Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unwind the __fixed_rust business #1946

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Unwind the __fixed_rust business #1946

wants to merge 1 commit into from

Conversation

davidben
Copy link
Contributor

@davidben davidben commented Jun 3, 2023

This gives the unsuffixed names the correct signatures, and deprecates the suffixed names in favor of the now fixed unsuffixed ones. The suffixed names now forward to the unsuffixed ones.

(This isn't a semver-compatible change. But @alex tells me you all might be bumping that soon, so I'm uploading this to add to the queue. Also uploading to run it through CI because I'm sure I've gotten one of the myriad of configurations wrong. 😄)

@davidben davidben mentioned this pull request Jun 3, 2023
Merged
@sfackler
Copy link
Owner

sfackler commented Jun 3, 2023

We'll probably be bumping the openssl crate soon, but openssl-sys may be staying as-is unfortunately. Cargo prevents multiple semver-incompatible copies of -sys crates from existing in a dependency tree, so going from openssl-sys 0.9 to 0.10 is hugely disruptive to the ecosystem :(

It has been a while since I've checked in on the state of things though, so there may be ways of cleaning this up anyway.

@alex
Copy link
Collaborator

alex commented Jun 3, 2023

@sfackler I thought we wanted to do it for foreign-type, is that only in openssl?

@davidben
Copy link
Contributor Author

davidben commented Jun 3, 2023

The motivation here was that #1945 left out doing anything about https://github.com/sfackler/rust-openssl/blob/master/openssl/src/ssl/bio.rs#L193. Making BIO and BIO_METHOD opaque isn't as high priority for me as the others, but still you should be using the actual APIs for this.

The problem is we'd otherwise have to add this __fixed_rust mess to bssl-sys, and I'm not excited about bssl-sys having to replicate the old mistakes here. There's a few places where rust-openssl has cfg(boringssl) branches, but that's also pretty tedious.

Particularly for a low-level crate like openssl-sys, getting in a state where you can never fix bugs sounds unfortunate.

@davidben
Copy link
Contributor Author

davidben commented Jun 3, 2023
edited

Not just low-level, but also an FFI. Rust has numerous deficiencies around FFI, so it's very likely the correct ways to do things will shift over time. (E.g. there's an issue where Rust and C's incompatible empty slice representations mean basically every FFI crate is unsound, including this one. I still need to write that up.)

@davidben
Copy link
Contributor Author

davidben commented Jun 3, 2023

(Looks like I got some business wrong around unsafe with some of the functions. Will stare at that later and fix.)

@sfackler
Copy link
Owner

sfackler commented Jun 3, 2023

Yep, foreign_types is only used in the openssl crate.

One option we could take is to just make the change on 0.9. It'll break people that use an old openssl-sys against a new openssl, but that's probably preferrable to the major bump mess?

@alex
Copy link
Collaborator

alex commented Jun 3, 2023 via email

@davidben
Copy link
Contributor Author

davidben commented Jun 4, 2023

(Looks like I got some business wrong around unsafe with some of the functions. Will stare at that later and fix.)

Resolved.

@davidben
Unwind the __fixed_rust business
198f620 
This gives the unsuffixed names the correct signatures, and deprecates
the suffixed names in favor of the now fixed unsuffixed ones. The
suffixed names now forward to the unsuffixed ones.
@alex
Copy link
Collaborator

alex commented Jun 8, 2023

So, I've attempted to build a bunch of ecosystem crates with -Z minimal-versions to see what happens if you play with openssl-sys and openssl versions independently. My conclusion is that basically everyone's minimal versions are already broken. rust-native-tls is an example where I can't even figure out what the correct minimums are.

rust-lang/git2-rs#960 and alexcrichton/curl-rust#503 are examples of PRs fixing this.

I want to try to make the compatibility matrix explicit here:

Old openssl New openssl
Old openssl-sys n/a[0] Broken[1]
New openssl-sys Hard[2] Fine[3]
  1. Who cares :-)
  2. New openssl will try to use the un-suffixed names with the new signature, which old openssl-sys doesn't support. But this one is rendered impossible because openssl can just set the minimum openssl-sys version.
  3. This one depends how old the openssl is. If it's just a little old, you're calling the __fixed_rust versions, which are maintained, so you're fine. If it's really old then you're assuming you can call the un-suffixed with their current signature, which will break.
  4. Obviously :-)

So all of this really hinges on: What version of openssl started using the suffixed names, and not the unsuffixed ones? And does anyone still use that version of openssl?

Did I get my analysis right? Does anyone know what version that was? I can go look at the mininums for widely used crates + download data from there.

@alex
Copy link
Collaborator

alex commented Jun 9, 2023

I believe 1ce53a6 is the commit that introduced the distinction, meaning https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.39 is the first release to contain it.

@alex
Copy link
Collaborator

alex commented Jun 9, 2023

Ok, I spent some time with the crates.io, it looks like for all of 2023, 92% of downloads of openssl are for versions >= 0.10.39. Looking at just June 2023 (i.e., about a week), 93.3% of downloads of openssl are for versions >= 0.10.39.

Methodology

If you're curious how I did this:

  1. Download all the data from https://crates.io/data-access
  2. Convert the CSVs to parquet with https://github.com/alex/csv-to-parquet (nb, currently hardcoded for TSVs, so requires editing the code)
  3. Get the crate_id for openssl from crates.parquet - 231
  4. Get the version_id for 0.10.39 from versions.parquet - 542827
  5. Compute total downloads in the period: select sum(download_count) from (select v.id, v.num, sum(vd.downloads::int) as download_count from 'version_downloads.parquet' vd inner join 'versions.parquet' v ON vd.version_id = v.id WHERE v.crate_id = 231 AND vd.date LIKE '2023-%' group by v.id, v.num order by v.id::int asc);
  6. Compute downloads of versions >= 0.10.39: select sum(download_count) from (select v.id, v.num, sum(vd.downloads::int) as download_count from 'version_downloads.parquet' vd inner join 'versions.parquet' v ON vd.version_id = v.id WHERE v.crate_id = 231 AND vd.date LIKE '2023-%' and v.id::int >= 542827 group by v.id, v.num order by v.id::int asc);
  7. Do division

@alex
Copy link
Collaborator

alex commented Jul 1, 2023

I've now got myself a little data pipeline for computing these stats on demand. Here's the percent of openssl downloads that are >= 0.10.39 by month:

2023-04 | 92.72%
2023-05 | 93.58%
2023-06 | 94.26%

@alex
Copy link
Collaborator

alex commented Dec 7, 2023

We're now up to 97.59% of downloads of openssl being >= 0.10.39 in the last month.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@davidben @sfackler @alex