Closed Gor027 closed 1 year ago
@Lorak-mmk currently #78 is blocked by this PR.
Why aren't we using Ubuntu latest in our github actions? (actually, looks like we do, so I'm unsure why are we getting xenial stuff? Some backward compat?)
@mykaul We are using xenial repo for libssl1.0.0
(but off top of my head I don't remember if it's for Rust's TLS or some "legacy" C++ Driver testing code - tests copied from original C++ Driver).
Why aren't we using Ubuntu latest in our github actions? (actually, looks like we do, so I'm unsure why are we getting xenial stuff? Some backward compat?)
The tests require libssl1.0.0
which was dropped from the default Ubuntu repos after Ubuntu 18.04, that is why xenial-security
was added. Maybe libssl1.1
can be installed instead, which will allow to remove xenial-security
from the setup step.
I can confirm that the tests successfully pass with libssl1.1
, so we can get rid of xenial-security
.
I can confirm that the tests successfully pass with
libssl1.1
, so we can get rid ofxenial-security
.
Good - thanks. 1.0 is not maintained even anymore (I think? https://www.openssl.org/policies/releasestrat.html ) I guess at some point we'll need to move to OpenSSL 3 (is that libssl3 in Ubuntu?), but I assume there's somewhere in the Rust code some work needed to support it?
I guess at some point we'll need to move to OpenSSL 3 (is that libssl3 in Ubuntu?), but I assume there's somewhere in the Rust code some work needed to support it?
The Rust driver should support it out of the box. Documentation of the crate that we use to bind to OpenSSL states that "OpenSSL versions 1.0.1 through 3.x.x and LibreSSL versions 2.5 through 3.4.1 are supported."
https://docs.rs/openssl/latest/openssl/ , first paragraph
The workflows fail for current pull requests:
It seems that xenial-security does not maintain keys for the Ubuntu keyserver. This PR will manually add the keys to the system.
Pre-review checklist
.github/workflows/build.yml
ingtest_filter
..github/workflows/cassandra.yml
ingtest_filter
.