fix(bindings): Increase aws-lc-rs minimum version #5042
Closed
+10
−9
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
#5028 updated the minimum supported version of aws-lc-rs to 1.6.4, because aws/aws-lc-rs#335 is required in order to build s2n-tls-sys. However, aws/aws-lc-rs#335 modifies three crates: aws-lc-rs, aws-lc-sys, and aws-lc-fips-sys. In order to build s2n-tls, the changes are required in aws-lc-rs and aws-lc-sys for non-FIPS builds, and aws-lc-rs and aws-lc-fips-sys for FIPS builds.
aws-lc-rs 1.6.4 is the first aws-lc-rs version to enforce that aws/aws-lc-rs#335 is included in aws-lc-sys, since it depends on aws-lc-sys 0.14.0.
However, aws-lc-rs 1.12.0 (released ~1 month ago) is the first aws-lc-rs version to enforce that aws/aws-lc-rs#335 is included in aws-lc-fips-sys, since it started depending on aws-lc-fips-sys 0.13.0. All versions before that only depended on 0.12.0
It's therefore currently possible for a dependency closure to include s2n-tls, aws-lc-rs 1.6.4, and aws-lc-fips-sys 1.12.0, which doesn't include aws/aws-lc-rs#335. This causes the s2n-tls build to fail. To ensure that aws/aws-lc-rs#335 is included in the build, we need aws-lc-fips-sys to be at least 0.12.2, which is only enforced in aws-lc-rs 1.12.0, so this PR updates the aws-lc-rs minimum version to 1.12.0.
Call-outs:
Alternative solutions:
Note that this was not caught by the new minimum versions test added in #5028 because it currently only tests minimum versions of direct dependencies (aws-lc-rs). For indirect dependencies (aws-lc-fips-sys), the highest supported versions are tested.
Testing:
I ran the minimal-versions test on my smithy-rs PR locally:
I didn't update the minimum test to include transitive dependencies, as this is not recommended in the Rust documentation.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.