-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s2n-tls: disable unsupported feature (post-quantum cryptography) on mips64 #161163
Conversation
Latest push rebases and adds a commit message, no other changes. |
Rebased. #161158 has been merged, so this is usable now. |
S2N_NO_PQ is not supported on mips64. This patch disables it on that platform. This is needed because s2n-tls is used by aws, which is used by nix, which is used by nixpkgs. This patch is needed in order to complete the bootstrap.
Ping... |
@SuperSandro2000, would you mind taking a look at this? This package is needed in order for nixpkgs to be used to build This commit disables an extremely-experimental feature (post-quantum cryptographic algorithms) when building on a platform that nixpkgs does not yet support; the risk of causing regressions is tiny or zero. Like most cryptographic codes, the implementation of this feature uses lots of architecture-specific code to make things go faster (or to make them go slower, but execute in constant time). It would not surprise me if they hadn't gotten around to writing mips64 versions of these routines. This flag is recommended by the s2n-tls codebase itself, which says "S2N_NO_PQ Disables all Post Quantum Crypto code. You likely want this for older compilers or uncommon platforms." I tried
I suspect that maintainers are not jumping at the chance to merge this PR because they aren't experts on post-quantum cryptography. I'm not either. But I don't think it's necessary to be one in order to merge this -- the source code specifically recommends If time-travelers from the future use their quantum computer to break all of nixpkgs' cryptography, you can blame me. |
S2N_NO_PQ is not supported on mips64. This patch disables it on that platform. This is needed because s2n-tls is used by aws, which is used by nix, which is used by nixpkgs. This patch is needed in order to complete the bootstrap.
Motivation for this change
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes