From 22ca6f7dad08e1779fdfebdd224945d05baf934d Mon Sep 17 00:00:00 2001
From: Lars Eggert <lars@eggert.org>
Date: Wed, 17 Jul 2024 12:25:06 +0300
Subject: [PATCH] ci: Try to use NSS package on Linux (#1900)

* ci: Bump Linux CI runners to `ubuntu-24.04`

Which is still being rolled out, but has a bunch of advantages for us.

* Try libnss3-dev deb

* See if updating fixes it

* Just upgrade

* NEEDRESTART_MODE

* sudo apt remove needrestart

* Again

* Again

* Omit `python-version`

* 3.8 -> 3.12

* ldd

* ~/.pki

* CHACHA20

* rm test-fixture/db/pkcs11.txt

* Minimize diff

* Print APT info

* Again

* Use libnss3-dev

* Cleanup

* Try and avoid azure mirror

* Again

* Again

* Again

* Again

* Again

* Again

* Again

* Again

* Again

* Hunch

* Try

* Minimize

* 24.04 -> latest
---
 .../actions/quic-interop-runner/action.yml    |  2 +-
 .github/workflows/actionlint.yml              |  1 -
 .github/workflows/check.yml                   |  2 +-
 .github/workflows/mutants.yml                 |  2 +-
 qns/Dockerfile                                | 20 ++++++-------------
 5 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/.github/actions/quic-interop-runner/action.yml b/.github/actions/quic-interop-runner/action.yml
index 1fd035cca5..d745d3f669 100644
--- a/.github/actions/quic-interop-runner/action.yml
+++ b/.github/actions/quic-interop-runner/action.yml
@@ -42,7 +42,7 @@ runs:
 
     - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
-        python-version: 3.8
+        python-version: 3.12
         cache: 'pip'
         cache-dependency-path: 'quic-interop-runner/requirements.txt'
 
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index 9bca07561d..4aae14e5c4 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -29,4 +29,3 @@ jobs:
         run: |
           echo "::add-matcher::.github/actionlint-matcher.json"
           ${{ steps.get_actionlint.outputs.executable }} -color
-
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index bf0e67b755..f6cae3495b 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -49,7 +49,7 @@ jobs:
         env:
           DEBIAN_FRONTEND: noninteractive
         run: |
-          sudo apt-get install -y --no-install-recommends gyp mercurial ninja-build lld
+          sudo apt-get install -y --no-install-recommends libnss3-dev pkg-config lld
           echo "RUSTFLAGS=-C link-arg=-fuse-ld=lld" >> "$GITHUB_ENV"
 
       - name: Install dependencies (MacOS)
diff --git a/.github/workflows/mutants.yml b/.github/workflows/mutants.yml
index 9b98cac296..f5a08509e0 100644
--- a/.github/workflows/mutants.yml
+++ b/.github/workflows/mutants.yml
@@ -25,7 +25,7 @@ jobs:
         env:
           DEBIAN_FRONTEND: noninteractive
         run: |
-          sudo apt-get install -y --no-install-recommends gyp mercurial ninja-build lld
+          sudo apt-get install -y --no-install-recommends libnss3-dev pkg-config lld
           echo "RUSTFLAGS=-C link-arg=-fuse-ld=lld" >> "$GITHUB_ENV"
 
       - name: Fetch and build NSS and NSPR
diff --git a/qns/Dockerfile b/qns/Dockerfile
index 959d2da972..cb681ffe3f 100644
--- a/qns/Dockerfile
+++ b/qns/Dockerfile
@@ -1,7 +1,7 @@
 FROM martenseemann/quic-network-simulator-endpoint@sha256:91b21d42e23023e08c5ed63c1c08ec24d058c4b30edd52aa3bd74bee87096a5b AS buildimage
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    git coreutils build-essential libclang-dev lld gyp ninja-build zlib1g-dev python \
+    libclang-dev libnss3-dev pkg-config lld \
     && apt-get autoremove -y && apt-get clean -y \
     && rm -rf /var/lib/apt/lists/*
 
@@ -47,16 +47,6 @@ RUN set -eux; \
 
 # End of copy from https://github.com/rust-lang/docker-rust...
 
-ENV NSS_DIR=/nss \
-    NSPR_DIR=/nspr \
-    LD_LIBRARY_PATH=/dist/Release/lib
-
-RUN set -eux; \
-    git clone --depth=1 https://github.com/nss-dev/nspr "$NSPR_DIR"; \
-    git clone --depth=1 https://github.com/nss-dev/nss "$NSS_DIR"
-
-RUN "$NSS_DIR"/build.sh --static -Ddisable_tests=1 -o
-
 ADD . /neqo
 
 RUN set -eux; \
@@ -68,10 +58,12 @@ RUN set -eux; \
 
 FROM martenseemann/quic-network-simulator-endpoint@sha256:91b21d42e23023e08c5ed63c1c08ec24d058c4b30edd52aa3bd74bee87096a5b
 
-ENV LD_LIBRARY_PATH=/neqo/lib
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libnss3-tools libnss3-dev \
+    && apt-get autoremove -y && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/*
+
 COPY --from=buildimage /neqo/target/release/neqo-client /neqo/target/release/neqo-server /neqo/bin/
-COPY --from=buildimage /dist/Release/lib/*.so /neqo/lib/
-COPY --from=buildimage /dist/Release/bin/certutil /dist/Release/bin/pk12util /neqo/bin/
 
 COPY qns/interop.sh /neqo/
 RUN chmod +x /neqo/interop.sh