Skip to content

remove aws-lc-rs dep and fix storage_broker tls #9613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
conradludgate merged 4 commits into from
Nov 4, 2024
Merged

remove aws-lc-rs dep and fix storage_broker tls #9613

conradludgate merged 4 commits into from
Nov 4, 2024

Conversation

@conradludgate
Copy link
Contributor

@conradludgate conradludgate commented Nov 2, 2024

It seems the ecosystem is not so keen on moving to aws-lc-rs as it's build setup is more complicated than ring (requiring cmake).

Eventually I expect the ecosystem should pivot to https://github.com/ctz/graviola/tree/main/rustls-graviola as it stabilises (it has a very simply build step and license), but for now let's try not have a headache of juggling two crypto libs.

I also noticed that tonic will just fail with tls without a default provider, so I added some defensive code for that.

@conradludgate conradludgate requested review from a team as code owners November 2, 2024 11:27
@conradludgate conradludgate requested review from awarus and skyzh November 2, 2024 11:27
@github-actions
Copy link

github-actions bot commented Nov 2, 2024
edited
Loading

5328 tests run: 5106 passed, 0 failed, 222 skipped (full report)

Flaky tests (1)

Postgres 17

Code coverage* (full report)

  • functions: 31.5% (7772 of 24690 functions)
  • lines: 48.9% (61011 of 124696 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
e513e6f at 2024-11-04T13:21:59.015Z :recycle:

@conradludgate conradludgate mentioned this pull request Nov 3, 2024
Merged
@conradludgate
Copy link
Contributor Author

conradludgate commented Nov 3, 2024

I also noticed that tonic will just fail with tls without a default provider, so I added some defensive code for that.

I've also opened hyperium/tonic#2034 as more robust solution.

@conradludgate conradludgate enabled auto-merge (squash) November 3, 2024 13:43
hlinnaka
hlinnaka reviewed Nov 3, 2024
View reviewed changes
Copy link
Contributor

@hlinnaka hlinnaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes please, for a different reason: I just bumped into this issue compiling with cranelift: rust-lang/rustc_codegen_cranelift#1520. I'm sure that'll be eventually fixed, but not using aws-lc-rs avoids it.

Do we need to specify a provider at all? How about using https://docs.rs/rustls/latest/rustls/server/struct.ServerConfig.html#method.builder instead?

@conradludgate
Copy link
Contributor Author

conradludgate commented Nov 3, 2024

The pg17 failures do not seem to be flaky. I'm not sure what's changed there

@conradludgate conradludgate merged commit 3dcdbcc into main Nov 4, 2024
@conradludgate conradludgate deleted the remove-aws-lc-rs branch November 4, 2024 13:29
@awarus awarus mentioned this pull request Nov 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hlinnaka hlinnaka hlinnaka left review comments

@skyzh skyzh skyzh approved these changes

@cloneable cloneable cloneable approved these changes

@awarus awarus Awaiting requested review from awarus awarus is a code owner automatically assigned from neondatabase/proxy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@conradludgate @hlinnaka @skyzh @cloneable