-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: improve openssl checker #2987
Conversation
1c30045
to
517aff0
Compare
Codecov Report
@@ Coverage Diff @@
## main #2987 +/- ##
=======================================
Coverage 82.67% 82.68%
=======================================
Files 674 676 +2
Lines 10626 10660 +34
Branches 1426 1429 +3
=======================================
+ Hits 8785 8814 +29
Misses 1474 1474
- Partials 367 372 +5
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 16 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
639a081
to
698c17a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I imagine this one will make a lot of folk happy. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops, hit approve too soon. Looks like the PR is missing a condensed download package for the new ipk.
f6b2717
to
51f1077
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noticed the removal of pyca cryptography test and I think we should keep that one. Did it break when you updated the patterns?
test/test_data/openssl.py
Outdated
{ | ||
"url": "https://files.pythonhosted.org/packages/ba/91/84a29d6a27fd6dfc21f475704c4d2053d58ed7a4033c2b0ce1b4ca4d03d9/", | ||
"package_name": "cryptography-3.0-cp35-abi3-manylinux2010_x86_64.whl", | ||
"product": "openssl", | ||
"version": "1.1.1g", | ||
"other_products": ["gcc"], | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The cryptography package really does include a copy of openssl. Or it did at the time this test was added, anyhow. I don't know offhand if later versions found another way, but it was policy to include the correct, latest openssl as part of the wheel to reduce dependency friction with various OSes.
So I think we should keep this test. It's surprising but likely useful to make sure we don't stop detecting that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the pattern to continue to detect openssl in cryptography
Improve openssl checker to avoid false positives with bind, exim, http_server, i2pd, janus, libssh, nginx, nmap, node, ntp, ntpsec, proftpd, sofia-sip, stunnel, tor and zabbix binaries which link dynamically with openssl library (and save the associated version number) or which has the following string: OpenSSL 1.1.1 or newer While at it, add an OpenWRT test package Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
51f1077
to
8e9d01e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! Time to get this merged.
Improve openssl checker to avoid false positives with bind, exim, http_server, i2pd, janus, libssh, nginx, nmap, node, ntp, ntpsec, proftpd, sofia-sip, stunnel, tor and zabbix binaries which link dynamically with openssl library (and save the associated version number) or which has the following string:
OpenSSL 1.1.1 or newer
While at it, add an OpenWRT test package