Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate and eventually get rid of support of NSS as a crypto backend #1041

Closed
alexey-tikhonov opened this issue Apr 30, 2020 · 8 comments
Closed

Deprecate and eventually get rid of support of NSS as a crypto backend #1041

alexey-tikhonov opened this issue Apr 30, 2020 · 8 comments
Assignees
@alexey-tikhonov
Labels
Closed: Fixed Issue was closed as fixed.

Comments

@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Apr 30, 2020
edited

Master branch should eventually drop support of libnss as a crypto backend.

Steps would be:
(I)

  1. switch default to OpenSSL
  2. warn about deprecation in the case NSS is selected during configuration
  3. announce deprecation in the release notes of next upstream release

(II) finally remove support of libnss in (next+1) upstream release
@alexey-tikhonov alexey-tikhonov self-assigned this Apr 30, 2020
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Apr 30, 2020
@alexey-tikhonov
config: switch to OpenSSL as default crypto backend
b53ce56 
 - switch default to OpenSSL
 - warn about deprecation in the case NSS is selected
   during configuration

Resolves: SSSD#1041 parts I.1 and I.2
@alexey-tikhonov alexey-tikhonov mentioned this issue Apr 30, 2020
Closed
@alexey-tikhonov
Copy link
Member Author

Take a note, despite GH saying "linked a pull request that will close this issue", that's not the case - #1042 should not close this ticket.

This was referenced May 2, 2020
Closed
Closed
Closed
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue May 4, 2020
@alexey-tikhonov
config: switch to OpenSSL as default crypto backend
d9f6217 
 - switch default to OpenSSL
 - warn about deprecation in the case NSS is selected
   during configuration

Resolves: SSSD#1041 parts I.1 and I.2
@jhrozek jhrozek closed this as completed in 8b2c4ad May 7, 2020
@pbrezina
Copy link
Member

pbrezina commented May 7, 2020

  • master
    • 8b2c4ad - config: switch to OpenSSL as default crypto backend

@pbrezina pbrezina reopened this May 7, 2020
@alexey-tikhonov
Copy link
Member Author

I will re-assign this ticket on @pbrezina awhile for "announce deprecation in the release notes of next upstream release" item.

@alexey-tikhonov
Copy link
Member Author

I will re-assign this ticket on @pbrezina awhile for "announce deprecation in the release notes of next upstream release" item.

This item is done: https://sssd.github.io/docs/users/relnotes/notes_2_3_0.html

@alexey-tikhonov
Copy link
Member Author

Took ticket back to do (II)

@alexey-tikhonov
Copy link
Member Author

alexey-tikhonov commented Jul 13, 2020
edited

Hi @scabrero,

could you please clarify what is the difference between:

What I actually want to figure out: will it cause any troubles for openSUSE packager if we will drop support of libnss as cryptobackend in next 2.x upstream release?

I guess it shouldn't, since every spec-file uses --with-crypto=libcrypto.

@scabrero
Copy link
Contributor

Hi @alexey-tikhonov,

each release maintains its own spec file in the build system, we don't use in-tree spec files. As you said, switching to openSSL is not a problem as we build with --with-crypto=libcrypto since long time ago.

Thanks for taking the time to ask.

alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Jul 15, 2020
@alexey-tikhonov
Drop support of libnss as a crypto backend
634473e 
Resolves: SSSD#1041
@alexey-tikhonov alexey-tikhonov mentioned this issue Jul 15, 2020
Closed
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Jul 21, 2020
@alexey-tikhonov
Drop support of libnss as a crypto backend
6f83e69 
Resolves: SSSD#1041
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Jul 21, 2020
@alexey-tikhonov
Get rid of "NSS DB" references.
7ede3a3 
Resolves: SSSD#1041
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Aug 7, 2020
@alexey-tikhonov
Drop support of libnss as a crypto backend
7c2a7d1 
Resolves: SSSD#1041
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Aug 7, 2020
@alexey-tikhonov
Get rid of "NSS DB" references.
a7b7dc2 
Resolves: SSSD#1041
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Aug 24, 2020
@alexey-tikhonov
Drop support of libnss as a crypto backend
b98b7ba 
Resolves: SSSD#1041
alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this issue Aug 24, 2020
@alexey-tikhonov
Get rid of "NSS DB" references.
46f8823 
Resolves: SSSD#1041
pbrezina pushed a commit that referenced this issue Aug 27, 2020
@alexey-tikhonov @pbrezina
Get rid of "NSS DB" references.
a291148 
Resolves: #1041

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
@pbrezina
Copy link
Member

Pushed PR: #5246

  • master
    • a291148 - Get rid of "NSS DB" references.
    • 266ecc0 - Drop support of libnss as a crypto backend

@pbrezina pbrezina added the Closed: Fixed Issue was closed as fixed. label Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexey-tikhonov alexey-tikhonov

Labels
Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
3 participants
@scabrero @pbrezina @alexey-tikhonov