Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Use mbedtls instead of openssl in libgit2 on Linux #18658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 26, 2016
Merged

Use mbedtls instead of openssl in libgit2 on Linux #18658

merged 6 commits into from
Sep 26, 2016

Conversation

tkelman
Copy link
Contributor

@tkelman tkelman commented Sep 24, 2016

This carries the patch from libgit2/libgit2#3462 in order to fix #10763, and close #17471. It seems libgit2 maintainers are reluctant to merge this patch upstream, but maybe we can change their mind eventually. This is a much more maintainable approach than re-implementing a pure Julia TLS stack which is what #17471 was suggesting, and no one is actively working on right now.

Would only be backported to release-0.5 after being tested on master for some time. It fixes an as-yet-unreported issue with our generic Linux binaries where our bundled copy of libgit2 links against libgssapi_krb5.so.2 and a bunch of other things that we don't ship. We've just been getting lucky that most Linux systems happen to have those same libraries installed already. The issue is reproducible if you try to download and run the generic Linux binaries in an Ubuntu docker container that has installed wget and nothing else beyond the base image. Dropping our use of openssl from the build system should fix that, and it's an improvement in several other ways. Since the buildbots run on a very old CentOS, their copy of openssl is old and heavily patched.

Assigning @Keno for review.

@tkelman tkelman added building Build system, or building Julia or its dependencies system:linux Affects only Linux libgit2 The libgit2 library or the LibGit2 stdlib module backport pending 0.5 labels Sep 24, 2016
@tkelman tkelman added this to the 0.5.x milestone Sep 24, 2016
@tkelman
Copy link
Contributor Author

tkelman commented Sep 24, 2016
edited
Loading

There is an alternate way to fix the linking-to-things-we-don't-ship issue by calling patchelf --remove-needed on those copied openssl binaries (and would need to verify that it doesn't break https support), but this wound up easier to do.

@tkelman
put libssl-dev:i386 back in travis apt-get list
69cdabe 
don't need that specific library any more, but do
need some of the other devel headers it depends on
@tkelman
Make USE_MBEDTLS option default to OFF
f241e23 
otherwise on Mac we're linking to both the system tls library
and mbedtls, and that doesn't work
@kshyatt
Copy link
Member

kshyatt commented Sep 26, 2016

Is this good to go?

Keno
Keno reviewed Sep 26, 2016
View reviewed changes
Copy link
Member

@Keno Keno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine with me. I'll work on getting the upstream review continued.

@tkelman
Copy link
Contributor Author

tkelman commented Sep 26, 2016

Thanks Keno. We're already carrying the libssh2 patch that was stalled, this libgit2 patch is now reopened upstream as libgit2/libgit2#3935.

@Keno
Copy link
Member

Keno commented Sep 26, 2016

Right, too many things at once ;).

@tkelman tkelman merged commit 12f02da into master Sep 26, 2016
@tkelman tkelman deleted the tk/libgit2-mbedtls branch September 26, 2016 21:18
This was referenced Sep 27, 2016
Closed
Closed
@tkelman
Copy link
Contributor Author

tkelman commented Oct 15, 2016
edited
Loading

probably won't backport this until 0.5.2 or later, but should be done along with #18936 if that turns out to solve the remaining issues

edit: and #18997, and #19092, and 9a2f0f1, and 19390

@tkelman tkelman mentioned this pull request Oct 25, 2016
Merged
@omus omus mentioned this pull request Dec 1, 2016
Closed
@ihnorton ihnorton mentioned this pull request Jan 18, 2017
Closed
vtjnash pushed a commit that referenced this pull request Feb 7, 2017
@tkelman @vtjnash
Upgrade libgit2 to v0.25.0
b23543f 
rebase patches

fixes #19793

(cherry picked from commit 99b5d34,
but dropping libgit2-mbedtls patch: see PR #18658)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Keno Keno Keno approved these changes

Assignees

@Keno Keno

Labels
building Build system, or building Julia or its dependencies libgit2 The libgit2 library or the LibGit2 stdlib module system:linux Affects only Linux
Projects
None yet
Milestone
0.5.x
Development

Successfully merging this pull request may close these issues.

Julia TLS stream implementation for LibGit2 Possible licensing issue with openssl?
4 participants
@tkelman @kshyatt @Keno @wildart