Add a custom conclusion file #880
Conversation
Add a custom conclusion file that lists out the need for the user to install OpenSSL 1.0.1/1.0.2. Solves a bit #647
|
Why is OpenSSL needed? Do all users of the cli need OpenSSL? |
|
@colemickens it won't fail if you don't hit that code path... @bartonjs has details |
|
@dotnet-bot test Ubuntu Debug Build please |
|
@dotnet-bot test Ubuntu ReleaseBuild please |
|
Do you have any plans for moving to the Apple recommended frameworks on OSX (Common Crypto/Security Transforms) instead of openssl? Or package it with the cli? @blackdwarf the conclusion file should link to a page with instructions on how to install openssl so the user doesn't need to figure out. |
|
@akoeplinger It's on the Long Term Theoretical Path. It took 8-11 months (depending on how you want to count) to get the cryptography libraries running on something other than Windows. It's now getting feasible to start looking at how to build it for the third time; but it's not something that could be done with quality in the amount of time that's left. As far as packaging it with the CLI, a whole host of problems creep in (how does it interact with anyone who has used Homebrew or ports to install it already; if OpenSSL posts a CVE+fix what's our best update mechanism, including users understanding that the OpenSSL problem and the dotnet update are related; etc). @colemickens The OpenSSL dependency is used for pretty much anything in the System.Security.Cryptography namespace(s); as well as System.Net.Security (TLS for things other than HTTPS), and (for optional extra features if you have the OpenSSL-using version of libcurl) System.Net.Http (HTTPS). On the one hand, it's off in a corner... on the other, that corner is the cornerstone of modern communication. |
|
@akoeplinger sure, that was my idea, but then I realized that there are at least 3 distinct ways to install:
Which one should be on there? |
|
@bartonjs thanks, much appreciated. I understand it's a lot of work and I think relying on openssl in the meantime is perfectly fine. @blackdwarf I don't really mind (personally I'd prefer brew), pick one you recommend and mention there are other alternatives. It's just not a nice experience when people need to hunt for instructions on how to install something that is essentially required to be able to do anything meaningful with the CLI. Btw. I think you meant https://github.com/dotnet/cli/issues/674 in your description, not https://github.com/dotnet/cli/issues/647 |
|
@akoeplinger never make a PR on a rickety & shaking bus. Issues get linked incorrectly. I will select brew, because I think that is the easiest way. |
|
@akoeplinger added. |
|
@blackdwarf We need In general I'd avoid linking to these third party sites and instead link to a page on the CLI GitHub repo instead (like https://github.com/dotnet/coreclr/blob/63766f74c4a641a274cd2933b9b7fd7bbddef2dd/Documentation/building/osx-instructions.md#openssl). |
|
@akoeplinger ah, didn't see that one in the coreclr repo. That makes sense. |
|
@blackdwarf you misunderstood what I was saying. Don't link to http://brewformulas.org/Openssl, it misses the critical A separate page with instructions for getting the required dependencies should be added to this repo and then linked from the installer. E.g. looks like you also need to install icu4c via brew, etc. |
|
@dotnet-bot test Ubuntu Debug Build please |
|
@akoeplinger see, the reason why I didn't add the doc you mention at the outset (and don't think it didn't occur to me) is that these are not really dependencies that the CLI tools have, but that CoreFX has; you can use the tools without having the correct libssl version. Unfortunately, there is no single doc in the CoreFX repo that lists them out. I think the solution is to add one over at CoreFX and then link to that doc in this conclusion page. Also, this is really just for OS X and only for the PKG, since Debian will be able to include the dependency as well as the brew formula. Does this sound like a reasonable solution? |
Ok, that's something that wasn't clear to me :) I don't think people expect this given that CLI is a CoreFX app as well.
Yes, that sounds fine. |
|
@akoeplinger yeah, I know, it is weird. All of the native dependencies crop up if you hit the paths that use them. |
|
Once NuGet comes in (tonight/tomorrow) I expect we will hit libssl issues when requesting from https feeds... |
|
Then that is a different story and then I agree, libssl becomes CLI dependency and we need to document it properly. I will start a PR on that as well. Makes sense? |
|
@blackdwarf please create an RC2 issue to improve this, reference in this issue, and merge. |
|
@piotrpMSFT will do! |
Add a custom conclusion file
|
Nice 👍 |
|
@blackdwarf What happened to xcopy deployment on Mac ? Requiring customers to first install brew and then OpenSSL is not really an option. I can not even get all this to install sucessfull on my own developer machine. |
Use dotnet-install from cli's master branch
9 participants
Add a custom conclusion file that lists out the need for the user to install
OpenSSL 1.0.1/1.0.2.
Solves a bit of #674
/cc @brthor @piotrpMSFT