Skip to content

Commit

Permalink
drop plans with rustls [ci skip]
Browse files Browse the repository at this point in the history 
While this would be an interesting alternative in theory and the project
is active, related curl activity seems low and my recent attempt failed
hard when trying to (cross-)build it. This may have been entirely my own
fault/ignorance, and I did see similar happen with other Rust projects,
I don't see any reasonable way out. Short of having the stamina and free
time to spend weeks or months to crack it, for now I delete any plans to
use rustls with curl-for-win builds. Focusing instead on switching to
either LibreSSL or BoringSSL.
  • Loading branch information
@vszakats
vszakats committed Jan 12, 2023
1 parent b41bea6 commit 32cf700
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions _build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,6 @@ set -o xtrace -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o p
# - Enable Control Flow Guard (once toolchains support it): -ehcontguard (requires LLVM 13.0.0)
# - LLVM -mretpoline
# - GNU multiarg options `--opt value` -> `-—opt=value`?
# - rustls?
# https://github.com/rustls/rustls/archive/refs/tags/v/0.20.6.tar.gz
# $ cargo build --target={x86_64-pc-windows-gnullvm,aarch64-pc-windows-gnullvm,i686-pc-windows-gnu}

# Resources:
# - https://blog.llvm.org/2019/11/deterministic-builds-with-clang-and-lld.html
Expand Down

4 comments on commit 32cf700

@Andarwinux
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you're willing to use nightly rust, cross-compiling the rust project is also fairly easy (unless it depends on indexmap1.x). You can refer to my work. Existing compiler hardening such as CFG CET will also work.

rustup component add rust-src
export RUSTFLAGS="-C control-flow-guard=yes -C linker-plugin-lto -C embed-bitcode -C lto=thin -Z cf-protection=full" 
cargo build --release -Z build-std=std,panic_abort --target x86_64-pc-windows-gnullvm

@vszakats
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your pointer, I made a note of it! But, It seems quite a steep hill to climb,
and I'm already on my last strings with open source projects for the moment. We will
see in the future. (I'd hope that rust one day settles enough that it's possible to use a
stable env installed via a standard package manager. Rolling nightlies puts a very
high expectation on downstream and also prevents creating reproducible output.)

@Andarwinux
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd hope that rust one day settles enough that it's possible to use a
stable env installed via a standard package manager.

gnullvm will soon promote to a tier 2 target, at which point it will be possible to install prebuilt std via rustup without nightly. However, if you wish to use the system package manager rust, you will have to wait for build-std to become a stable feature. There is no deadline for this, but once it is stable, cross-compile rust will be as easy as golang.
By the way, rustup rustc is optimized with PGO+ThinLTO+BOLT, that is not available in system package manager rustc.

@vszakats
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking forwards for these to become standard features, it would help a lot.
The optimization can wait and will surely follow IMO.

Please sign in to comment.