Skip to content

doc: update instructions for openssl updates #42353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mhdawson wants to merge 9 commits into from
Closed

doc: update instructions for openssl updates #42353

Changes from 5 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d49349b
doc: update instructions for openssl updates
mhdawson Mar 15, 2022
3c02585
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 15, 2022
98ef750
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 15, 2022
aacc6db
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 15, 2022
fed3e3a
squash address comments
mhdawson Mar 16, 2022
ffa837f
squash:fixup
mhdawson Mar 16, 2022
4fc48ea
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 16, 2022
fe64c39
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 16, 2022
3c31d65
Update doc/contributing/maintaining-openssl.md
mhdawson Mar 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions doc/contributing/maintaining-openssl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,15 @@
This document describes how to update `deps/openssl/`.

If you need to provide updates across all active release lines you will
currently need to generate three PRs as follows:
currently need to generate four PRs as follows:

* a PR for master which is generated following the instructions
below.
below for OpenSSL 3.0.x.
Comment thread
mhdawson marked this conversation as resolved.
Outdated
* a PR for 16.x following the instructions in the v16.x-staging version
of this guide.
* a PR for 14.x following the instructions in the v14.x-staging version
of this guide.
* a PR which uses the same commit from the second PR to apply the
* a PR which uses the same commit from the third PR to apply the
updates to the openssl source code, with a new commit generated
by following steps 2 onwards on the 12.x line. This is
necessary because the configuration files have embedded timestamps
Expand Down Expand Up @@ -90,7 +92,7 @@ This updates all sources in deps/openssl/openssl by:
$ git commit openssl
```

### OpenSSL 3.0.0
### OpenSSL 3.0.x
Comment thread
mhdawson marked this conversation as resolved.
Outdated

```console
% git clone https://github.com/quictls/openssl
Expand All @@ -104,14 +106,15 @@ This updates all sources in deps/openssl/openssl by:
```

```text
deps: upgrade openssl sources to quictls/openssl-3.0.0-alpha-16
deps: upgrade openssl sources to quictls/openssl-3.0.2

This updates all sources in deps/openssl/openssl by:
$ git clone git@github.com:quictls/openssl.git
$ cd openssl
$ git checkout openssl-3.0.2+quic
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../openssl openssl
$ cp -R ../../../openssl openssl
$ rm -rf openssl/.git* openssl/.travis*
$ git add --all openssl
$ git commit openssl
Expand Down Expand Up @@ -152,6 +155,8 @@ please ask @shigeki for details.
Update all architecture dependent files. Do not forget to git add or remove
files if they are changed before committing:

### OpenSSL 1.1.1

```console
% git add deps/openssl/config/archs
% git add deps/openssl/openssl/include/crypto/bn_conf.h
Expand All @@ -160,6 +165,16 @@ files if they are changed before committing:
% git commit
```

### OpenSSL 3.0.x

```console
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl
Copy link
Copy Markdown
Member Author

@mhdawson mhdawson Mar 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@richard this matches what is in the commit comments below and looks like what we have done. It is probably also related to #42081 as git add deps/openssl/openssl adds all of the headers under openssl/openssl/include versus the selective ones that were added for OpenSSL 1.1.1.

I don't think we want to change right now as we get releases out, but worth looking to see if possibly we can revert to adding just those three, find out why more were needed and possibly ask @danbev when he gets back.

Copy link
Copy Markdown
Member Author

@mhdawson mhdawson Mar 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I take that back since I guess the the examples were only showing the git adds that were necessary for a particular commit as opposed to what needs to be done in general. Therefore, it likely is not related to #42081 after all.

Copy link
Copy Markdown
Member

@richardlau richardlau Mar 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW AFAICT the big difference between OpenSSL 1.1.1 and 3.0.x in Node.js is the deps/openssl/config/archs -- there's many more files in OpenSSL 3.0.x under there (see description in #42081) and a preliminary glance suggested a lot of duplication between the archs.

$ git add deps/openssl/config
$ git commit
```

The commit message can be written as (with the openssl version set
to the relevant value):

Expand All @@ -178,7 +193,7 @@ to the relevant value):
$ git commit
```

### OpenSSL 3.0.0
### OpenSSL 3.0.x

```text
deps: update archs files for quictls/openssl-3.0.0-alpha-16
Expand All @@ -188,6 +203,7 @@ regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl
$ git add deps/openssl/config
Comment thread
mhdawson marked this conversation as resolved.
Outdated
$ git commit
```

Expand Down