jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-04-28 13:40:37 +00:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

doc: update maintaining-openssl.md for openssl
Some checks are pending
Coverage Linux (without intl) / coverage-linux-without-intl (push) Waiting to run
Details
Coverage Linux / coverage-linux (push) Waiting to run
Details
Coverage Windows / coverage-windows (push) Waiting to run
Details
Test and upload documentation to artifacts / build-docs (push) Waiting to run
Details
Linters / lint-addon-docs (push) Waiting to run
Details
Linters / lint-cpp (push) Waiting to run
Details
Linters / format-cpp (push) Waiting to run
Details
Linters / lint-js-and-md (push) Waiting to run
Details
Linters / lint-py (push) Waiting to run
Details
Linters / lint-yaml (push) Waiting to run
Details
Linters / lint-sh (push) Waiting to run
Details
Linters / lint-codeowners (push) Waiting to run
Details
Linters / lint-pr-url (push) Waiting to run
Details
Linters / lint-readme (push) Waiting to run
Details
Notify on Push / Notify on Force Push on `main` (push) Waiting to run
Details
Notify on Push / Notify on Push on `main` that lacks metadata (push) Waiting to run
Details
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details

Browse Source 
Update the instructions for maintaining OpenSSL in the Node.js source
tree to reflect switching back from the quictls fork of OpenSSL back
to official OpenSSL.

PR-URL: https://github.com/nodejs/node/pull/57413
Refs: https://github.com/nodejs/node/pull/57301
Refs: https://github.com/nodejs/node/pull/57142
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
This commit is contained in:
Richard Lau 2025-03-13 17:42:04 +00:00 committed by GitHub
parent 3329efecb1
commit 81d3db2250
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/update-openssl.yml vendored
View File

@ -35,7 +35,7 @@ jobs:
author: Node.js GitHub Bot <github-bot@iojs.org>
body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}.
branch: actions/tools-update-openssl # Custom branch *just* for this Action.
commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}'
commit-message: 'deps: upgrade openssl sources to openssl-${{ env.NEW_VERSION }}'
labels: dependencies, openssl
title: 'deps: update OpenSSL to ${{ env.NEW_VERSION }}'
path: deps/openssl

45
doc/contributing/maintaining/maintaining-openssl.md
View File

@ -4,28 +4,6 @@ OpenSSL is automatically updated by the [update-openssl-action][].
There is also a script in `tools/dep_updaters` that can be used to update it.
This document describes how to manually update `deps/openssl/`.
If you need to provide updates across all active release lines you will
currently need to generate four PRs as follows:
* a PR for `main` which is generated following the instructions
below for OpenSSL 3.x.x.
* a PR for 18.x following the instructions in the v18.x-staging version
of this guide.
* a PR for 16.x following the instructions in the v16.x-staging version
of this guide.
## Use of the quictls/openssl fork
Node.js currently uses the quictls/openssl fork, which closely tracks
the main openssl/openssl releases with the addition of APIs to support
the QUIC protocol.
Details on the fork, as well as the latest sources, can be found at
<https://github.com/quictls/openssl>.
Branches are used per OpenSSL version (for instance,
<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1j+quic>).
## Requirements
* Linux environment.
@ -52,35 +30,33 @@ NASM version 2.11.08
## 1. Obtain and extract new OpenSSL sources
Get a new source from <https://github.com/quictls/openssl/tree/openssl-3.0.5+quic>
Get a new source from <https://github.com/openssl/openssl/tree/openssl-3.0.16>
and copy all files into `deps/openssl/openssl`. Then add all files and commit
them. (The link above, and the branch, will change with each new OpenSSL
release).
### OpenSSL 3.x.x
```bash
git clone https://github.com/quictls/openssl
git clone https://github.com/openssl/openssl
cd openssl
cd ../node/deps/openssl
rm -rf openssl
cp -R ../../../openssl openssl
rm -rf openssl/.git* openssl/.travis*
rm -rf openssl/.git*
git add --all openssl
git commit openssl
```
```text
deps: upgrade openssl sources to quictls/openssl-3.0.5+quic
deps: upgrade openssl sources to openssl-3.0.16
This updates all sources in deps/openssl/openssl by:
$ git clone git@github.com:quictls/openssl.git
$ git clone git@github.com:openssl/openssl.git
$ cd openssl
$ git checkout openssl-3.0.5+quic
$ git checkout openssl-3.0.16
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../../../openssl openssl
$ rm -rf openssl/.git* openssl/.travis*
$ rm -rf openssl/.git*
$ git add --all openssl
$ git commit openssl
```
@ -99,7 +75,8 @@ make -C deps/openssl/config clean
make -C deps/openssl/config
```
**Note**: If the 32-bit Windows is failing to compile run this workflow instead:
Fix up 32-bit Windows assembler directives. This will allow the commits to be
cherry-picked to older release lines that still provide binaries on 32-bit Windows.
```bash
make -C deps/openssl/config clean
@ -140,10 +117,8 @@ git commit
The commit message can be written as (with the openssl version set
to the relevant value):
### OpenSSL 3.x.x
```text
deps: update archs files for quictls/openssl-3.0.5+quic
deps: update archs files for openssl-3.0.16
After an OpenSSL source update, all the config files need to be
regenerated and committed by: