From patchwork Tue Feb 13 19:40:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Maximets X-Patchwork-Id: 1898388 X-Patchwork-Delegate: i.maximets@samsung.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TZBWF4BJsz23hT for ; Wed, 14 Feb 2024 06:40:25 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 7CF5B416A3; Tue, 13 Feb 2024 19:40:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKif-grjlM2y; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 955DA41599 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id 955DA41599; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 06551C0072; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 864E9C0072 for ; Tue, 13 Feb 2024 19:40:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id DBF4381775 for ; Tue, 13 Feb 2024 19:40:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oOZHZbCqH1v8 for ; Tue, 13 Feb 2024 19:40:17 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4b98:dc4:8::227; helo=relay7-d.mail.gandi.net; envelope-from=i.maximets@ovn.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 15E5481774 Authentication-Results: smtp1.osuosl.org; dmarc=none (p=none dis=none) header.from=ovn.org DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 15E5481774 Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::227]) by smtp1.osuosl.org (Postfix) with ESMTPS id 15E5481774 for ; Tue, 13 Feb 2024 19:40:16 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id 47CB220003; Tue, 13 Feb 2024 19:40:15 +0000 (UTC) From: Ilya Maximets To: ovs-dev@openvswitch.org Date: Tue, 13 Feb 2024 20:40:15 +0100 Message-ID: <20240213194050.1590143-2-i.maximets@ovn.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240213194050.1590143-1-i.maximets@ovn.org> References: <20240213194050.1590143-1-i.maximets@ovn.org> MIME-Version: 1.0 X-GND-Sasl: i.maximets@ovn.org Cc: Ilya Maximets Subject: [ovs-dev] [PATCH 1/4] appveyor: Print out config.log on configuration failure. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" We need to know exact linking / compilation errors in order to fix issues. We could have uploaded it as an artifact, but it seems easier to just print it out for now. Signed-off-by: Ilya Maximets Acked-by: Simon Horman --- .ci/windows-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/windows-build.sh b/.ci/windows-build.sh index 22994fcdd..e54fbacf4 100644 --- a/.ci/windows-build.sh +++ b/.ci/windows-build.sh @@ -9,7 +9,7 @@ CONFIGURATION=$1 --prefix=C:/openvswitch/usr --localstatedir=C:/openvswitch/var \ --sysconfdir=C:/openvswitch/etc --with-pthread=c:/PTHREADS-BUILT/ \ --enable-ssl --with-openssl=C:/OpenSSL-Win64 \ - --with-vstudiotarget="${CONFIGURATION}" + --with-vstudiotarget="${CONFIGURATION}" || (cat config.log && exit 1) make -j4 make datapath_windows_analyze From patchwork Tue Feb 13 19:40:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Maximets X-Patchwork-Id: 1898390 X-Patchwork-Delegate: i.maximets@samsung.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TZBWJ1JGHz23j4 for ; Wed, 14 Feb 2024 06:40:28 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id BB25B416A4; Tue, 13 Feb 2024 19:40:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8FdFjFLgKAD; Tue, 13 Feb 2024 19:40:23 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 079FA415D1 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp2.osuosl.org (Postfix) with ESMTPS id 079FA415D1; Tue, 13 Feb 2024 19:40:22 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C0AB2C0DCE; Tue, 13 Feb 2024 19:40:22 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3601BC0DCF for ; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 271F860DCB for ; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9ZdBfpxSvFU for ; Tue, 13 Feb 2024 19:40:20 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.70.183.200; helo=relay7-d.mail.gandi.net; envelope-from=i.maximets@ovn.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org D9A0960E17 Authentication-Results: smtp3.osuosl.org; dmarc=none (p=none dis=none) header.from=ovn.org DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D9A0960E17 Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by smtp3.osuosl.org (Postfix) with ESMTPS id D9A0960E17 for ; Tue, 13 Feb 2024 19:40:19 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id C676520003; Tue, 13 Feb 2024 19:40:17 +0000 (UTC) From: Ilya Maximets To: ovs-dev@openvswitch.org Date: Tue, 13 Feb 2024 20:40:16 +0100 Message-ID: <20240213194050.1590143-3-i.maximets@ovn.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240213194050.1590143-1-i.maximets@ovn.org> References: <20240213194050.1590143-1-i.maximets@ovn.org> MIME-Version: 1.0 X-GND-Sasl: i.maximets@ovn.org Cc: Ilya Maximets Subject: [ovs-dev] [PATCH 2/4] ovs-pki: Fix file permissions on Windows. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" There is no chmod or 'mkdir -m' support on Windows, so setting file permissions for keys and certificates doesn't actually work. Implementing them using icacls utility instead. ovs-pki script currently only uses 0700 and 0750 modes, so only those (and 0600) are implemented. NTFS ACLs on Windows are fairly different and more complex in comparison with Unix file permissions, so it's hard to implement these functions in a generic way. The script will fail if it will encounter an unknown mode. 0700 is implemented as a F (full access) for 'Creator Owner' with no other permissions. 0750 has an additional RX (read+execute) for the 'Creator Group'. 0600 is implemented the same as 0700, since it doesn't matter for this use case to have or not to have an executable or traversal permissions managed separately from everything else and it would be a little overly verbose to give all the permissions except for X. Inheritance rules are set to (OI)(CI), so the folder itself, subfolders and files in a folder inherit those ACEs. 'umask' also doesn't work on Windows. Instead, moving the private key output files to a temporary folder that has restricted access already configured. The file will inherit these restricted ACEs. It should not be necessary to set explicit permissions for these files since moving them within the same volume should preserve ACEs. However, it might be safer to chmod them directly as well, just in case. Windows administrators will still have to be careful with private keys, because file copies do not preserve permissions and moves to different volumes do not preserve them as well. 'robocopy' with flags to copy security should be used in these cases. We may want to re-implement 'mv' with 'robocopy' if that becomes a problem in the future. There is one more place where umask is used in the script for creation of a self-signed certificate, but it is not actually needed there since the resulted certificate doen't need to be private, so not changing this part for now. Tested with running an empty 'make check' in AppVeyor and examining permissions for files in tests/pki: Files | Linux | Windows ---------------------+------------+-------------------------------------- controllerca | drwxr-xr-x | NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) switchca | | BUILTIN\Administrators:(I)(OI)(CI)(F) *ca\certs | | BUILTIN\Users:(I)(OI)(CI)(RX) *ca\crl | | BUILTIN\Users:(I)(CI)(AD) *ca\newcerts | | BUILTIN\Users:(I)(CI)(WD) | | APPVEYOR-VM\appveyor:(I)(F) | | CREATOR OWNER:(I)(OI)(CI)(IO)(F) ---------------------+------------+-------------------------------------- stamp | -rw-r--r-- | NT AUTHORITY\SYSTEM:(I)(F) test-cert.pem | | BUILTIN\Administrators:(I)(F) test-req.pem | | BUILTIN\Users:(I)(RX) test2-cert.pem | | APPVEYOR-VM\appveyor:(I)(F) test2-req.pem | | *ca\ca.cnf | | *ca\cacert.pem | | *ca\careq.pem | | *ca\crlnumber | | *ca\index.txt* | | *ca\serial* | | *ca\newcerts\*.pem | | ---------------------+------------+-------------------------------------- controllerca\private | drwx------ | APPVEYOR-VM\appveyor:(F) switchca\private | | CREATOR OWNER:(OI)(CI)(IO)(F) ---------------------+------------+-------------------------------------- test-privkey.pem | -rw------- | APPVEYOR-VM\appveyor:(F) test2-privkey.pem | | *ca\private\cakey.pem| | We can see that private folders and keys have only a full access from their owners. Other files and folders have some extra inherited ACEs from a containing folder. Signed-off-by: Ilya Maximets Acked-by: Simon Horman --- utilities/ovs-pki.in | 87 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in index e0ba910f9..285018e41 100755 --- a/utilities/ovs-pki.in +++ b/utilities/ovs-pki.in @@ -57,6 +57,77 @@ FreeBSD|NetBSD|Darwin) ;; esac +case $(uname -s) in +MINGW*|MSYS*) + chmod() + { + local PERM=$1 + local FILE=$2 + local INH= + + if test -d "${FILE}"; then + # Inheritance rules for folders: apply to a folder itself, + # subfolders and files within. + INH='(OI)(CI)' + fi + + case "${PERM}" in + *700 | *600) + # Reset all own and inherited ACEs and grant full access to the + # "Creator Owner". We're giving full access even for 0600, + # because it doesn't matter for a use case of ovs-pki. + icacls "${FILE}" /inheritance:r /grant:r "*S-1-3-0:${INH}F" + ;; + *750) + # Reset all own and inherited ACEs, grant full access to the + # "Creator Owner" and a read+execute access to the "Creator Group". + icacls "${FILE}" /inheritance:r /grant:r \ + "*S-1-3-0:${INH}F" "*S-1-3-1:${INH}RX" + ;; + *) + echo >&2 "Unable to set ${PERM} mode for ${FILE}." + exit 1 + ;; + esac + } + + mkdir() + { + ARG_P= + PERM= + for arg; do + shift + case ${arg} in + -m?*) + PERM=${arg#??} + continue + ;; + -m) + PERM=$1 + shift + continue + ;; + -p) + ARG_P=-p + continue + ;; + *) + set -- "$@" "${arg}" + ;; + esac + done + + command mkdir ${ARG_P} $@ + if [ ${PERM} ]; then + for dir; do + shift + chmod ${PERM} ${dir} + done + fi + } + ;; +esac + for option; do # This option-parsing mechanism borrowed from a Autoconf-generated # configure script under the following license: @@ -466,14 +537,24 @@ CN = $cn [ v3_req ] subjectAltName = DNS:$cn EOF + # It is important to create private keys in $TMP because umask doesn't + # work on Windows and permissions there are inherited from the folder. + # umask itself is still needed though to ensure correct permissions + # on non-Windows platforms. if test $keytype = rsa; then - (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \ - || exit $? + (umask 077 && openssl genrsa -out "$TMP/privkey.pem" $bits) \ + 1>&3 2>&3 || exit $? else must_exist "$dsaparam" - (umask 077 && openssl gendsa -out "$1-privkey.pem" "$dsaparam") \ + (umask 077 && openssl gendsa -out "$TMP/privkey.pem" "$dsaparam") \ 1>&3 2>&3 || exit $? fi + # Windows: applying permissions (ACEs) to the file itself, just in case. + # 'mv' should technically preserve all the inherited ACEs from a TMP + # folder, but it's better to not rely on that. + chmod 0600 "$TMP/privkey.pem" + mv "$TMP/privkey.pem" "$1-privkey.pem" + openssl req -config "$TMP/req.cnf" -new -text \ -key "$1-privkey.pem" -out "$1-req.pem" 1>&3 2>&3 } From patchwork Tue Feb 13 19:40:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Maximets X-Patchwork-Id: 1898389 X-Patchwork-Delegate: i.maximets@samsung.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TZBWH50Fsz23hT for ; Wed, 14 Feb 2024 06:40:27 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id DA2F460E43; Tue, 13 Feb 2024 19:40:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6gDc1tee_WX; Tue, 13 Feb 2024 19:40:24 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D084660E28 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id D084660E28; Tue, 13 Feb 2024 19:40:23 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 9D0A8C0DD0; Tue, 13 Feb 2024 19:40:23 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2925DC0DD2 for ; Tue, 13 Feb 2024 19:40:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id D8B9940811 for ; Tue, 13 Feb 2024 19:40:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMOy-CX0uX7M for ; Tue, 13 Feb 2024 19:40:22 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4b98:dc4:8::227; helo=relay7-d.mail.gandi.net; envelope-from=i.maximets@ovn.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org E631B40A02 Authentication-Results: smtp4.osuosl.org; dmarc=none (p=none dis=none) header.from=ovn.org DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E631B40A02 Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::227]) by smtp4.osuosl.org (Postfix) with ESMTPS id E631B40A02 for ; Tue, 13 Feb 2024 19:40:21 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id 0614B20002; Tue, 13 Feb 2024 19:40:19 +0000 (UTC) From: Ilya Maximets To: ovs-dev@openvswitch.org Date: Tue, 13 Feb 2024 20:40:17 +0100 Message-ID: <20240213194050.1590143-4-i.maximets@ovn.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240213194050.1590143-1-i.maximets@ovn.org> References: <20240213194050.1590143-1-i.maximets@ovn.org> MIME-Version: 1.0 X-GND-Sasl: i.maximets@ovn.org Cc: Ilya Maximets Subject: [ovs-dev] [PATCH 3/4] m4: Fix linking with OpenSSL 1.1.0+ and 3+ on Windows. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" OpenSSL 1.1.0 changed the library names from libeay32 and ssleay32 to standard libssl and libcrypto. All the versions of OpenSSL that used old names reached their official EoL, so it should be safe to just migrate to new names. They can still be supported via premium support option, but I don't think that is important for us. Also, OpenSSL installers for older versions had the following folder structure: C:\OPENSSL-WIN64\ +---bin +---include | +---openssl +---lib | libeay32.lib | ssleay32.lib +---VC libeay32MD.lib libeay32MDd.lib libeay32MT.lib libeay32MTd.lib ssleay32MD.lib ssleay32MDd.lib ssleay32MT.lib ssleay32MTd.lib With newer OpenSSL 3+ the structure is different: C:\OPENSSL-WIN64 +---bin +---include | +---openssl +---lib +---VC +---x64 +---MD | libcrypto.lib | libssl.lib +---MDd | libcrypto.lib | libssl.lib +---MT | libcrypto.lib | libssl.lib +---MTd libcrypto.lib libssl.lib Basically, instead of one generic library in the lib folder and a bunch of differently named versions of it for different type of linkage, we now have multiple instances of the library located in different folders based on the linkage type. So, we have to provide an exact path in order to find the library. 'lib/VC/x64/MD' was chosen in this patch and it seems to work fine. MD stands for dynamic linking, MT is static, 'd' stands for debug versions of the libraries. Signed-off-by: Ilya Maximets Acked-by: Simon Horman --- m4/ax_check_openssl.m4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 index 281d4dc65..e3d361d63 100644 --- a/m4/ax_check_openssl.m4 +++ b/m4/ax_check_openssl.m4 @@ -81,7 +81,8 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ SSL_INCLUDES="-I$ssldir/include" SSL_LDFLAGS="-L$ssldir/lib" if test "$WIN32" = "yes"; then - SSL_LIBS="-lssleay32 -llibeay32" + SSL_LDFLAGS="$SSL_LDFLAGS -L$ssldir/lib/VC/x64/MD" + SSL_LIBS="-llibssl -llibcrypto" SSL_DIR=/$(echo ${ssldir} | ${SED} -e 's/://') else SSL_LIBS="-lssl -lcrypto" From patchwork Tue Feb 13 19:40:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Maximets X-Patchwork-Id: 1898391 X-Patchwork-Delegate: i.maximets@samsung.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TZBWS4Dwhz23hT for ; Wed, 14 Feb 2024 06:40:36 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id BFD5D60E56; Tue, 13 Feb 2024 19:40:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NtTyPREy7Pg1; Tue, 13 Feb 2024 19:40:33 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 7D26A60E50 Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp3.osuosl.org (Postfix) with ESMTPS id 7D26A60E50; Tue, 13 Feb 2024 19:40:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 70F28C0072; Tue, 13 Feb 2024 19:40:33 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 10F22C0DCE for ; Tue, 13 Feb 2024 19:40:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 7D3A660E1E for ; Tue, 13 Feb 2024 19:40:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwSRji1vZYPI for ; Tue, 13 Feb 2024 19:40:25 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.70.183.200; helo=relay7-d.mail.gandi.net; envelope-from=i.maximets@ovn.org; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org BDD8B60E33 Authentication-Results: smtp3.osuosl.org; dmarc=none (p=none dis=none) header.from=ovn.org DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org BDD8B60E33 Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by smtp3.osuosl.org (Postfix) with ESMTPS id BDD8B60E33 for ; Tue, 13 Feb 2024 19:40:24 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id B958220002; Tue, 13 Feb 2024 19:40:22 +0000 (UTC) From: Ilya Maximets To: ovs-dev@openvswitch.org Date: Tue, 13 Feb 2024 20:40:18 +0100 Message-ID: <20240213194050.1590143-5-i.maximets@ovn.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240213194050.1590143-1-i.maximets@ovn.org> References: <20240213194050.1590143-1-i.maximets@ovn.org> MIME-Version: 1.0 X-GND-Sasl: i.maximets@ovn.org Cc: Ilya Maximets Subject: [ovs-dev] [PATCH 4/4] appveyor: Build with OpenSSL 3.0. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" OpenSSL 1.0.2u is long deprecated and not available for download. So, our CI never actually downloads it and uses whatever is in the OpenSSL-Win64 folder provided by AppVeyor. Luckily, it happens to be OpenSSL 1.0.2u today. The oldest supported version of OpenSSL upstream today is 3.0. And it is an LTS version. 3.1 and 3.2 are not LTS. Use OpenSSL 3.0 for testing instead. This commit does a few things to achieve that: 1. Removes the folder provided by AppVeyor. This way we will fail the build if something goes wrong instead of silently using OpenSSL version provided by AppVeyor. 2. Obtains the JSON description of available releases and downloads the latest minor version of OpenSSL 3.0 64-bit. With this approach we should not need to update the download link that frequently. New minor releases will be picked up automatically. They should not have any breaking changes, so should be fine to use in CI. OpenSSL 3.0 is supported until at least Sep 2026. The JSON file is an official file referenced on the: https://slproweb.com/products/Win32OpenSSL.html So, it should be safe to use. 3. Executes the downloaded installer with 'Start-Process -Wait' to properly wait for installation to finish instead of just sleeping for 30 seconds. 4. Caches the downloaded installer, so we're not downloading 300 MB on each CI run as that is not nice to do. We know the hash of the latest version, so we will re-download only when the binary changes, i.e. on a new minor release. For the cache to work we need to introduce the 'install' phase, because caches are populated after 'init', but before 'install'. Alternatively, we could have just renamed 'init' to 'install', but I think it's a little nicer to have separate phases, and we can also move 'windows-prepare.sh' to the install phase. Cache is also invalidated whenever appveyor.yml changes. Signed-off-by: Ilya Maximets Acked-by: Simon Horman --- appveyor.yml | 52 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index 373f01a43..29cc44d6c 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -8,28 +8,60 @@ configuration: - Release clone_folder: C:\openvswitch_compile shallow_clone: true + init: - ps: $env:PATH ="C:\Python312-x64;"+$env:PATH - ps: New-Item -Type HardLink -Path "C:\Python312-x64\python3.exe" -Value "C:\Python312-x64\python.exe" + +cache: +- C:\ovs-build-downloads -> appveyor.yml + +install: - ps: | - mkdir C:\ovs-build-downloads + Remove-Item -Recurse -Force -Path C:/OpenSSL-Win64 + New-Item -ItemType Directory -Force -Path C:\ovs-build-downloads + + # Find and download the latest stable OpenSSl 3.0. + $URL = "https://raw.githubusercontent.com/slproweb/opensslhashes/master/win32_openssl_hashes.json" + $webData = (Invoke-WebRequest -Uri $URL).content | ConvertFrom-Json + $source = ($webData.files.PSObject.Properties | Where-Object { + $_.Value.basever -match "3.0.*" -and + $_.Value.bits -eq "64" -and + $_.Value.arch -eq "INTEL" -and + $_.Value.installer -eq "exe" -and + -not $_.Value.light + } | Select-Object Value).PSObject.Properties.Value + + Write-Host "Latest OpenSSL 3.0:" ($source | Format-List | Out-String) + + $destination = "C:\ovs-build-downloads\Win64OpenSSL.exe" + if (Test-Path $destination) { + $fileHash = (Get-FileHash $destination -Algorithm SHA256).Hash.ToLower() + if ($fileHash -ne $source.sha256) { + Write-Host "Cache miss:" $fileHash "!=" $source.sha256 + Remove-Item -Path $destination + } + } - $source = "https://slproweb.com/download/Win64OpenSSL-1_0_2u.exe" - $destination = "C:\ovs-build-downloads\Win64OpenSSL-1_0_2u.exe" - Invoke-WebRequest $source -OutFile $destination + if (Test-Path $destination) { + Write-Host "Using cached:" $destination + } else { + Write-Host "Downloading:" $source.url + Invoke-WebRequest $source.url -OutFile $destination + } + + Write-Host "Installing:" $destination + Start-Process -FilePath $destination ` + -ArgumentList "/silent /verysilent /sp- /suppressmsgboxes" -Wait - cd C:\ovs-build-downloads - .\Win64OpenSSL-1_0_2u.exe /silent /verysilent /sp- /suppressmsgboxes - Start-Sleep -s 30 - cd C:\openvswitch_compile - ps: git clone -q https://git.code.sf.net/p/pthreads4w/code c:\pthreads4w-code - ps: python3 -m pip install pypiwin32 --disable-pip-version-check - -build_script: - '"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"' - ps: C:\msys64\msys2_shell.cmd -here -defterm -no-start -use-full-path -c ".ci/windows-prepare.sh 2>&1" + +build_script: - ps: C:\msys64\msys2_shell.cmd -here -defterm -no-start -use-full-path -c ".ci/windows-build.sh $env:CONFIGURATION 2>&1" - ps: cp C:\PTHREADS-BUILT\bin\pthreadVC3.dll C:\openvswitch\usr\bin