-
-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OpenSSL 1.0.2 prereq on CentOS/RHEL6 for OpenJ9 #760
Conversation
- ansible_distribution_major_version == "6" | ||
register: openssl_version | ||
tags: openssl | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tags should be modified such that either/or openssl role can be targeted/omitted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't appear to be modifying from a system point of view. As in not on the library path or binary path, and this is intended not to be correct?
Assuming the answer to that is yes, then I think an update to the tags and commits squashed and it good. From an OpenJ9 build system perspective v1.1.1 is currently downloaded, but @vsebe has an update via #759 to add v1.1.1 to the system as default to satisfy both current OpenSSL and future JITaas requirements.
@vsebe's change is for JITaaS which I believe needs 1.1.1. This is to allow RHEL/CentOS6 to build against the same level main level (1.0.2) as the other CentOS7.4 systems which have that version preinstalled. I don't want to mess with the system version. Can you clarify what your issue is with the tags? Your comment is against something that already has an |
The current openssl role uses |
@vsebe My preference was to build the openJ9 JDKs against 1.0.2 since that's the earliest release and the one that's consistent with the CentOS7.4 build platforms therefore safer for compatibility. If we're 100% sure that building against 1.1.1 source (I believe that's a JITaaS requirement so not actually needed for any adoptopenjdk builds) will result in something that will execute against 1.0.2 that I'd be ok with not doing this, but I'd need that confirmation. |
@jdekonin Is the openssl111 purely for jitaas? In which case a jitaas tag for 1.1.1 might be more appropriate as per my previous comment to Violete |
afaik 1.1.* is required for JITaaS which is currently only supported on xlinux. I assume Adopt would need this (on at least the compile machines) in order to ship binaries with JITaaS support. Even if we aren't testing JITaaS at Adopt. |
@AdamBrousseau I thought the JITaaS was still in a separate branch so we wouldn't even be building it at present, or am I out of date? :-) |
@sxa555 Will need rebasing |
True, I was confusing it with a separate project. JITaaS is still not in the mainline. |
@AdamBrousseau In which case we should probably get @vsebe to modify her 1.1.1b upgrade PR (if we decide to land it) to use |
@jdekonin Given the discussions and modifications in 1.1.1 can you update your review please? |
The merge needs review; there are 3 commits in this PR, 2 of which don't belong. Travis failure is highlighting trailing white space that should also be fixed. |
The merge commit shouldn't be an issue as it'll get squashed on merge. Have resolved whitespace |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple of Nitpicks - also should we standardise on OpenSSL 1.0.2r for all platforms in that case?
- ((openssl_version.stdout == '') or ((openssl_version.stdout != '') and (openssl_version.stdout | version_compare('1.0.2', operator='lt', strict=True)))) | ||
tags: openssl | ||
|
||
- name: Remove downloaded packages for OpenSSL v1.1.0g |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that a correct name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general I'd rather use the build-system provided OpenSSL at whatever level that is. At the moment RHEL6 doesn't have any suitable one, so I'm only installing this explicitly on RHEL/CentOS6 to make a level of 1.0.2 available to build against (the exacty level isn't actually important and it'll never be the system SSL).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No :-) Well spotted!
@@ -0,0 +1,58 @@ | |||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
main.yml~
? Seems odd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a backup file that shouldn't have been in my add - removing ...
431a678
to
a2f8731
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The c96f81de
commit shouldn't be there at all, being squashed won't change the fact that it appears in this pr, even when its a non-change.
I don't think you meant to add the OpenSSL role back in did you? That role installs openssl v1.1.1b and was just recently removed in #759
Signed-off-by: Stewart Addison <sxa@uk.ibm.com>
This can be downloaded live, but I'd rather have it cached. CentOS6 (used on x64 for building) has openssl 1.0.1 which cannot be used by OpenJ9.
Separate PR in to the build repository to start using this adoptium/temurin-build#1023