Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mac build doesn’t run: set_sigalgs_list fails #25708

Closed
paulrouget opened this issue Feb 7, 2020 · 11 comments
Closed

Mac build doesn’t run: set_sigalgs_list fails #25708

paulrouget opened this issue Feb 7, 2020 · 11 comments
Labels
A-network P-mac

Comments

@paulrouget
Copy link
Contributor

@paulrouget paulrouget commented Feb 7, 2020

Fails with:

could not set signature algorithms: ErrorStack([]) (thread ResourceManager, at components/net/connector.rs:97)

MacOS 10.15.2
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Feb 7, 2020

Can this be fixed by installing fresh build dependencies?
OpenSSL 1.1.1 is required and also introduced TLS 1.3 support.
https://github.com/servo/servo#macos (https://formulae.brew.sh/formula/openssl@1.1)
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Feb 7, 2020

#25619 revealed that #24976 also deprecated crufty old unsupported OpenSSL versions. Linux and Windows have been using 1.1.1 already before. MacOS switched to OpenSSL 1.1.1 at the end of November 2019. Reinstalling MacOS build dependencies should update your OpenSSL.
@paulrouget
Copy link
Contributor Author

@paulrouget paulrouget commented Feb 10, 2020
edited

@Darkspirit, thanks for looking a this:

brew bundle install --file=etc/taskcluster/macos/Brewfile
brew bundle install --file=etc/taskcluster/macos/Brewfile-build
./mach clean
./mach build -r

Does not appear to solve the problem.
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Feb 10, 2020

Hm. I'm not sure if packages would be upgraded this way. Would brew update && brew upgrade help?
@paulrouget
Copy link
Contributor Author

@paulrouget paulrouget commented Feb 10, 2020

It was properly upgraded. The problem was that both openssl 1.0 and openssl 1.1 were installed by brew.

Uninstalling openssl 1.0 and rebuilding servo…
@paulrouget
Copy link
Contributor Author

@paulrouget paulrouget commented Feb 10, 2020

It worked.

I had to link /usr/local/opt/openssl@1.1 to /usr/local/opt/openssl and rebuild.
@jdm
Copy link
Member

@jdm jdm commented Feb 10, 2020
edited

We should add some kind of build-time check that verifies that an appropriate minimum version of openssl has been found, which would also catch #25619.
@paulrouget
Copy link
Contributor Author

@paulrouget paulrouget commented Feb 11, 2020

@jdm do you think this should happen in our python script or in whatever crate that end up using the openssl library (which one is it btw?)
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Feb 11, 2020
edited

https://docs.rs/openssl/0.10.28/openssl/version/fn.number.html
openssl::version::number() < 0x010101000
@jdm
Copy link
Member

@jdm jdm commented Feb 11, 2020

I think having the check in a build script for the net crate will be straightforward and reliable.
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Feb 11, 2020

Ok, done. Now I'll look if I can help with Android.
@Darkspirit Darkspirit mentioned this issue Feb 11, 2020
Merged
3 of 3 tasks complete
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=<try>
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
d1d21bf 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=<try>
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
bd15738 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
4cde1c6 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
aa0620a 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
4b51ba0 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
04a83c4 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
1cbbc96 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
585ea2d 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
fc963d3 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
0a9c916 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
1191a47 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-network P-mac
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

Add OpenSSL 1.1.1 build check, Update HSTS Preload list
4 participants
@jdm @paulrouget @CYBAI @Darkspirit
You can’t perform that action at this time.