Mirrors/curl
0
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-01-18 17:21:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

GHA: drop quictls 3.3.0 builds in favor of openssl 3.5+

Browse Source 
- http3-linux: move local nghttpx (nghttp2) build to openssl (from
  quictls). Also tried LibreSSL, but it made some HTTP/2 tests fails.

- http3-linux: drop quictls ngtcp2 build.

- http3-linux: build local openssl with `no-deprecated`.
  (previously tested in the quictls local build.)

- http3-linux: explicitly disable LDAP in cmake openssl jobs.
  cmake builds auto-detect OpenLDAP (autotools don't), and when enabled,
  linking curl fails because system `libsasl.so` requires MD5 openssl
  functions, which are missing from openssl no-deprecated builds.

- macos: move options tested in quictls jobs to other ones.

- linux: drop unused quictls local build. (it was used for msh3.)
  Follow-up to 91138b014d #17729

- renovate: drop quictls bump detection.

Closes #18833
This commit is contained in:
Viktor Szakats
2025-10-03 16:40:28 +02:00
parent 4535532ed3
commit c96bf36557
4 changed files with 25 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
.github/workflows/http3-linux.yml vendored
View File

@@ -41,8 +41,6 @@ env:
CURL_CI: github
# handled in renovate.json
OPENSSL_VERSION: 3.6.0
# handled in renovate.json
QUICTLS_VERSION: 3.3.0
# renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
LIBRESSL_VERSION: 4.1.1
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
@@ -70,12 +68,12 @@ jobs:
steps:
- name: 'cache openssl'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-openssl-http3
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}-no-deprecated
- name: 'cache libressl'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
@@ -104,15 +102,6 @@ jobs:
path: ~/boringssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }}
- name: 'cache quictls'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-quictls-no-deprecated
env:
cache-name: cache-quictls-no-deprecated
with:
path: ~/quictls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1
- name: 'cache gnutls'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-gnutls
@@ -147,7 +136,7 @@ jobs:
cache-name: cache-ngtcp2
with:
path: ~/ngtcp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
- name: 'cache ngtcp2 boringssl'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
@@ -165,15 +154,14 @@ jobs:
cache-name: cache-nghttp2
with:
path: ~/nghttp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }}
- id: settings
if: >-
${{ steps.cache-openssl-http3.outputs.cache-hit != 'true' ||
${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-libressl.outputs.cache-hit != 'true' ||
steps.cache-awslc.outputs.cache-hit != 'true' ||
steps.cache-boringssl.outputs.cache-hit != 'true' ||
steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-gnutls.outputs.cache-hit != 'true' ||
steps.cache-wolfssl.outputs.cache-hit != 'true' ||
steps.cache-nghttp3.outputs.cache-hit != 'true' ||
@@ -199,12 +187,12 @@ jobs:
echo 'CXX=g++-12' >> "$GITHUB_ENV"
- name: 'build openssl'
if: ${{ steps.cache-openssl-http3.outputs.cache-hit != 'true' }}
if: ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
git clone --quiet --depth=1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl
cd openssl
./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests
./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated
make
make -j1 install_sw
@@ -241,16 +229,6 @@ jobs:
cmake --build .
cmake --install .
- name: 'build quictls'
if: ${{ steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
git clone --quiet --depth=1 -b "openssl-${QUICTLS_VERSION}-quic1" https://github.com/quictls/openssl quictls
cd quictls
./config no-deprecated --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'build gnutls'
if: ${{ steps.cache-gnutls.outputs.cache-hit != 'true' }}
run: |
@@ -292,7 +270,7 @@ jobs:
- name: 'build ngtcp2'
if: ${{ steps.cache-ngtcp2.outputs.cache-hit != 'true' }}
# building 3 times to get crypto libs for ossl, libressl, quictls and awslc installed
# building twice to get crypto libs for ossl, libressl and awslc installed
run: |
cd ~
git clone --quiet --depth=1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2
@@ -302,10 +280,6 @@ jobs:
PKG_CONFIG_PATH=/home/runner/libressl/build/lib/pkgconfig --enable-lib-only --with-openssl
make install
make clean
./configure --disable-dependency-tracking --prefix="$PWD"/build \
PKG_CONFIG_PATH=/home/runner/quictls/build/lib/pkgconfig --enable-lib-only --with-openssl
make install
make clean
./configure --disable-dependency-tracking --prefix="$PWD"/build \
PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \
--enable-lib-only --with-openssl --with-gnutls --with-wolfssl --with-boringssl \
@@ -337,8 +311,8 @@ jobs:
# required (for nghttpx application): libc-ares-dev libev-dev zlib1g-dev
# optional (for nghttpx application): libbrotli-dev
./configure --disable-dependency-tracking --prefix="$PWD"/build \
PKG_CONFIG_PATH=/home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig \
LDFLAGS=-Wl,-rpath,/home/runner/quictls/build/lib \
PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig \
LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib \
--with-libbrotlienc --with-libbrotlidec \
--enable-app --enable-http3
make install
@@ -367,8 +341,9 @@ jobs:
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
-DCURL_DISABLE_NTLM=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'libressl'
@@ -416,21 +391,6 @@ jobs:
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'quictls'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/quictls/build/lib
--with-ngtcp2 --disable-ntlm
--with-openssl=/home/runner/quictls/build --enable-ssls-export
--enable-unity
- name: 'quictls'
PKG_CONFIG_PATH: /home/runner/quictls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/quictls/build
-DUSE_NGTCP2=ON -DCURL_DISABLE_NTLM=ON
- name: 'gnutls'
install_packages: nettle-dev libp11-kit-dev
install_steps: skipall
@@ -476,6 +436,7 @@ jobs:
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_OPENSSL_QUIC=ON
-DCURL_DISABLE_LDAP=ON
-DCURL_DISABLE_NTLM=ON
-DCMAKE_UNITY_BUILD=ON
@@ -518,12 +479,12 @@ jobs:
- name: 'cache openssl'
if: ${{ matrix.build.name == 'openssl' || matrix.build.name == 'openssl-quic' }}
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-openssl-http3
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}-no-deprecated
fail-on-cache-miss: true
- name: 'cache libressl'
@@ -556,16 +517,6 @@ jobs:
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache quictls'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-quictls-no-deprecated
env:
cache-name: cache-quictls-no-deprecated
with:
path: ~/quictls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1
fail-on-cache-miss: true
- name: 'cache gnutls'
if: ${{ matrix.build.name == 'gnutls' }}
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
@@ -605,7 +556,7 @@ jobs:
cache-name: cache-ngtcp2
with:
path: ~/ngtcp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache ngtcp2 boringssl'
@@ -625,7 +576,7 @@ jobs:
cache-name: cache-nghttp2
with:
path: ~/nghttp2/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.QUICTLS_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }}
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }}
fail-on-cache-miss: true
- name: 'cache quiche'

21
.github/workflows/linux.yml vendored
View File

@@ -49,8 +49,6 @@ env:
BORINGSSL_VERSION: 0.20251002.0
# handled in renovate.json
OPENSSL_VERSION: 3.6.0
# handled in renovate.json
QUICTLS_VERSION: 3.3.0
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
RUSTLS_VERSION: 0.15.0
# handled in renovate.json
@@ -495,25 +493,6 @@ jobs:
make
make -j1 install_sw
- name: 'cache quictls'
if: ${{ contains(matrix.build.install_steps, 'quictls') }}
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
id: cache-quictls
env:
cache-name: cache-quictls
with:
path: ~/quictls
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.QUICTLS_VERSION }}-quic1
- name: 'build quictls'
if: ${{ contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true' }}
run: |
git clone --quiet --depth=1 -b "openssl-${QUICTLS_VERSION}-quic1" https://github.com/quictls/openssl
cd openssl
./config --prefix=/home/runner/quictls --libdir=lib no-makedepend no-apps no-docs no-tests
make
make -j1 install_sw
- name: 'cache awslc'
if: ${{ contains(matrix.build.install_steps, 'awslc') }}
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0

17
.github/workflows/macos.yml vendored
View File

@@ -255,16 +255,17 @@ jobs:
--without-nghttp2 --disable-ntlm --without-ssl --without-zlib --without-zstd
macos-version-min: '10.15' # Catalina (2019)
- name: 'LibreSSL +examples'
- name: 'LibreSSL !ldap +examples'
compiler: clang
install: libressl
install_steps: pytest
configure: --enable-debug --with-openssl=/opt/homebrew/opt/libressl
- name: 'OpenSSL'
configure: --enable-debug --with-openssl=/opt/homebrew/opt/libressl --disable-ldap
- name: 'OpenSSL 10.15'
compiler: clang
install: libnghttp3 libngtcp2
install_steps: pytest
configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl --with-ngtcp2
macos-version-min: '10.15'
- name: 'OpenSSL SecTrust'
compiler: clang
install: libnghttp3 libngtcp2
@@ -274,11 +275,6 @@ jobs:
compiler: clang
configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl
tflags: --test-event
- name: 'quictls libssh2 !ldap 10.15'
compiler: clang
install: quictls
configure: --enable-debug --disable-ldap --with-openssl=/opt/homebrew/opt/quictls LDFLAGS=-L/opt/homebrew/opt/quictls/lib
macos-version-min: '10.15'
# cmake
- name: 'OpenSSL gsasl rtmp AppleIDN SecTrust'
install: libnghttp3 libngtcp2 gsasl rtmpdump
@@ -306,9 +302,6 @@ jobs:
-DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal
-DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy
- name: 'quictls +static libssh +examples'
install: quictls libssh
generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/quictls -DBUILD_STATIC_LIBS=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON
- name: 'LibreSSL openldap heimdal c-ares +examples'
install: libressl heimdal openldap
generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib
@@ -370,7 +363,7 @@ jobs:
while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew bundle install --file /tmp/Brewfile; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done
- name: 'brew unlink openssl'
if: ${{ contains(matrix.build.install, 'aws-lc') || contains(matrix.build.install, 'libressl') || contains(matrix.build.install, 'quictls') }}
if: ${{ contains(matrix.build.install, 'aws-lc') || contains(matrix.build.install, 'libressl') }}
run: |
if [ -d /opt/homebrew/include/openssl ]; then
brew unlink openssl

14
renovate.json
View File

@@ -102,20 +102,6 @@
"versioningTemplate": "semver",
"extractVersionTemplate": "^openssl-(?<version>.*)$"
},
{
"customType": "regex",
"managerFilePatterns": [
"/^.github/workflows/linux.yml$/",
"/^.github/workflows/http3-linux.yml$/"
],
"matchStrings": [
"QUICTLS_VERSION: (?<currentValue>.*)\\s"
],
"datasourceTemplate": "github-tags",
"depNameTemplate": "quictls/openssl",
"versioningTemplate": "semver",
"extractVersionTemplate": "^openssl-(?<version>.*)-quic1$"
},
{
"customType": "regex",
"managerFilePatterns": [