auto-merge envoyproxy/envoy[release/v1.32] into envoyproxy/envoy-openssl[release/v1.32] #298
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![update-openssl-envoy[bot]](https://avatars.githubusercontent.com/u/30125649?s=60&v=4){kind=small}
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
from
b8c5cb5 to
0a628f9
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
from
0a628f9 to
bc8408d
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
7 times, most recently
from
7004f0b to
690d194
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
8 times, most recently
from
c396131 to
d4fa45c
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
7 times, most recently
from
4094b80 to
a097ed0
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
4 times, most recently
from
35e9542 to
17f65cc
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
7 times, most recently
from
19d5e40 to
2a1f386
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
2 times, most recently
from
1e0c7d3 to
1f9ba69
Compare
Signed-off-by: Ryan Northey <[email protected]>
Commit Message: Simple grep over the codebase suggests that we don't have any WASM specific fuzz tests defined. And existing fuzz tests don't need a full WASM runtime. On top of that in general we don't really want to fuzz test our dependencies (e.g., we would like the dependencies to have their own infrastructure and be scrupulous when new dependencies are added). Disabling WASM reduces the build time and resources required for fuzz-coverage. One particular reason to try and optimize fuzz-coverage is that I want to move it to static linking to work around a bug in Clang/LLVM (see llvm/llvm-project#32849) and static linking produces much large binaries and requires a larger linker footprint, which currently hits the limits of the RBE backend used. Additional Description: Some relevant discussions can be found in envoyproxy/envoy#39030 which prompted me to work on this in the first place. And I will use envoyproxy/envoy#39248 as a tracking bug for the coverage changes. Risk Level: low Testing: running fuzz-coverage on local machine with the changes included, I also confirmed that disabling wasm + moving fuzz-coverage to EngFlow + removing explicit RBE pool attributes from fuzz targets make it possible to successfully statically link fuzz tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a --------- Signed-off-by: Mikhail Krinkin <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
too large for RBE workers Signed-off-by: Ryan Northey <[email protected]>
… of BoringCrypto FIPS via override_repository Additional Description: If one uses `build --override_repository=boringssl_fips=/usr/lib/boringssl-fips-static` to compile v1.32 envoy against BoringCrypto FIPS 2023042800 [#4953](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4953) or the BoringCrypto update stream, the build will fail on an error assertion. Remove this `#error` assertion, as it is meant to be a reminder to the developers in the development tip, but shouldn't prevent users of stable branches to build envoy against newly certified BoringCrypto FIPS or the BoringCrypto FIPS update stream. Note the project is compiled against c++20 standard, and thus `#warning` from c++23 is not available. Note! This change does not upgrade BoringCrypto FIPS version, and it remains the same, but compile time incompatibility with newer BoringCrypto FIPS is resolved. Risk Level: Low Testing: Compiled with override_repository pointing at BoringCrypto FIPS 2023042800 Fixes: envoyproxy/envoy#39822 Signed-off-by: Dimitri John Ledkov <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
from
1f9ba69 to
c4d4b17
Compare
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
7 times, most recently
from
468acf8 to
f2d582c
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
6 times, most recently
from
4662373 to
d7ac3db
Compare
…ssl[release/v1.32] * upstream/release/v1.32: ci/cache: Shift cache create action to do_ci.sh (#39845) Commit Message: Add support for building envoy against newer releases of BoringCrypto FIPS via override_repository coverage: Disable large tests Don't build WASM for fuzz-coverage tests (#39296) ci/coverage: Fix path repo: Dev v1.32.7 Signed-off-by: tedjpoole <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-32
branch
from
d7ac3db to
74ee5f2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh