Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade OpenSSL from 1.1.1 to 3.1.3 #4179

Merged
merged 18 commits into from
Dec 20, 2023
Merged

Upgrade OpenSSL from 1.1.1 to 3.1.3 #4179

merged 18 commits into from
Dec 20, 2023

Conversation

eval-exec
Copy link
Collaborator

@eval-exec eval-exec commented Oct 8, 2023
edited
Loading

What problem does this PR solve?

Issue Number: close #4159

Problem Summary:
The OpenSSL 1.1.1 series has reached its End of Life, so it's time for us to transition to OpenSSL 3 since CKB is statically built with OpenSSL 1.1.1.

What is changed and how it works?

What's Changed:

Related changes

  • staticly linked openssl 3.1.3 on Docker image build
  • staticly linked openssl 3.1.3 on Linux platform release
  • staticly linked openssl 3.1.3 on Macos platform release
  • staticly linked openssl 3.1.3 on Windows platform release
  • test package.yaml CI workflow on all platform
  • test staticly linked openssl 3.1.3 docker image

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code ci-runs-only: [ quick_checks,linters ]

Side effects

  • None

Release note 

Title Only: Include only the PR title in the release note.

@eval-exec
Copy link
Collaborator Author

This PR need nervosnetwork/ckb-docker-builder#17

@eval-exec eval-exec added dependencies Pull requests that update a dependency file t:ci Type: CI labels Oct 8, 2023
@doitian
Copy link
Member

doitian commented Oct 12, 2023

docker builder 1.71.0-openssl-3.1.3 published

@eval-exec eval-exec force-pushed the exec/upgrade-openssl-3.1.3 branch from e117f2b to 6d0fb94 Compare October 12, 2023 10:00
@eval-exec eval-exec mentioned this pull request Oct 12, 2023
Closed
@eval-exec
Copy link
Collaborator Author

eval-exec commented Oct 12, 2023
edited
Loading

docker builder 1.71.0-openssl-3.1.3 published

The docker image's tag should be 1.71.1-openssl-3.1.3 instead of 1.71.0-openssl-3.1.3. Can we revoke nervos/ckb-docker-builder:1.71.0-openssl-3.1.3 and re-publish nervos/ckb-docker-builder:1.71.1-openssl-3.1.3? @doitian

@eval-exec eval-exec force-pushed the exec/upgrade-openssl-3.1.3 branch from caae00d to 4a9e14b Compare October 12, 2023 12:12
@eval-exec eval-exec mentioned this pull request Dec 5, 2023
Closed
@eval-exec eval-exec force-pushed the exec/upgrade-openssl-3.1.3 branch from 4a9e14b to a8a6f80 Compare December 6, 2023 09:55
@eval-exec
Build ckb's docker image by bionic-rust-1.71.1-openssl-3.1.3
f015987
@eval-exec
Package ckb with statically linked OpenSSL 3.1.3
4f06ded
@eval-exec
Static link openssl for aarch64-linux release
b5becfd
@eval-exec
Install latest openssl 3.1.3 for windows platform release
af54f60
@eval-exec
Fix OpenSSL 3.1.3 build instructions for linux-aarch64
503f754
@eval-exec
Extract OPENSSL_* related env from make prod for mac
b560271
@eval-exec
Extract OPENSSL_* related env from make prod for mac-aarch64
50aac10
@eval-exec
Separate no-shared OPENSSL as a independent step for linux-aarch64
1be0b49
@eval-exec
Compile OpenSSL 3.1.3 from source intead of install it from brew for mac
b7d5028
@eval-exec
Compile OpenSSL 3.1.3 from source intead of install it from brew for …
b6a76f8 
…mac-aarch64
@eval-exec
Verify GPG signature and sha256sum for openssl tar ball
526d261
@eval-exec
Verify GPG signature and sha256sum for openssl tar ball for mac
d897fad
@eval-exec
Verify GPG signature and sha256sum for openssl tar ball for mac-aarch64
ce1ef3c
@eval-exec
Fix OpenSSL prefix path to openssl-3.1.3/build
c4ab35e
@eval-exec
Put OpenSSL related file under target dir
3e530fa
@eval-exec
Fix OpenSSL include dir env name
388bbd6
@eval-exec eval-exec force-pushed the exec/upgrade-openssl-3.1.3 branch from e9dc36f to 388bbd6 Compare December 11, 2023 03:31
@eval-exec
Copy link
Collaborator Author

Waiting nervosnetwork/ckb-docker-builder#19

@eval-exec
Remove trailing whitespace
a4ef135 
Signed-off-by: Eval EXEC <execvy@gmail.com>
@eval-exec
Copy link
Collaborator Author

eval-exec commented Dec 11, 2023
edited
Loading

On x86_64-darwin64, make prod got this:

bash-3.2$ lldb ./target/prod/ckb
(lldb) target create "./target/prod/ckb"
Current executable set to '/Users/runner/work/ckb/ckb/target/prod/ckb' (x86_64).
(lldb) b main
Breakpoint 1: 10 locations.
(lldb) r
Process 37067 launched: '/Users/runner/work/ckb/ckb/target/prod/ckb' (x86_64)
Process 37067 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
    frame #0: 0x000000010133321d ckb`std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, rocksdb::OptionTypeInfo, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, rocksdb::OptionTypeInfo> > >::unordered_map(std::initializer_list<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, rocksdb::OptionTypeInfo> >) + 1005
ckb`std::__1::unordered_map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, rocksdb::OptionTypeInfo, std::__1::hash<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::equal_to<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, rocksdb::OptionTypeInfo> > >::unordered_map:
->  0x10133321d <+1005>: blsrq  %rdi, %rcx
    0x101333222 <+1010>: setne  %cl
    0x101333225 <+1013>: orb    %al, %cl
    0x101333227 <+1015>: vdivss %xmm1, %xmm0, %xmm0
Target 0: (ckb) stopped.

make prod_portable won't get this.

@eval-exec eval-exec self-assigned this Dec 11, 2023
@eval-exec eval-exec marked this pull request as ready for review December 11, 2023 10:07
@eval-exec eval-exec requested a review from a team as a code owner December 11, 2023 10:07
@eval-exec eval-exec requested review from doitian and removed request for a team December 11, 2023 10:07
@eval-exec eval-exec marked this pull request as draft December 11, 2023 10:07
eval-exec
eval-exec commented Dec 11, 2023
View reviewed changes
.github/workflows/package.yaml
@@ -78,7 +78,7 @@ jobs:
name: ckb_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc
path: ckb_${{env.GIT_TAG_NAME }}_${{env.REL_PKG }}.asc
env:
BUILDER_IMAGE: nervos/ckb-docker-builder:bionic-rust-1.71.1
BUILDER_IMAGE: nervos/ckb-docker-builder:bionic-rust-1.71.1-openssl-3.1.3
Copy link
Collaborator Author

@eval-exec eval-exec Dec 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nervos/ckb-docker-builder:bionic-rust-1.71.1-openssl-3.1.3 doesn't exist in dockerhub.
In dockerhub, we have bionic-rust-1.71.0-openssl-3.1.3 and centos-7-rust-1.71.0-openssl-3.1.3

@eval-exec eval-exec marked this pull request as ready for review December 11, 2023 10:32
@eval-exec
Copy link
Collaborator Author

eval-exec commented Dec 11, 2023
edited
Loading

We can draft a new release once the *1.71.1-openssl-3.1.3 docker images are published.
But this PR is ready to be merged now.

@doitian doitian added this pull request to the merge queue Dec 11, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 11, 2023
@eval-exec eval-exec requested a review from doitian December 12, 2023 03:12
@eval-exec
Copy link
Collaborator Author

eval-exec commented Dec 12, 2023
edited
Loading

The merge queue's workflow on Ubuntu (link) failed without an error log. I have re-triggered the failed jobs.

@doitian I think we can retry adding this PR to merge queue.

@eval-exec
Copy link
Collaborator Author

@doitian I think 0.113.0 need this PR.

@eval-exec eval-exec mentioned this pull request Dec 18, 2023
Merged
@doitian doitian added this pull request to the merge queue Dec 20, 2023
Merged via the queue into nervosnetwork:develop with commit 7ba53f3 Dec 20, 2023
32 checks passed
@doitian doitian mentioned this pull request Jan 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@doitian doitian Awaiting requested review from doitian

Assignees

@eval-exec eval-exec

Labels
dependencies Pull requests that update a dependency file t:ci Type: CI
Projects
CKB Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Static build CKB's release with openssl 3
2 participants
@eval-exec @doitian