Boring build broken for non-FIPS #641
Comments
|
FYI, I suspect this is blocked by cloudflare/boring#156. |
|
fwiw I gave up trying to rebuild boringssl from scratch on M1 Mac with a macOS/unix target and just use one of
to do ztunnel builds. ztunnel has platform conditionals that render non-linux builds mostly useless anyway. |
|
The latest cloudflare boring build works fine for me on M1 osx. It's just that the particular version ztunnel is using is now broken (I assume something changed in upstream boringssl).
While true, there's a lot of development that can still be done without requiring linux. All/most of unit tests run fine on osx, for example. |
|
I do think/agree non-FIPS linux builds are something we need to support broadly, since as I've mentioned before FIPS is a massive pain and many orgs/users will not need it, or expressly will not want it (e.g. they will want to use newer crypto libs than the USG certifies). That being said, without even basic "does it build" CI for $platform+$arch it's going to be effectively impossible to guard against breakage long-term for that $platform+$arch. And we are (probably) never adding |
|
Yeah, I think the main guard against macOS breakage is simply developers for the project (I know I'm not the only one on mac). |
For those of us that don't build against the pre-built FIPS binary (e.g. mac users), the build is currently broken due to Boring. It's not clear exactly what is broken, but I recently had this same issue with quinn-boring and fixed it by using the latest commit.
For quinn-boring I actually needed to use the latest commit. We could probably get by using the latest release (https://github.com/cloudflare/boring/tree/v3.0.2).
@howardjohn assigning to you since we're using your branch of Boring currently.
To verify it works:
This should force boring to rebuild boringssl from scratch.
The text was updated successfully, but these errors were encountered: