Use OpenSSL 3.1.1 for //packaging/docker-image:rabbitmq

2023-06-14 12:14:09 +02:00 · 2023-06-14 12:14:09 +02:00 · d4ea19e9b2
parent 6aa66a9382
commit d4ea19e9b2
3 changed files with 15 additions and 12 deletions
--- a/8
+++ b/8
@ -64,10 +64,10 @@ container_pull(
 )

 http_file(
-    name = "openssl-1.1.1g",
-    downloaded_file_path = "openssl-1.1.1g.tar.gz",
-    sha256 = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46",
-    urls = ["https://www.openssl.org/source/openssl-1.1.1g.tar.gz"],
+    name = "openssl-3.1.1",
+    downloaded_file_path = "openssl-3.1.1.tar.gz",
+    sha256 = "b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674",
+    urls = ["https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz"],
 )

 http_file(
--- a/packaging/docker-image/BUILD.bazel
+++ b/packaging/docker-image/BUILD.bazel
@ -94,14 +94,14 @@ container_layer(
    name = "openssl_source_layer",
    directory = "/usr/local/src",
    env = {
-        "OPENSSL_VERSION": "1.1.1g",
+        "OPENSSL_VERSION": "3.1.1",
    },
    files = [
-        "build_install_openssh.sh",
+        "build_install_openssl.sh",
    ],
    tags = ["manual"],
    tars = [
-        "@openssl-1.1.1g//file",
+        "@openssl-3.1.1//file",
    ],
 )

@ -115,8 +115,8 @@ container_image(
 container_run_and_commit_layer(
    name = "openssl_layer",
    commands = [
-        "/usr/local/src/build_install_openssh.sh",
-        "rm /usr/local/src/build_install_openssh.sh",
+        "/usr/local/src/build_install_openssl.sh",
+        "rm /usr/local/src/build_install_openssl.sh",
    ],
    exec_properties = FIRECRACKER_EXEC_PROPS,
    image = ":openssl_source.tar",
@ -182,6 +182,7 @@ container_image(
        "RABBITMQ_LOGS": "-",
    },
    layers = [
+        ":openssl_layer",
        ":otp_layer",
        ":rabbitmq_tarball_layer",
    ],
@ -217,6 +218,7 @@ container_image(
        "LC_ALL": C_UTF8,
    },
    layers = [
+        ":openssl_layer",
        ":otp_layer",
        ":rabbitmq_layer",
    ],
--- a/packaging/docker-image/build_install_openssl.sh
+++ b/packaging/docker-image/build_install_openssl.sh
@ -17,12 +17,13 @@ BUILD='???' \

 # Compile, install OpenSSL, verify that the command-line works & development headers are present
 make -j "$(getconf _NPROCESSORS_ONLN)"
-make install_sw install_ssldirs
+make install
 cd ..
 rm -rf "$OPENSSL_PATH"*
-ldconfig
+echo "/usr/local/lib64" > /etc/ld.so.conf.d/openssl-$OPENSSL_VERSION.conf
+ldconfig -v
 # use Debian's CA certificates
 rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"
 ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
 # smoke test
-openssl version
+openssl version -a