Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update source download URLs for openssl following the move. #1178

Merged
merged 3 commits into from
Apr 22, 2020
Merged

Update source download URLs for openssl following the move. #1178

merged 3 commits into from
Apr 22, 2020

Conversation

igorpeshansky
Copy link
Contributor

Also add openssl-1.1.1f and update openssl-fips URLs.

Description

The openssl sources have moved again — breaking the downloads in the same was as described in #833. This change attempts to adjust the download URL pattern for older versions, while still keeping the latest version at the original URL pattern.

Related Issue

Fixes #833

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@igorpeshansky
Update source download URLs for openssl following the move.
2c930ed 
Also add openssl-1.1.1f and update openssl-fips URLs.

Obvious fix.
@igorpeshansky igorpeshansky requested review from a team as code owners April 6, 2020 18:32
@igorpeshansky igorpeshansky mentioned this pull request Apr 6, 2020
Closed
akuzminsky
akuzminsky reviewed Apr 6, 2020
View reviewed changes
config/software/openssl.rb Outdated
@@ -27,12 +27,16 @@

# OpenSSL source ships with broken symlinks which windows doesn't allow.
# Skip error checking.
source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz", extract: :lax_tar
source url: "https://www.openssl.org/source/old/#{version}/openssl-#{version}.tar.gz", extract: :lax_tar
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i believe there is a typo here:

curl -v https://www.openssl.org/source/old/1.0.2u/openssl-1.0.2u.tar.gz
...
< HTTP/1.1 404 Not Found
< Server: Apache/2.4.29 (Ubuntu)
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Accept-Ranges: bytes
< Content-Type: text/html; charset=UTF-8
< Content-Length: 4182
< Cache-Control: max-age=172800
< Expires: Wed, 08 Apr 2020 19:10:48 GMT
< Date: Mon, 06 Apr 2020 19:10:48 GMT
< Connection: keep-alive

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch. Sorry about that. Should be fixed now.

@igorpeshansky
Copy link
Contributor Author

Gentle ping?

tas50
tas50 reviewed Apr 20, 2020
View reviewed changes
config/software/openssl-fips.rb
source url: "https://www.openssl.org/source/openssl-fips-#{version}.tar.gz", extract: :lax_tar
source url: "https://www.openssl.org/source/old/fips/openssl-fips-#{version}.tar.gz", extract: :lax_tar

version("2.0.16") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2.0.16 is also in the old dir so this shouldn't be necessary

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. It's really bizarre that they would put the latest fips tarball in the old directory, but not the latest openssl 1.1.1 tarball. However, I'd argue that there's an advantage to keeping this override, even if it's unnecessary for 2.0.16, because they might not continue this behavior with 2.0.17, and then the override would be useful. WDYT? If you'd rather apply YAGNI here, I can remove it.

@tas50 tas50 merged commit 993d4e4 into chef:master Apr 22, 2020
@tas50
Copy link
Contributor

tas50 commented Apr 22, 2020

Thanks for putting this all together

@igorpeshansky igorpeshansky deleted the igorpeshansky-fix-openssl-urls branch April 22, 2020 22:44
igorpeshansky added a commit to GoogleCloudPlatform/google-fluentd that referenced this pull request Apr 22, 2020
@igorpeshansky
Upgrade omnibus-software to pick up chef/omnibus-software#1178.
07ddce2 
Also revert #257.
@igorpeshansky
Copy link
Contributor Author

Thanks, @tas50. Sadly, we can't actually use this change in our project, because omnibus-software master uses lib_dirs, requiring a new omnibus major version (7.x, which hasn't even been released on RubyGems).
Is there an earlier omnibus-software branch compatible with omnibus 6.x that I can backport this to?

igorpeshansky added a commit to GoogleCloudPlatform/google-fluentd that referenced this pull request Apr 23, 2020
@igorpeshansky
Upgrade omnibus-software to pick up chef/omnibus-software#1178. (#259)
38e403d 
Also revert #257 and upgrade omnibus to 7.0.9.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tas50 tas50 tas50 left review comments

@akuzminsky akuzminsky akuzminsky left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openssl is moved
3 participants
@igorpeshansky @tas50 @akuzminsky