From 427d67a1509fbc68df00c334fe1f49040817445c Mon Sep 17 00:00:00 2001 From: DJO <790521+Alenar@users.noreply.github.com> Date: Mon, 24 Jul 2023 14:25:14 +0200 Subject: [PATCH 1/5] Fix junit file renaming in ci If the test failed the file move would not be executed, leading to a failure of the upload step. --- .github/workflows/ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 121e9c71d91..2bb4409edf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -131,7 +131,11 @@ jobs: shell: bash run: | cargo nextest run --profile ci ${{ matrix.test-args }} - # Rename junit file to include runner info + + - name: Rename junit file to include runner info + shell: bash + if: success() || failure() + run: | mv target/nextest/ci/tests-result.junit.xml test-results${{ matrix.artifact-suffix }}-${{ runner.os }}-${{ runner.arch }}.xml - name: Upload Tests Results From 95373909952e69dfa15b755a015ba75613bb2251 Mon Sep 17 00:00:00 2001 From: DJO <790521+Alenar@users.noreply.github.com> Date: Mon, 24 Jul 2023 12:24:12 +0200 Subject: [PATCH 2/5] Add a feature to bundle openssl in our binaries This in order to avoid dependency errors when installing or using them in a system that does not package a compatible openssl version (ie: `libssl1.1` of `Ubuntu:20.04` is not compatible with `libssl3` of `Ubuntu:22.04). Note that when doing that the bundled openssl loose the capacity to automatically find the system root certificates, we must find them manually using `openssl_probe` (see: https://docs.rs/openssl/latest/openssl/index.html#vendored). --- Cargo.lock | 16 ++++++++++++++++ mithril-aggregator/Cargo.toml | 3 +++ mithril-aggregator/src/main.rs | 3 +++ mithril-client/Cargo.toml | 3 +++ mithril-client/src/main.rs | 3 +++ mithril-common/Cargo.toml | 1 - mithril-signer/Cargo.toml | 3 +++ mithril-signer/src/main.rs | 3 +++ 8 files changed, 34 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index f4c2f314f1d..ac73e510e12 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2108,6 +2108,8 @@ dependencies = [ "httpmock", "mithril-common", "mockall", + "openssl", + "openssl-probe", "reqwest", "semver", "serde", @@ -2150,6 +2152,8 @@ dependencies = [ "indicatif", "mithril-common", "mockall", + "openssl", + "openssl-probe", "reqwest", "semver", "serde", @@ -2243,6 +2247,8 @@ dependencies = [ "httpmock", "mithril-common", "mockall", + "openssl", + "openssl-probe", "rand_chacha 0.3.1", "rand_core 0.6.4", "reqwest", @@ -2561,6 +2567,15 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "openssl-src" +version = "111.26.0+1.1.1u" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efc62c9f12b22b8f5208c23a7200a442b2e5999f8bdf80233852122b5a4f6f37" +dependencies = [ + "cc", +] + [[package]] name = "openssl-sys" version = "0.9.90" @@ -2569,6 +2584,7 @@ checksum = "374533b0e45f3a7ced10fcaeccca020e66656bc03dac384f852e4e5a7a8104a6" dependencies = [ "cc", "libc", + "openssl-src", "pkg-config", "vcpkg", ] diff --git a/mithril-aggregator/Cargo.toml b/mithril-aggregator/Cargo.toml index 6f83d9b9328..5b5a877242b 100644 --- a/mithril-aggregator/Cargo.toml +++ b/mithril-aggregator/Cargo.toml @@ -18,6 +18,8 @@ config = "0.13.1" flate2 = "1.0.23" hex = "0.4.3" mithril-common = { path = "../mithril-common" } +openssl = { version = "*", features = ["vendored"], optional = true } +openssl-probe = { version = "0.1.5", optional = true } reqwest = { version = "0.11", features = ["json"] } semver = "1.0.16" serde = { version = "1.0", features = ["derive"] } @@ -46,3 +48,4 @@ tempfile = "3.3.0" [features] portable = ["mithril-common/portable"] # portable feature avoids SIGILL crashes on CPUs not supporting Intel ADX instruction set when built on CPUs that support it +bundle_openssl = ["dep:openssl", "dep:openssl-probe"] diff --git a/mithril-aggregator/src/main.rs b/mithril-aggregator/src/main.rs index 4c2dd707d55..6693bb00a39 100644 --- a/mithril-aggregator/src/main.rs +++ b/mithril-aggregator/src/main.rs @@ -23,5 +23,8 @@ async fn main() -> Result<(), String> { let args = MainOpts::parse(); let _guard = slog_scope::set_global_logger(build_logger(&args)); + #[cfg(feature = "bundle_openssl")] + openssl_probe::init_ssl_cert_env_vars(); + args.execute().await.map_err(|e| e.to_string()) } diff --git a/mithril-client/Cargo.toml b/mithril-client/Cargo.toml index 1122d2096b2..e2b52b86d0e 100644 --- a/mithril-client/Cargo.toml +++ b/mithril-client/Cargo.toml @@ -24,6 +24,8 @@ hex = "0.4.3" human_bytes = { version = "0.4.2", features = ["fast"] } indicatif = { version = "0.17.5", features = ["tokio"] } mithril-common = { path = "../mithril-common" } +openssl = { version = "*", features = ["vendored"], optional = true } +openssl-probe = { version = "0.1.5", optional = true } reqwest = { version = "0.11", features = ["json", "stream"] } semver = "1.0" serde = { version = "1.0", features = ["derive"] } @@ -43,3 +45,4 @@ mockall = "0.11.0" [features] portable = ["mithril-common/portable"] +bundle_openssl = ["dep:openssl", "dep:openssl-probe"] diff --git a/mithril-client/src/main.rs b/mithril-client/src/main.rs index 9bf3ca8c47c..0cccdd7e9f8 100644 --- a/mithril-client/src/main.rs +++ b/mithril-client/src/main.rs @@ -122,6 +122,9 @@ async fn main() -> Result<(), String> { let args = Args::parse(); let _guard = slog_scope::set_global_logger(args.build_logger()); + #[cfg(feature = "bundle_openssl")] + openssl_probe::init_ssl_cert_env_vars(); + args.execute() .await .map_err(|e| format!("An error occured: {e}")) diff --git a/mithril-common/Cargo.toml b/mithril-common/Cargo.toml index b27b5e3bdf6..2cafa335bef 100644 --- a/mithril-common/Cargo.toml +++ b/mithril-common/Cargo.toml @@ -78,4 +78,3 @@ serde_yaml = "0.9.10" default = [] portable = ["mithril-stm/portable"] # portable feature avoids SIGILL crashes on CPUs not supporting Intel ADX instruction set when built on CPUs that support it allow_skip_signer_certification = [] - diff --git a/mithril-signer/Cargo.toml b/mithril-signer/Cargo.toml index 77a81353e66..9bdc8fb56bf 100644 --- a/mithril-signer/Cargo.toml +++ b/mithril-signer/Cargo.toml @@ -15,6 +15,8 @@ clap = { version = "4.0", features = ["derive", "env"] } config = "0.13.1" hex = "0.4.3" mithril-common = { path = "../mithril-common" } +openssl = { version = "*", features = ["vendored"], optional = true } +openssl-probe = { version = "0.1.5", optional = true } rand_chacha = "0.3.1" rand_core = "0.6.3" reqwest = { version = "0.11", features = ["json", "stream"] } @@ -36,3 +38,4 @@ slog-term = "2.9.0" [features] portable = ["mithril-common/portable"] # portable feature avoids SIGILL crashes on CPUs not supporting Intel ADX instruction set when built on CPUs that support it +bundle_openssl = ["dep:openssl", "dep:openssl-probe"] diff --git a/mithril-signer/src/main.rs b/mithril-signer/src/main.rs index 36044e683cb..0ae741af5a3 100644 --- a/mithril-signer/src/main.rs +++ b/mithril-signer/src/main.rs @@ -77,6 +77,9 @@ async fn main() -> Result<(), String> { let args = Args::parse(); let _guard = slog_scope::set_global_logger(build_logger(args.log_level())); + #[cfg(feature = "bundle_openssl")] + openssl_probe::init_ssl_cert_env_vars(); + debug!("Starting"; "node_version" => env!("CARGO_PKG_VERSION")); // Load config From 08b769438247da922247d989dae4e3fe9cb0db52 Mon Sep 17 00:00:00 2001 From: DJO <790521+Alenar@users.noreply.github.com> Date: Mon, 24 Jul 2023 12:29:59 +0200 Subject: [PATCH 3/5] Enable openssl bundling for CI builds --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2bb4409edf9..3df259ebf03 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,6 +40,8 @@ jobs: - name: Build Mithril workspace & publish artifacts uses: ./.github/workflows/actions/build-upload-mithril-artifact + with: + build-args: --features bundle_openssl - name: Build Debian packages shell: bash @@ -95,7 +97,7 @@ jobs: - name: Build Mithril workspace & publish artifacts uses: ./.github/workflows/actions/build-upload-mithril-artifact with: - build-args: ${{ matrix.build-args }} + build-args: --features bundle_openssl ${{ matrix.build-args }} test: strategy: From 7557d19ac08ef7555d8a6da54876ef17f0f093d2 Mon Sep 17 00:00:00 2001 From: DJO <790521+Alenar@users.noreply.github.com> Date: Mon, 24 Jul 2023 13:03:14 +0200 Subject: [PATCH 4/5] Fix windows ci build failing on OpenSSL compilation The problem is with the Perl version used by mingw (that allow to use bash on windows), changing the shell to powershell to use the system version fix the issue. --- .../actions/build-upload-mithril-artifact/action.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/actions/build-upload-mithril-artifact/action.yml b/.github/workflows/actions/build-upload-mithril-artifact/action.yml index ebe1c80a232..b9ae2c41d9e 100644 --- a/.github/workflows/actions/build-upload-mithril-artifact/action.yml +++ b/.github/workflows/actions/build-upload-mithril-artifact/action.yml @@ -8,14 +8,19 @@ inputs: runs: using: "composite" steps: - - name: Add commit short sha to Cargo.tomls version + - name: Get label to append to crate versions + id: label shell: bash + run: echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT + + - name: Add commit short sha to Cargo.tomls version + shell: ${{ runner.os == 'Windows' && 'pwsh' || 'bash' }} run: | pip3 install toml - python3 ./.github/workflows/scripts/edit-cargo-toml-version.py -l $(echo ${{ github.sha }} | cut -c1-7) + python3 ./.github/workflows/scripts/edit-cargo-toml-version.py -l "${{ steps.label.outputs.short_sha }}" - name: Cargo build - Distribution - shell: bash + shell: ${{ runner.os == 'Windows' && 'pwsh' || 'bash' }} run: cargo build --release ${{ inputs.build-args }} - name: Publish Mithril Distribution (${{ runner.os }}-${{ runner.arch }}) From 2a9cf8a98dde1de74a5f7dd10d743bae4e83059d Mon Sep 17 00:00:00 2001 From: DJO <790521+Alenar@users.noreply.github.com> Date: Mon, 24 Jul 2023 17:29:46 +0200 Subject: [PATCH 5/5] Update versions --- Cargo.lock | 6 +++--- mithril-aggregator/Cargo.toml | 2 +- mithril-client/Cargo.toml | 2 +- mithril-signer/Cargo.toml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ac73e510e12..435ee3cce8f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2096,7 +2096,7 @@ dependencies = [ [[package]] name = "mithril-aggregator" -version = "0.3.54" +version = "0.3.55" dependencies = [ "async-trait", "chrono", @@ -2134,7 +2134,7 @@ dependencies = [ [[package]] name = "mithril-client" -version = "0.3.21" +version = "0.3.22" dependencies = [ "async-recursion", "async-trait", @@ -2238,7 +2238,7 @@ dependencies = [ [[package]] name = "mithril-signer" -version = "0.2.62" +version = "0.2.63" dependencies = [ "async-trait", "clap", diff --git a/mithril-aggregator/Cargo.toml b/mithril-aggregator/Cargo.toml index 5b5a877242b..48c67a72c60 100644 --- a/mithril-aggregator/Cargo.toml +++ b/mithril-aggregator/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "mithril-aggregator" -version = "0.3.54" +version = "0.3.55" description = "A Mithril Aggregator server" authors = { workspace = true } edition = { workspace = true } diff --git a/mithril-client/Cargo.toml b/mithril-client/Cargo.toml index e2b52b86d0e..f6c7c03f149 100644 --- a/mithril-client/Cargo.toml +++ b/mithril-client/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "mithril-client" -version = "0.3.21" +version = "0.3.22" description = "A Mithril Client" authors = { workspace = true } edition = { workspace = true } diff --git a/mithril-signer/Cargo.toml b/mithril-signer/Cargo.toml index 9bdc8fb56bf..ae541582b92 100644 --- a/mithril-signer/Cargo.toml +++ b/mithril-signer/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "mithril-signer" -version = "0.2.62" +version = "0.2.63" description = "A Mithril Signer" authors = { workspace = true } edition = { workspace = true }