Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 35f33d3

Browse filesBrowse files
marco-ippolitotargos
marco-ippolito
authored and
targos
committed
tools: remove openssl v1 update script
PR-URL: #51378 Fixes: nodejs/security-wg#1182 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
1 parent 63e0ceb commit 35f33d3
Copy full SHA for 35f33d3

File tree

Expand file treeCollapse file tree

2 files changed

+14
-117
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+14
-117
lines changed
Open diff view settings
Collapse file

‎.github/workflows/update-openssl.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/update-openssl.yml
+2-51Lines changed: 2 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ permissions:
1010
contents: read
1111

1212
jobs:
13-
openssl-v3-update:
13+
openssl-update:
1414
if: github.repository == 'nodejs/node'
1515
runs-on: ubuntu-latest
1616
steps:
@@ -19,7 +19,7 @@ jobs:
1919
persist-credentials: false
2020
- name: Check and download new OpenSSL version
2121
run: |
22-
./tools/dep_updaters/update-openssl.sh download_v3 > temp-output
22+
./tools/dep_updaters/update-openssl.sh download > temp-output
2323
cat temp-output
2424
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
2525
rm temp-output
@@ -58,52 +58,3 @@ jobs:
5858
branch: actions/tools-update-openssl # Custom branch *just* for this Action.
5959
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}'
6060
path: deps/openssl
61-
openssl-v1-update:
62-
if: github.repository == 'nodejs/node'
63-
runs-on: ubuntu-latest
64-
steps:
65-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
66-
with:
67-
persist-credentials: false
68-
ref: v16.x-staging
69-
- name: Check and download new OpenSSL version
70-
run: |
71-
./tools/dep_updaters/update-openssl.sh download_v1 > temp-output
72-
cat temp-output
73-
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
74-
rm temp-output
75-
env:
76-
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
77-
- name: Create PR with first commit
78-
if: env.NEW_VERSION
79-
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2
80-
# Creates a PR with the new OpenSSL source code committed
81-
env:
82-
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
83-
with:
84-
author: Node.js GitHub Bot <github-bot@iojs.org>
85-
body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}.
86-
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action.
87-
commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}'
88-
labels: dependencies
89-
title: '[v16.x] deps: update OpenSSL to ${{ env.NEW_VERSION }}'
90-
path: deps/openssl
91-
update-pull-request-title-and-body: true
92-
- name: Regenerate platform specific files
93-
if: env.NEW_VERSION
94-
run: |
95-
sudo apt install -y nasm libtext-template-perl
96-
./tools/dep_updaters/update-openssl.sh regenerate
97-
env:
98-
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
99-
- name: Add second commit
100-
# Adds a second commit to the PR with the generated platform-dependent files
101-
if: env.NEW_VERSION
102-
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2
103-
env:
104-
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
105-
with:
106-
author: Node.js GitHub Bot <github-bot@iojs.org>
107-
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action.
108-
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}'
109-
path: deps/openssl
Collapse file

‎tools/dep_updaters/update-openssl.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-openssl.sh
+12-66Lines changed: 12 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -9,80 +9,26 @@ cleanup() {
99
exit $EXIT_CODE
1010
}
1111

12-
download_v1() {
13-
LATEST_V1_TAG_NAME="$("$NODE" --input-type=module <<'EOF'
14-
const res = await fetch('https://api.github.com/repos/quictls/openssl/git/matching-refs/tags/OpenSSL_1');
15-
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
16-
const releases = await res.json()
17-
const latest = releases.findLast(({ ref }) => ref.includes('quic'));
18-
if(!latest) throw new Error(`Could not find latest release for v1`);
19-
console.log(latest.ref.replace('refs/tags/',''));
20-
EOF
21-
)"
22-
23-
NEW_VERSION_V1=$(echo "$LATEST_V1_TAG_NAME" | sed 's/OpenSSL_//;s/_/./g;s/-/+/g')
24-
25-
case "$NEW_VERSION_V1" in
26-
*quic1) NEW_VERSION_V1_NO_RELEASE="${NEW_VERSION_V1%1}" ;;
27-
*) NEW_VERSION_V1_NO_RELEASE="$NEW_VERSION_V1" ;;
28-
esac
29-
30-
VERSION_H="$DEPS_DIR/openssl/openssl/include/openssl/opensslv.h"
31-
CURRENT_VERSION=$(grep "OPENSSL_VERSION_TEXT" "$VERSION_H" | sed -n "s/.*OpenSSL \([^\"]*\).*/\1/p" | cut -d ' ' -f 1)
32-
33-
# This function exit with 0 if new version and current version are the same
34-
compare_dependency_version "openssl" "$NEW_VERSION_V1_NO_RELEASE" "$CURRENT_VERSION"
35-
36-
echo "Making temporary workspace..."
37-
WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
38-
cd "$WORKSPACE"
39-
40-
echo "Fetching OpenSSL source archive..."
41-
OPENSSL_TARBALL="openssl.tar.gz"
42-
curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/$LATEST_V1_TAG_NAME"
43-
log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL"
44-
gzip -dc "$OPENSSL_TARBALL" | tar xf -
45-
rm "$OPENSSL_TARBALL"
46-
47-
mv quictls-openssl-* openssl
48-
49-
echo "Replacing existing OpenSSL..."
50-
rm -rf "$DEPS_DIR/openssl/openssl"
51-
mv "$WORKSPACE/openssl" "$DEPS_DIR/openssl/"
52-
53-
echo "All done!"
54-
echo ""
55-
echo "Please git add openssl, and commit the new version:"
56-
echo ""
57-
echo "$ git add -A deps/openssl/openssl"
58-
echo "$ git add doc/contributing/maintaining/maintaining-dependencies.md"
59-
echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$NEW_VERSION_V1\""
60-
echo ""
61-
# The last line of the script should always print the new version,
62-
# as we need to add it to $GITHUB_ENV variable.
63-
echo "NEW_VERSION=$NEW_VERSION_V1"
64-
}
65-
66-
download_v3() {
67-
LATEST_V3_TAG_NAME="$("$NODE" --input-type=module <<'EOF'
12+
download() {
13+
LATEST_TAG_NAME="$("$NODE" --input-type=module <<'EOF'
6814
const res = await fetch('https://api.github.com/repos/quictls/openssl/git/matching-refs/tags/openssl-3.0');
6915
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
7016
const releases = await res.json()
7117
const latest = releases.findLast(({ ref }) => ref.includes('quic'));
72-
if(!latest) throw new Error(`Could not find latest release for v3.0`);
18+
if(!latest) throw new Error(`Could not find latest release`);
7319
console.log(latest.ref.replace('refs/tags/',''));
7420
EOF
7521
)"
76-
NEW_VERSION_V3=$(echo "$LATEST_V3_TAG_NAME" | sed 's/openssl-//;s/-/+/g')
22+
NEW_VERSION=$(echo "$LATEST_TAG_NAME" | sed 's/openssl-//;s/-/+/g')
7723

78-
case "$NEW_VERSION_V3" in
79-
*quic1) NEW_VERSION_V3_NO_RELEASE="${NEW_VERSION_V3%1}" ;;
80-
*) NEW_VERSION_V3_NO_RELEASE="$NEW_VERSION_V3" ;;
24+
case "$NEW_VERSION" in
25+
*quic1) NEW_VERSION_NO_RELEASE="${NEW_VERSION%1}" ;;
26+
*) NEW_VERSION_NO_RELEASE="$NEW_VERSION" ;;
8127
esac
8228
VERSION_H="./deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h"
8329
CURRENT_VERSION=$(grep "OPENSSL_FULL_VERSION_STR" $VERSION_H | sed -n "s/^.*VERSION_STR \"\(.*\)\"/\1/p")
8430
# This function exit with 0 if new version and current version are the same
85-
compare_dependency_version "openssl" "$NEW_VERSION_V3_NO_RELEASE" "$CURRENT_VERSION"
31+
compare_dependency_version "openssl" "$NEW_VERSION_NO_RELEASE" "$CURRENT_VERSION"
8632

8733
echo "Making temporary workspace..."
8834

@@ -93,7 +39,7 @@ EOF
9339

9440
OPENSSL_TARBALL="openssl.tar.gz"
9541

96-
curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/$LATEST_V3_TAG_NAME"
42+
curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/$LATEST_TAG_NAME"
9743

9844
log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL"
9945

@@ -110,11 +56,11 @@ EOF
11056
echo "Please git add openssl, and commit the new version:"
11157
echo ""
11258
echo "$ git add -A deps/openssl/openssl"
113-
echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$NEW_VERSION_V3\""
59+
echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$NEW_VERSION\""
11460
echo ""
11561
# The last line of the script should always print the new version,
11662
# as we need to add it to $GITHUB_ENV variable.
117-
echo "NEW_VERSION=$NEW_VERSION_V3"
63+
echo "NEW_VERSION=$NEW_VERSION"
11864
}
11965

12066
regenerate() {
@@ -168,7 +114,7 @@ main() {
168114
. "$BASE_DIR/tools/dep_updaters/utils.sh"
169115

170116
case ${1} in
171-
help | regenerate | download_v1 | download_v3 )
117+
help | regenerate | download )
172118
$1 "${2}"
173119
;;
174120
* )

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.