rustic_core icon indicating copy to clipboard operation
rustic_core copied to clipboard

Published 20 hours ago verified publisher icon rustic-rs

feat: Add tls-native, tls-rustls features to allow building w/o Rustls

Open jirutka opened this issue 1 year ago • 8 comments

jirutka avatar Dec 30 '23 20:12 jirutka

Hey there, we are currently working on a relatively big refactor to an own rustic_backend crate, see #73.

We need to focus first on that one, before we are being able to merge this.

simonsan avatar Dec 31 '23 01:12 simonsan

Also regarding the topic, as there has been no issue, which needs to be fixed, and we haven't discussed it, could you elaborate a bit on the background:

  • What's your use case?
  • Why is this change needed?
  • What does it improve/solve?

simonsan avatar Dec 31 '23 05:12 simonsan

Agree to @simonsan - when the backend refactor is done, the TLS things will be all in the crate rustic_backends, so we better wait for the refactoring #73 to land!

Besides this, if there are use cases where you need other TLS options, I would very much agree to adding the possibilites as features. It might be that the depending crate(s) (e.g. opendal) need to support those features, too...

aawsome avatar Dec 31 '23 13:12 aawsome

What's your use case?

Packaging rustic for Alpine Linux.

Why is this change needed and what does it improve/solve?

Bundling (static linking) TLS library is a very bad idea from a security perspective, and Linux distributions try to avoid it. Also, rustls/ring doesn’t support all platforms supported by Rust, e.g. ppc64le and s390x.

jirutka avatar Dec 31 '23 17:12 jirutka

@jirutka if the features are mutually exclusive, could you throw a compile error in lib.rs, in case both are turned on?

#[cfg(all(feature = "tls-native", feature = "tls-rustls "))]
compile_error!("feature \"tls-native\" and feature \"tls-rustls \" cannot be enabled at the same time. Please disable one of them.");

simonsan avatar Jan 05 '24 00:01 simonsan

if the features are mutually exclusive, could you throw a compile error in lib.rs, in case both are turned on?

Sure, done.

jirutka avatar Jan 05 '24 00:01 jirutka

Now that #73 is merged, this PR can continue... @jirutka: Your changes should now go to crates/backend. Can you move this or do you need support?

Also, now that we have added opendal, this should be also treated - however, I don't know if this is already supported by opendal; this may need a bit of research.

aawsome avatar Jan 17 '24 10:01 aawsome

Hey there, if you would like to add this, can you adapt it to the changed structure and rustic_backend? I'm not sure how easy this is, or if it is even still possible with opendal. But maybe worth to look into it, we also got problems in our own CI/CD due to using aws-lc-sys which doesn't cross-compile really well.

simonsan avatar Nov 18 '24 15:11 simonsan