Switched from RustCrypto to OpenSSL.

* OpenSSL supports a lot more ciphers and algorithms. It also has a lot more hardware-level optimizations like AVX and Neon. * OpenSSL can be updated (patched) without rebuilding the app. * OpenSSL has a more active maintenance cycle and is likely the first one to receive security patches. * OpenSSL (or its forks) are used by most Rust TLS implementations. * RustCrypto's TLS client is in its infancy, with certificate validation being especially unpolished.
zlogic · Jul 12, 2024 · afe509a · afe509a
1 parent bbeef6a
commit afe509a
Show file tree

Hide file tree

Showing 6 changed files with 523 additions and 1,033 deletions.
diff --git a/.github/workflows/cargo-build.yml b/.github/workflows/cargo-build.yml
@@ -26,21 +26,22 @@ jobs:
           ~/.cargo/registry/index
           ~/.cargo/registry/cache
           ~/.cargo/git/db
+          ~/.cargo/bin
           ${{ github.workspace }}/target
         key: lint-${{ runner.os }}-${{ steps.get-rust-version.outputs.VERSION }}-${{ hashFiles('Cargo.*') }}
 
     - name: Validate Rust code with clippy
       run: cargo clippy
 
     - name: Install cargo-edit
+      if: ${{ steps.cache-rust.outputs.cache-hit != 'true' }}
       run: cargo install cargo-edit
 
     - name: Check for new dependency versions
       run: cargo upgrade --dry-run
 
   build-linux:
-    # Older Ubuntu versions will link with an older GLIBC and provide better compatibility
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     needs: validate
     strategy:
       fail-fast: true
@@ -72,15 +73,33 @@ jobs:
     - name: Install compiler and prepare for cross-compilation
       if: matrix.arch == 'aarch64'
       run: |
-        rustup target add ${{ matrix.arch }}-unknown-linux-gnu
-        sudo apt-get update
         sudo apt-get install -y crossbuild-essential-arm64 qemu-user-static
-        echo "LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib:$LD_LIBRARY_PATH" >> $GITHUB_ENV
+        sudo dpkg --add-architecture arm64
+        sudo sed 's/deb http/deb \[arch=amd64,i386\] http/' -i /etc/apt/sources.list
+        echo | sudo tee -a /etc/apt/sources.list <<EOF
+        deb [arch=arm64] http://azure.ports.ubuntu.com/ $(lsb_release -cs) main universe restricted multiverse
+        deb [arch=arm64] http://azure.ports.ubuntu.com/ $(lsb_release -cs)-updates main universe restricted multiverse
+        deb [arch=arm64] http://azure.ports.ubuntu.com/ $(lsb_release -cs)-security main universe restricted multiverse
+        EOF
+        sudo apt-get update || echo "Some sources failed to update, http://azure.archive.ubuntu.com doesn't have arm64 images"
+        sudo apt-get install libssl-dev:arm64
+        echo "LD_LIBRARY_PATH=/usr/lib/aarch64-linux-gnu:$LD_LIBRARY_PATH" >> $GITHUB_ENV
         echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=/usr/bin/aarch64-linux-gnu-gcc" >> $GITHUB_ENV
         echo "CC=/usr/bin/aarch64-linux-gnu-gcc" >> $GITHUB_ENV
         echo "CXX=/usr/bin/aarch64-linux-gnu-g++" >> $GITHUB_ENV
         echo "CFLAGS=-march=armv8.2-a" >> $GITHUB_ENV
         echo "CXXFLAGS=-march=armv8.2-a" >> $GITHUB_ENV
+        rustup target add ${{ matrix.arch }}-unknown-linux-gnu
+
+    - name: Install OpenSSL development packages
+      run: |
+        ARCH=amd64
+        if [ "${{matrix.arch}}" == "aarch64" ]; then
+          ARCH=arm64
+        fi
+        sudo apt-get install libssl-dev:${ARCH}
+        echo "OPENSSL_INCLUDE_DIR=/usr/include" >> $GITHUB_ENV
+        echo "OPENSSL_LIB_DIR=/usr/lib/${{ matrix.arch  }}-linux-gnu" >> $GITHUB_ENV
 
     - name: Build
       run: cargo build --target=${{ matrix.arch }}-unknown-linux-gnu --release