Build pdk runtime components against openssl 3

The order that components are listed in pdk-components matters, so build openssl 3 first followed by other components that rely on it (curl, git, etc). Then build openssl 1.1.1 before building the extra ruby 2.7.8. Note the openssl 1.1.1 headers still overwrite the 3.0.x, which is bad and needs to be resolved somehow as it may confuse any rubygem with native extension that we install in ruby 2.7.
puppetlabs · Nov 9, 2023 · 3daed22 · 3daed22
1 parent 28dbddb
commit 3daed22
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 22 deletions.
diff --git a/configs/projects/_pdk-components.rb b/configs/projects/_pdk-components.rb
@@ -1,21 +1,6 @@
 # This file is used to define the components that make up the PDK runtime package.
 
 if proj.ruby_major_version >= 3
-
-  openssl3_platform = [
-    platform.is_el?,
-    platform.is_fedora?,
-    platform.is_sles?,
-    platform.is_deb?,
-    platform.is_macos?,
-    platform.is_windows?
-  ].any?
-
-  openssl_version = proj.openssl_version
-  openssl_version = '3.0' if openssl3_platform
-
-  proj.component "openssl-#{openssl_version}"
-
   # Ruby 3.2 does not package these two libraries so we need to add them
   proj.component 'libffi'
   proj.component 'libyaml'
@@ -53,6 +38,10 @@
 # Additional Rubies
 if proj.respond_to?(:additional_rubies)
   proj.additional_rubies.each_key do |rubyver|
+    raise "Not sure which openssl version to use for ruby #{rubyver}" unless rubyver.start_with?("2.7")
+
+    # old ruby versions don't support openssl 3
+    proj.component "openssl-1.1.1"
     proj.component "ruby-#{rubyver}"
 
     ruby_minor = rubyver.split('.')[0, 2].join('.')

diff --git a/configs/projects/pdk-runtime.rb b/configs/projects/pdk-runtime.rb
@@ -1,6 +1,6 @@
 project 'pdk-runtime' do |proj|
   proj.setting(:runtime_project, 'pdk')
-  proj.setting(:openssl_version, '1.1.1')
+  proj.setting(:openssl_version, '3.0')
   proj.setting(:augeas_version, '1.14.1')
   proj.setting(:rubygem_fast_gettext_version, '1.1.2')
   proj.setting(:rubygem_gettext_version, '3.2.2')
@@ -157,10 +157,4 @@
   proj.publish_yaml_settings
 
   proj.timeout 7200 if platform.is_windows?
-
-  # Here we rewrite public http urls to use our internal source host instead.
-  # Something like https://www.openssl.org/source/openssl-1.0.0r.tar.gz gets
-  # rewritten as
-  # https://artifactory.delivery.puppetlabs.net/artifactory/generic/buildsources/openssl-1.0.0r.tar.gz
-  # proj.register_rewrite_rule 'http', proj.buildsources_url
 end