From 3daed2212b12f0dd67340f574d65b82bab26e0c4 Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Thu, 9 Nov 2023 13:03:56 -0800 Subject: [PATCH 1/2] Build pdk runtime components against openssl 3 The order that components are listed in pdk-components matters, so build openssl 3 first followed by other components that rely on it (curl, git, etc). Then build openssl 1.1.1 before building the extra ruby 2.7.8. Note the openssl 1.1.1 headers still overwrite the 3.0.x, which is bad and needs to be resolved somehow as it may confuse any rubygem with native extension that we install in ruby 2.7. --- configs/projects/_pdk-components.rb | 19 ++++--------------- configs/projects/pdk-runtime.rb | 8 +------- 2 files changed, 5 insertions(+), 22 deletions(-) diff --git a/configs/projects/_pdk-components.rb b/configs/projects/_pdk-components.rb index e01de8c48..69469e565 100644 --- a/configs/projects/_pdk-components.rb +++ b/configs/projects/_pdk-components.rb @@ -1,21 +1,6 @@ # This file is used to define the components that make up the PDK runtime package. if proj.ruby_major_version >= 3 - - openssl3_platform = [ - platform.is_el?, - platform.is_fedora?, - platform.is_sles?, - platform.is_deb?, - platform.is_macos?, - platform.is_windows? - ].any? - - openssl_version = proj.openssl_version - openssl_version = '3.0' if openssl3_platform - - proj.component "openssl-#{openssl_version}" - # Ruby 3.2 does not package these two libraries so we need to add them proj.component 'libffi' proj.component 'libyaml' @@ -53,6 +38,10 @@ # Additional Rubies if proj.respond_to?(:additional_rubies) proj.additional_rubies.each_key do |rubyver| + raise "Not sure which openssl version to use for ruby #{rubyver}" unless rubyver.start_with?("2.7") + + # old ruby versions don't support openssl 3 + proj.component "openssl-1.1.1" proj.component "ruby-#{rubyver}" ruby_minor = rubyver.split('.')[0, 2].join('.') diff --git a/configs/projects/pdk-runtime.rb b/configs/projects/pdk-runtime.rb index 3f7d32642..3c016922b 100644 --- a/configs/projects/pdk-runtime.rb +++ b/configs/projects/pdk-runtime.rb @@ -1,6 +1,6 @@ project 'pdk-runtime' do |proj| proj.setting(:runtime_project, 'pdk') - proj.setting(:openssl_version, '1.1.1') + proj.setting(:openssl_version, '3.0') proj.setting(:augeas_version, '1.14.1') proj.setting(:rubygem_fast_gettext_version, '1.1.2') proj.setting(:rubygem_gettext_version, '3.2.2') @@ -157,10 +157,4 @@ proj.publish_yaml_settings proj.timeout 7200 if platform.is_windows? - - # Here we rewrite public http urls to use our internal source host instead. - # Something like https://www.openssl.org/source/openssl-1.0.0r.tar.gz gets - # rewritten as - # https://artifactory.delivery.puppetlabs.net/artifactory/generic/buildsources/openssl-1.0.0r.tar.gz - # proj.register_rewrite_rule 'http', proj.buildsources_url end From b82d685b96218f126f42c8ebc706d50dfa1a795a Mon Sep 17 00:00:00 2001 From: david22swan Date: Fri, 10 Nov 2023 17:50:15 +0000 Subject: [PATCH 2/2] (CAT-1505) Ensure openssl-3.0 headers are not overwritten by openssl-1.1.1 When installing openssl-1.1.1 in order to support ruby-2.7.8 the previously installed openssl-3.0 headers are being overwritten. This pr moves them out of the way while ruby-2.7.8 is being set up and then moves them back once it is done. --- configs/components/post-additional-rubies.rb | 6 ++++++ configs/components/pre-additional-rubies.rb | 5 +++++ configs/projects/_pdk-components.rb | 2 ++ 3 files changed, 13 insertions(+) create mode 100644 configs/components/post-additional-rubies.rb create mode 100644 configs/components/pre-additional-rubies.rb diff --git a/configs/components/post-additional-rubies.rb b/configs/components/post-additional-rubies.rb new file mode 100644 index 000000000..f97d9c15a --- /dev/null +++ b/configs/components/post-additional-rubies.rb @@ -0,0 +1,6 @@ +component "post-additional-rubies" do |pkg, settings, platform| + pkg.build do + [ "rm -rf #{settings[:prefix]}/include/openssl", + "mv /tmp/openssl #{settings[:prefix]}/include/openssl"] + end +end diff --git a/configs/components/pre-additional-rubies.rb b/configs/components/pre-additional-rubies.rb new file mode 100644 index 000000000..6c6bc1907 --- /dev/null +++ b/configs/components/pre-additional-rubies.rb @@ -0,0 +1,5 @@ +component "pre-additional-rubies" do |pkg, settings, platform| + pkg.build do + ["mv #{settings[:prefix]}/include/openssl /tmp/openssl"] + end +end diff --git a/configs/projects/_pdk-components.rb b/configs/projects/_pdk-components.rb index 69469e565..fed6339f0 100644 --- a/configs/projects/_pdk-components.rb +++ b/configs/projects/_pdk-components.rb @@ -41,6 +41,7 @@ raise "Not sure which openssl version to use for ruby #{rubyver}" unless rubyver.start_with?("2.7") # old ruby versions don't support openssl 3 + proj.component "pre-additional-rubies" proj.component "openssl-1.1.1" proj.component "ruby-#{rubyver}" @@ -49,6 +50,7 @@ proj.component "ruby-#{ruby_minor}-augeas" unless platform.is_windows? proj.component "ruby-#{ruby_minor}-selinux" if platform.is_el? || platform.is_fedora? proj.component "ruby-#{ruby_minor}-stomp" + proj.component "post-additional-rubies" end end