Lallemand wrote:
> >
> > On Mon, Jun 07, 2021 at 02:09:33PM +0200, Tim Düsterhus wrote:
> > >
> > > William,
> > >
> > > On 6/7/21 1:30 PM, William Lallemand wrote:
> > > > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> > > >> sorry, I do not have much spare time to implement that in short time
> > > >> perspective.
> > > >> I think of 2-3 month timeframe.
> > > >>
> > > >
> > > > Isn't it possible to pass a make argument for one specific CI job?
> > > >
> > > > This way we could just do something like:
> > > >
> > > >make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"
> > > >
> > >
> > > Yes, this would be possible. It's already done to enable QUIC for
> BoringSSL:
> > >
> > >
> https://github.com/haproxy/haproxy/blob/a9334df5a9bee2bf17b22f965b08df8d47f2f63e/.github/matrix.py#L116-L117
> > >
> > > It would need an extra case for OpenSSL 3. You can test whether it
> works
> > > locally using:
> > >
> > > $ python3 .github/matrix.py push
> > >
> > > Best regards
> > > Tim Düsterhus
> >
> > Looks easy enough, I'll try that, thanks.
> >
>
> It worked:
>
> https://github.com/haproxy/haproxy/runs/2764512334
>
> Thanks,
>
>



> --
> William Lallemand
>

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand 
On Mon, Jun 07, 2021 at 02:17:24PM +0200, William Lallemand wrote:
>
> On Mon, Jun 07, 2021 at 02:09:33PM +0200, Tim Düsterhus wrote:
> >
> > William,
> > 
> > On 6/7/21 1:30 PM, William Lallemand wrote:
> > > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> > >> sorry, I do not have much spare time to implement that in short time
> > >> perspective.
> > >> I think of 2-3 month timeframe.
> > >>
> > > 
> > > Isn't it possible to pass a make argument for one specific CI job?
> > > 
> > > This way we could just do something like:
> > > 
> > >make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"
> > > 
> > 
> > Yes, this would be possible. It's already done to enable QUIC for BoringSSL:
> > 
> > https://github.com/haproxy/haproxy/blob/a9334df5a9bee2bf17b22f965b08df8d47f2f63e/.github/matrix.py#L116-L117
> > 
> > It would need an extra case for OpenSSL 3. You can test whether it works 
> > locally using:
> > 
> > $ python3 .github/matrix.py push
> > 
> > Best regards
> > Tim Düsterhus
> 
> Looks easy enough, I'll try that, thanks.
> 

It worked:

https://github.com/haproxy/haproxy/runs/2764512334

Thanks,

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand 
On Mon, Jun 07, 2021 at 02:09:33PM +0200, Tim Düsterhus wrote:
> Subject: Re: [PATCH] CI: enable openssl-3.0.0 builds
>
> William,
> 
> On 6/7/21 1:30 PM, William Lallemand wrote:
> > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> >> sorry, I do not have much spare time to implement that in short time
> >> perspective.
> >> I think of 2-3 month timeframe.
> >>
> > 
> > Isn't it possible to pass a make argument for one specific CI job?
> > 
> > This way we could just do something like:
> > 
> >make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"
> > 
> 
> Yes, this would be possible. It's already done to enable QUIC for BoringSSL:
> 
> https://github.com/haproxy/haproxy/blob/a9334df5a9bee2bf17b22f965b08df8d47f2f63e/.github/matrix.py#L116-L117
> 
> It would need an extra case for OpenSSL 3. You can test whether it works 
> locally using:
> 
> $ python3 .github/matrix.py push
> 
> Best regards
> Tim Düsterhus

Looks easy enough, I'll try that, thanks.

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand 
On Mon, Jun 07, 2021 at 05:08:32PM +0500, Илья Шипицин wrote:
> пн, 7 июн. 2021 г. в 16:31, William Lallemand :
> 
> > On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> > > sorry, I do not have much spare time to implement that in short time
> > > perspective.
> > > I think of 2-3 month timeframe.
> > >
> >
> > Isn't it possible to pass a make argument for one specific CI job?
> >
> > This way we could just do something like:
> >
> >   make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"
> >
> 
> please send a patch
> 

Sorry if I wasn't clear but this was a question. I have no idea how this
works and you are the more experienced with Tim on this subject :-)

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread Tim Düsterhus 

William,

On 6/7/21 1:30 PM, William Lallemand wrote:

On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:

sorry, I do not have much spare time to implement that in short time
perspective.
I think of 2-3 month timeframe.



Isn't it possible to pass a make argument for one specific CI job?

This way we could just do something like:

   make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"



Yes, this would be possible. It's already done to enable QUIC for BoringSSL:

https://github.com/haproxy/haproxy/blob/a9334df5a9bee2bf17b22f965b08df8d47f2f63e/.github/matrix.py#L116-L117

It would need an extra case for OpenSSL 3. You can test whether it works 
locally using:


$ python3 .github/matrix.py push

Best regards
Tim Düsterhus

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread Илья Шипицин 
пн, 7 июн. 2021 г. в 16:31, William Lallemand :

> On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> > sorry, I do not have much spare time to implement that in short time
> > perspective.
> > I think of 2-3 month timeframe.
> >
>
> Isn't it possible to pass a make argument for one specific CI job?
>
> This way we could just do something like:
>
>   make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"
>

please send a patch


>
> --
> William Lallemand
>

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand 
On Mon, Jun 07, 2021 at 04:02:00PM +0500, Илья Шипицин wrote:
> sorry, I do not have much spare time to implement that in short time
> perspective.
> I think of 2-3 month timeframe.
> 

Isn't it possible to pass a make argument for one specific CI job?

This way we could just do something like:

  make DEBUG_CFLAGS="-g -Wno-deprecated-declarations"

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-07 Thread William Lallemand 
On Sun, Jun 06, 2021 at 05:36:45AM +0200, Willy Tarreau wrote:
> On Sun, Jun 06, 2021 at 12:51:53AM +0200, Tim Düsterhus wrote:
> > Ilya,
> > 
> > On 6/5/21 5:10 AM,  ??? wrote:
> > > here are two patches:
> > > 
> > > - deprecated warnings suppressed
> > > - openssl-3.0.0 enabled
> > > 
> > 
> > In the second patch you forgot the 'CI:' prefix in the commit message.
> > 
> > Other than that the patches LGTM with regard to the CI changes.
> 
> OK thanks Tim, I'll take it and adjust the subject.
> 
> Willy
> 

Hello,

I don't think that's a good idea to do it this way, the first intent was
to be able to build OpenSSL 3.0.0, but the -Wdeprecated-declarations was
preventing to build with -Werror.

With this patch we are hiding all these warnings for all users and they
can be relevant at some point, not only for OpenSSL, but for the other
libs that are linked with haproxy.

In my opinion we should only disable them for this specific build of
OpenSSL 3.0.0 on the CI, not for everyone in the Makefile.

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-05 Thread Willy Tarreau 
On Sun, Jun 06, 2021 at 12:51:53AM +0200, Tim Düsterhus wrote:
> Ilya,
> 
> On 6/5/21 5:10 AM,  ??? wrote:
> > here are two patches:
> > 
> > - deprecated warnings suppressed
> > - openssl-3.0.0 enabled
> > 
> 
> In the second patch you forgot the 'CI:' prefix in the commit message.
> 
> Other than that the patches LGTM with regard to the CI changes.

OK thanks Tim, I'll take it and adjust the subject.

Willy

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-05 Thread Tim Düsterhus 

Ilya,

On 6/5/21 5:10 AM, Илья Шипицин wrote:

here are two patches:

- deprecated warnings suppressed
- openssl-3.0.0 enabled



In the second patch you forgot the 'CI:' prefix in the commit message.

Other than that the patches LGTM with regard to the CI changes.

Best regards
Tim Düsterhus

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-04 Thread Илья Шипицин 
here are two patches:

- deprecated warnings suppressed
- openssl-3.0.0 enabled

ср, 2 июн. 2021 г. в 21:51, Tim Düsterhus :

> Dinko,
>
> On 6/2/21 1:34 PM, Dinko Korunic wrote:
> > Yes, GItHub Actions has support for flagging some of the jobs in matrix
> as experimental (which will permit job to fail and other jobs in the matrix
> will continue to execute), for instance:
> >
> >
> https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-including-new-combinations
> <
> https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-including-new-combinations
> >
> >
> https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-preventing-a-specific-failing-matrix-job-from-failing-a-workflow-run
> <
> https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-preventing-a-specific-failing-matrix-job-from-failing-a-workflow-run
> >
> >
>
> Oh, continue-on-error also exists on the job level. IMO it's badly
> named, but it appears to be what I was looking for.
>
> Based off the other responses we might not need it after all, but it's
> good to know that it is possible. Thanks!
>
> Best regards
> Tim Düsterhus
>
>
From 4f6467bfe678479cfeb69bac1ec7ffd01177988b Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Sat, 5 Jun 2021 03:06:59 +
Subject: [PATCH 2/2] github actions: add OpenSSL-3.0.0 builds

OpenSSL-3.0.0 is getting close to its release, let us add it to build matrix
---
 .github/matrix.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/matrix.py b/.github/matrix.py
index 9e9b395..1ff48aa 100644
--- a/.github/matrix.py
+++ b/.github/matrix.py
@@ -108,6 +108,7 @@ for CC in ["gcc", "clang"]:
 for ssl in [
 "stock",
 "OPENSSL_VERSION=1.0.2u",
+"OPENSSL_VERSION=3.0.0-alpha17",
 "LIBRESSL_VERSION=2.9.2",
 "LIBRESSL_VERSION=3.3.3",
 "BORINGSSL=yes",
-- 
1.8.3.1

From 83235f06da6b731f01216fa3ee4e0221496844f6 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Sat, 5 Jun 2021 03:06:03 +
Subject: [PATCH 1/2] BUILD: suppress deprecated warnings

this is temporary workaround to enable OpenSSL-3.0.0 builds
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 6571dc6..8fa3b7c 100644
--- a/Makefile
+++ b/Makefile
@@ -203,6 +203,7 @@ SPEC_CFLAGS += $(call cc-nowarn,clobbered)
 SPEC_CFLAGS += $(call cc-nowarn,missing-field-initializers)
 SPEC_CFLAGS += $(call cc-nowarn,cast-function-type)
 SPEC_CFLAGS += $(call cc-nowarn,string-plus-int)
+SPEC_CFLAGS += $(call cc-nowarn,deprecated-declarations)
 SPEC_CFLAGS += $(call cc-opt,-Wtype-limits)
 SPEC_CFLAGS += $(call cc-opt,-Wshift-negative-value)
 SPEC_CFLAGS += $(call cc-opt,-Wshift-overflow=2)
-- 
1.8.3.1

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread Tim Düsterhus 

Dinko,

On 6/2/21 1:34 PM, Dinko Korunic wrote:

Yes, GItHub Actions has support for flagging some of the jobs in matrix as 
experimental (which will permit job to fail and other jobs in the matrix will 
continue to execute), for instance:

https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-including-new-combinations
 

https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-preventing-a-specific-failing-matrix-job-from-failing-a-workflow-run
 




Oh, continue-on-error also exists on the job level. IMO it's badly 
named, but it appears to be what I was looking for.


Based off the other responses we might not need it after all, but it's 
good to know that it is possible. Thanks!


Best regards
Tim Düsterhus

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread William Lallemand 
On Wed, Jun 02, 2021 at 04:34:16PM +0500, Илья Шипицин wrote:
> Subject: Re: [PATCH] CI: enable openssl-3.0.0 builds
>
> ср, 2 июн. 2021 г. в 16:27, Tim Düsterhus :
> 
> > Ilya,
> >
> > On 6/2/21 12:58 PM, Илья Шипицин wrote:
> > > as openssl-3.0.0 is getting close to release, let us add it to build
> > matrix.
> > >
> >
> > I dislike that this is going to report all commits in red, until the
> > build failures with OpenSSL 3 are fixed.

I agree, but in my opinion we should do it in two steps:

* fix the *errors* and build without -Werror in order to see the
  -Wdeprecated-declarations warnings.

* port haproxy to the new API (long term goal) to be able to build
  with openssl 3.0.0 with -Werror.


> 
> @William Lallemand   has an appetite to make it
> green ;)
> 

I'll fix what I can to be able to build with
-Wno-deprecated-declarations.

> I did a quick research, whether
> > some job could be marked as "experimental" / "allowed failure" with
> > GitHub Actions, but could not find anything.
> >

I don't think we need this, fixing the build errors shouldn't be long,
Emeric already made some tests with openssl3 few weeks ago and it was
working fine.

-- 
William Lallemand

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread Dinko Korunic 

On 02.06.2021., at 13:27, Tim Düsterhus  wrote:
> 
> Ilya,
> 
> On 6/2/21 12:58 PM, Илья Шипицин wrote:
>> as openssl-3.0.0 is getting close to release, let us add it to build matrix.
> 
> I dislike that this is going to report all commits in red, until the build 
> failures with OpenSSL 3 are fixed. I did a quick research, whether some job 
> could be marked as "experimental" / "allowed failure" with GitHub Actions, 
> but could not find anything.
> 
> Do you know whether this is possible?
> 

[…]

Yes, GItHub Actions has support for flagging some of the jobs in matrix as 
experimental (which will permit job to fail and other jobs in the matrix will 
continue to execute), for instance:

https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-including-new-combinations
 

https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#example-preventing-a-specific-failing-matrix-job-from-failing-a-workflow-run
 



Kind regards,
D.

-- 
Dinko Korunic   ** Standard disclaimer applies **
Sent from OSF1 osf1v4b V4.0 564 alpha

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread Илья Шипицин 
ср, 2 июн. 2021 г. в 16:27, Tim Düsterhus :

> Ilya,
>
> On 6/2/21 12:58 PM, Илья Шипицин wrote:
> > as openssl-3.0.0 is getting close to release, let us add it to build
> matrix.
> >
>
> I dislike that this is going to report all commits in red, until the
> build failures with OpenSSL 3 are fixed. I did a quick research, whether
> some job could be marked as "experimental" / "allowed failure" with
> GitHub Actions, but could not find anything.
>

@William Lallemand   has an appetite to make it
green ;)


>
> Do you know whether this is possible?
>


That's a good question. I was sure it would be possible, I'll have a look.


>
> The patch LGTM other than that concern.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] CI: enable openssl-3.0.0 builds

2021-06-02 Thread Tim Düsterhus 

Ilya,

On 6/2/21 12:58 PM, Илья Шипицин wrote:

as openssl-3.0.0 is getting close to release, let us add it to build matrix.



I dislike that this is going to report all commits in red, until the 
build failures with OpenSSL 3 are fixed. I did a quick research, whether 
some job could be marked as "experimental" / "allowed failure" with 
GitHub Actions, but could not find anything.


Do you know whether this is possible?

The patch LGTM other than that concern.

Best regards
Tim Düsterhus