search

ponylang / crypto

Library of common cryptographic algorithms and functions for Pony
https://ponylang.io
BSD 2-Clause "Simplified" License
11 stars 8 forks source link

Add libressl and openssl 1.1 tests #29

Closed SeanTAllen closed 4 years ago

SeanTAllen commented 4 years ago

We currently only test against openssl 0.9.x which is highly problematic for accepting PRs.

We need docker docker containers with openssl 1.1.x and libressl to use as part of PR and nightly breakage tests.

SeanTAllen commented 4 years ago

For libressl we can use alpine 3.12 as the base. For openssl 1.1.1 we can use alpine 3.12 as the base

We are currently testing with libressl prior to this change.

I think that we can say we aren't testing with actual openssl 0.9.8. That's only on particularly old distros that as far as I know aren't used in the Pony community at this time. Libressl has the same API as openssl 0.9.8 so we should be ok for coverage there in terms of compilation.

SeanTAllen commented 4 years ago

For the docker containers,

in the shared-docker repo, we are already creating a libressl based image that can create a 2nd version of with more explicit naming and use for this.

additionally, there's a 1.1.0 openssl version being created specifically for net_ssl, that can be moved to shared-docker and used as well.

so as part of this, net_ssl would be switched to using the new ones from shared-docker.

The PR tests from net_ssl are generally what we want (with aforementioned container changes)

https://github.com/ponylang/net_ssl/blob/master/.github/workflows/pr.yml

As are the nightly breakage tests:

https://github.com/ponylang/net_ssl/blob/master/.github/workflows/breakage-against-ponyc-latest.yml

For the "libressl" image in shared docker, I'm going to explicitly name it as using libressl so in addition to the generic "x86-64-unknown-linux-builder-with-ssl" which should end up being deprecated, there would be:

SeanTAllen commented 4 years ago

I'll handle doing this as there are a lot of moving parts regarding where everything should go and what should be updated.

Reminder to self:

https://github.com/search?q=x86-64-unknown-linux-builder-with-ssl&type=Code

the above search fails to find usage in http and http_server libraries as well.

SeanTAllen commented 4 years ago

libressl and openssl 1.1.x are added by https://github.com/ponylang/crypto/pull/37

however, there is no openssl 0.9.x tests at the moment. That is under discussion in #30.