Open dougch opened 2 months ago
worth noting Ubuntu22 is using Cmake3.22, and there have been changes to how Cmake looks for modules https://cmake.org/cmake/help/latest/command/find_package.html#search-procedure
Confirmed. In our CI image, both boringssl and awslc are available in /usr/local
and running cmake with --trace
turned on shows it picking awslc, because of the awslc/lib/crypto/cmake/crypto-config.cmake
file(s). Removing the *cmake files from the awslc install causes cmake to fall back to the PREFIX_PATH and builds against boringssl. So finessing the cmake search paths is one solution, the other is to just remove the awslc configs.
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
We had a CodeBuild job failure on the boringssl unit test, where cmake was trying to use aws-lc as the libcrypto.
(Incomplete) repro steps: using an Ubuntu22 Codebuild image, run the test similar to CI with:
The Cmake banner shows we're not picking up boringssl, and the build fails:
Solution:
Remove aws-lc or rework the way cmake's path search is configured.
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
Out of scope:
Is there anything the solution will intentionally NOT address?