-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Boring build broken for non-FIPS #641
Comments
FYI, I suspect this is blocked by cloudflare/boring#156. |
fwiw I gave up trying to rebuild boringssl from scratch on M1 Mac with a macOS/unix target and just use one of
to do ztunnel builds. ztunnel has platform conditionals that render non-linux builds mostly useless anyway. |
The latest cloudflare boring build works fine for me on M1 osx. It's just that the particular version ztunnel is using is now broken (I assume something changed in upstream boringssl).
While true, there's a lot of development that can still be done without requiring linux. All/most of unit tests run fine on osx, for example. |
I do think/agree non-FIPS linux builds are something we need to support broadly, since as I've mentioned before FIPS is a massive pain and many orgs/users will not need it, or expressly will not want it (e.g. they will want to use newer crypto libs than the USG certifies). That being said, without even basic "does it build" CI for $platform+$arch it's going to be effectively impossible to guard against breakage long-term for that $platform+$arch. And we are (probably) never adding |
Yeah, I think the main guard against macOS breakage is simply developers for the project (I know I'm not the only one on mac). |
For those of us that don't build against the pre-built FIPS binary (e.g. mac users), the build is currently broken due to Boring. It's not clear exactly what is broken, but I recently had this same issue with quinn-boring and fixed it by using the latest commit.
For quinn-boring I actually needed to use the latest commit. We could probably get by using the latest release (https://github.com/cloudflare/boring/tree/v3.0.2).
@howardjohn assigning to you since we're using your branch of Boring currently.
To verify it works:
This should force boring to rebuild boringssl from scratch.
The text was updated successfully, but these errors were encountered: