Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nix awslc-fips #5035
base: main
Are you sure you want to change the base?
Nix awslc-fips #5035
Changes from all commits
8ccc1cf
67fbbac
6b11a02
e01328c
6cc997b
5c17009
8a5be4c
785650f
5beda10
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which version of awslc-fips is this? The one our CI calls "awslc-fips" or the one it calls "awslc-fips-2022"? Or is this a completely different version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR says it's fips-2024-09-27
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And I'm guessing that's not the "awslc-fips" used by the rest of the CI? Is the inconsistency a potential problem? Which version of awslc-fips SHOULD we be testing with?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the rest of the CI is 2022. My preference is to test with the newest version though. Not sure why we're able to upgrade our nix awslc version easier than the rest of the CI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Theoretically there is an aws-lc-fips release per year, and they are pretty stationary after release. This one is the ML-KEM and 140-3 validation flavor. Let discuss the SHOULD question offline, but we should add latest regardless.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These next couple of changes seem unrelated to awslc-fips? What's happening here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
iirc, the shellHook couldn't be appended to, so in order to change one value(PS1), the whole thing had to be redefined. There is one irreverent comment on 183 I'll remove though..