Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(nix): Add aws-lc-fips 2022/4 #5109

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

chore(nix): Add aws-lc-fips 2022/4 #5109

wants to merge 9 commits into from
+856 −57

Conversation

dougch
Copy link
Contributor

@dougch dougch commented Feb 11, 2025
edited
Loading

Release Summary:

Resolved issues:

none, replaces #5035

Description of changes:

This adds two new devShells to CI for aws-lc-fips, corresponding to their release dates. The 2022 version did not contain a version flag in the bssl utility, giving us an additional way to validate the version differences.

% nix develop .#awslcfips2022                                                                                                                                                                                                             
Setting up awslc-fips-2022 environment from flake.nix...
nix/shell.sh: Entering a devShell
Libcrypto binary /nix/store/p1ppskx3a38l63z63hrm4qrpdamgnk2r-openssl-1.0.2/bin/openssl available as openssl102
Libcrypto binary /nix/store/c918w93z1h3alkknsvi8cg5nbi5hqsxr-openssl-1.1.1/bin/openssl available as openssl111
Libcrypto binary /nix/store/vdrwp8kl7jilvhiw2w0sd2rmhszcbv0r-openssl-3.0.7/bin/openssl available as openssl30
Libcrypto binary /nix/store/zg23jsrs6k2xd0jsb5q4n9ifisy8b9wv-aws-lc/bin/bssl available as bssl
Libcrypto binary /nix/store/nrx6nxkfx922z5w4cx2xypqi8pj1db5g-aws-lc-fips/bin/bssl available as fips2022bssl
Libcrypto binary /nix/store/k48hlhz3km4cghlhk3v993zp5srkx2kn-aws-lc-fips/bin/bssl available as fips2024bssl
Libcrypto binary /nix/store/r7zi8dl4y288sqwv7mwhyckw7v18z371-libressl-3.6.1/bin/openssl available as libressl
[nix awslc-fips-2022] dougch@devdesktop22:~/gitrepos/s2n-tls$ fips2024bssl version
3.0.0
[nix awslc-fips-2022] dougch@devdesktop22:~/gitrepos/s2n-tls$ fips2022bssl version
Usage: /nix/store/nrx6nxkfx922z5w4cx2xypqi8pj1db5g-aws-lc-fips/bin/bssl COMMAND
...

Call-outs:

I have an outstanding task to work with aws-lc folks on accepting my flake.

Updates to CI will come after merging.

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? locally
How can you convince your reviewers that this PR is safe and effective? No code was harmed, it's all nix.
Is this a refactor change? no

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Feb 11, 2025
@dougch dougch marked this pull request as ready for review February 11, 2025 22:12
@dougch dougch requested a review from lrstewart February 12, 2025 22:37
lrstewart
lrstewart approved these changes Feb 13, 2025
View reviewed changes
lrstewart
lrstewart reviewed Feb 18, 2025
View reviewed changes
goatgoose
goatgoose reviewed Feb 18, 2025
View reviewed changes
@dougch @lrstewart
Update nix/shell.sh
130ab56 
Co-authored-by: Lindsay Stewart <[email protected]>
@dougch dougch added this pull request to the merge queue Feb 19, 2025
@dougch dougch removed this pull request from the merge queue due to a manual request Feb 19, 2025
@dougch dougch enabled auto-merge February 19, 2025 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dougch @goatgoose @lrstewart