On Mon, Nov 06, 2023 at 08:44:22PM +0100, Bjorn Ketelaars wrote:
> Diff below updates security/vaultwarden to 1.30.0 and
> www/vaultwarden-web to 2023.10.0. Main changes are the addition of
> passkey support, and integration of the WebSocket service in the HTTP
> server. Full overview on changes can be found at
> https://github.com/dani-garcia/vaultwarden/releases/tag/1.30.0 and
> https://github.com/dani-garcia/bw_web_builds/releases/tag/v2023.10.0/.
>
> This release is kind of special as it uses both ring-0.16.20 and
> ring-0.17.5. The first has been imported to security/rust-ring and has
> been patched to work with OpenBSD's execute only policy. The latter has
> not been imported but has seemingly been fixed upstream. Proposal is to
> keep both crates and patch 0.16.20 locally.
> As a reminder I added a comment to the Makefile of security/rust-ring to
> sync the patches of vaultwarden.
>
> Please note that vaultwarden-1.30.0 uses the same version of Rocket-*
> thus the same vendored tarball can be used. I guess a more pretty
> solution is to provide vaultwarden-deps-1.30.0.tgz, which is a copy of
> vaultwarden-deps-1.29.1.tgz, and slightly adapt the diff below.
>
> Lightly run tested on amd64.
>
> I'm not sure if the ring-related changes/additions are sane. I'm hoping
> that tb@ can comment on this.
When the rust-ring replacement hack was added, it was unclear what would
happen to the patches. We were able to merge them into BoringSSL and
hence it was a matter of time that ring would pick them up. It is a
great thing that Brian Smith completed this work a few weeks ago and we
can now wait for the ecosystem to drop 0.16 and then remove our
rust-ring port.
I do not think we should be copying these patches around. The better
fix is to teach cargo.port.mk to be more selective about what ring
crate to replace as below. This means 0.16.20 will be replaced with
the patches rust-ring source and 0.17 will remain untouched. You can
then delete the patches, reinstate the bdep on security/rust-ring and
remove the MODCARGO_CRATES_KEEP and the comment.
Index: cargo.port.mk
===================================================================
RCS file: /cvs/ports/devel/cargo/cargo.port.mk,v
diff -u -p -r1.40 cargo.port.mk
--- cargo.port.mk 21 Sep 2023 09:49:49 -0000 1.40
+++ cargo.port.mk 14 Oct 2023 07:14:01 -0000
@@ -212,7 +212,7 @@ MODCARGO_post-extract += \
${ECHO_MSG} "[modcargo] Patching ${_cratename}-${_cratever} to use archivers/zstd" ; \
sed -i -e 's,^fn main() {,fn main() { println!("cargo:rustc-link-lib=zstd"); return;,' \
${MODCARGO_VENDOR_DIR}/${_cratename}-${_cratever}/build.rs ;
-. elif "${_cratename}" == "ring"
+. elif "${_cratename}" == "ring" && "${_cratever:C/0.16\..*/0.16/}" == "0.16"
MODCARGO_post-extract += \
${ECHO_MSG} "[modcargo] Replacing libsrc for ${_cratename}-${_cratever}" ; \
rm -rf -- ${MODCARGO_VENDOR_DIR}/${_cratename}-${_cratever} ; \
No comments:
Post a Comment