Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HADOOP-17609. Make SM4 support optional for OpenSSL native code. #3019

Merged
merged 5 commits into from
Aug 8, 2024
Merged

HADOOP-17609. Make SM4 support optional for OpenSSL native code. #3019

merged 5 commits into from
Aug 8, 2024

Conversation

iwasakims
Copy link
Member

https://issues.apache.org/jira/browse/HADOOP-17609

This replaces #2847.

After HDFS-15098, OpensslCipher does not work with OpenSSL >= 1.1.1 without SM4 support. RHEL/CentOS 8 provides such openssl package. The OpensslCipher on such environment should be usable if users do not need SM4 feature.

$ rpm -q openssl-devel
openssl-devel-1.1.1g-12.el8_3.x86_64

$ bin/hadoop checknative 2>/dev/null
Native library checking:
hadoop:  true /home/centos/dist/hadoop-3.4.0-SNAPSHOT/lib/native/libhadoop.so.1.0.0
zlib:    true /lib64/libz.so.1
zstd  :  true /lib64/libzstd.so.1
bzip2:   true /lib64/libbz2.so.1
openssl: false Cannot find AES-CTR/SM4-CTR support, is your version of Openssl new enough?
ISA-L:   true /lib64/libisal.so.2
PMDK:    false The native code was built without PMDK support.

@iwasakims
Copy link
Member Author

iwasakims commented May 17, 2021
edited
Loading

I manually tested this by hadoop checknative after -Pnative -Pdist build on CentOS 8.

$ mvn clean install -DskipTests -DskipShade -Pnative -Pdist
$ hadoop-dist/target/hadoop-3.4.0-SNAPSHOT/bin/hadoop checknative
2021-05-17 11:19:03,102 INFO bzip2.Bzip2Factory: Successfully loaded & initialized native-bzip2 library system-native
2021-05-17 11:19:03,106 INFO zlib.ZlibFactory: Successfully loaded & initialized native-zlib library
2021-05-17 11:19:03,182 INFO nativeio.NativeIO: The native code was built without PMDK support.
Native library checking:
hadoop:  true /home/centos/srcs/hadoop/hadoop-dist/target/hadoop-3.4.0-SNAPSHOT/lib/native/libhadoop.so.1.0.0
zlib:    true /lib64/libz.so.1
zstd  :  true /lib64/libzstd.so.1
bzip2:   true /lib64/libbz2.so.1
openssl: true /lib64/libcrypto.so
ISA-L:   true /lib64/libisal.so.2
PMDK:    false The native code was built without PMDK support.

@iwasakims
Copy link
Member Author

I need additional fix to make falling back to JceSm4CtrCryptoCodec work. Tests should be fixed too.

@iwasakims
Copy link
Member Author

On CentOS 8, only TestCryptoCodec#testOpensslSm4CtrCryptoCodec was skipped as expected.

$ mvn test -Pnative -Dtest=TestCryptoCodec,TestOpensslCipher
...
[INFO] Running org.apache.hadoop.crypto.TestCryptoCodec
[WARNING] Tests run: 5, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 11.538 s - in org.apache.hadoop.crypto.TestCryptoCodec
[INFO] Running org.apache.hadoop.crypto.TestOpensslCipher
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.143 s - in org.apache.hadoop.crypto.TestOpensslCipher

On Ubuntu 18.04, all tests of TestCryptoCodec were executed since SM4 is supported by OpenSSL.

$ mvn test -Pnative -Dtest=TestCryptoCodec,TestOpensslCipher
...
INFO] Running org.apache.hadoop.crypto.TestCryptoCodec
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 12.002 s - in org.apache.hadoop.crypto.TestCryptoCodec
[INFO] Running org.apache.hadoop.crypto.TestOpensslCipher
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.098 s - in org.apache.hadoop.crypto.TestOpensslCipher

@iwasakims
Copy link
Member Author

On CentOS 8, OpensslAesCtrCryptoCodec is available while OpensslSm4CtrCryptoCodec is not.

$ bin/hadoop checknative
2021-05-17 13:02:39,196 DEBUG util.NativeCodeLoader: Trying to load the custom-built native-hadoop library...
2021-05-17 13:02:39,197 DEBUG util.NativeCodeLoader: Loaded the native-hadoop library
2021-05-17 13:02:39,324 INFO bzip2.Bzip2Factory: Successfully loaded & initialized native-bzip2 library system-native
2021-05-17 13:02:39,327 INFO zlib.ZlibFactory: Successfully loaded & initialized native-zlib library
2021-05-17 13:02:39,393 INFO nativeio.NativeIO: The native code was built without PMDK support.
Native library checking:
hadoop:  true /home/centos/srcs/hadoop/hadoop-dist/target/hadoop-3.4.0-SNAPSHOT/lib/native/libhadoop.so.1.0.0
zlib:    true /lib64/libz.so.1
zstd  :  true /lib64/libzstd.so.1
bzip2:   true /lib64/libbz2.so.1
openssl: true /lib64/libcrypto.so
ISA-L:   true /lib64/libisal.so.2
PMDK:    false The native code was built without PMDK support.


$ bin/hadoop key create key-sm4 -cipher 'SM4/CTR/NoPadding'
$ bin/hdfs dfs -mkdir /zone1
$ bin/hdfs crypto -createZone -path /zone1 -keyName key-sm4
$ bin/hdfs dfs -put README.txt /zone1/
2021-05-17 13:05:25,570 DEBUG util.PerformanceAdvisory: Crypto codec org.apache.hadoop.crypto.OpensslSm4CtrCryptoCodec is not available.
2021-05-17 13:05:25,570 DEBUG util.PerformanceAdvisory: Using crypto codec org.apache.hadoop.crypto.JceSm4CtrCryptoCodec.


$ bin/hadoop key create key-aes
$ bin/hdfs dfs -mkdir /zone2
$ bin/hdfs crypto -createZone -path /zone2 -keyName key-aes
$ bin/hdfs dfs -put NOTICE.txt /zone2/
2021-05-17 13:09:04,773 DEBUG crypto.OpensslAesCtrCryptoCodec: Using org.apache.hadoop.crypto.random.OpensslSecureRandom as random number generator.
2021-05-17 13:09:04,775 DEBUG util.PerformanceAdvisory: Using crypto codec org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec.

@iwasakims
Copy link
Member Author

On Ubuntu 18.04, OpensslSm4CtrCryptoCodec was available and worked.

$ bin/hadoop key create key-sm4 -cipher 'SM4/CTR/NoPadding'
$ bin/hdfs dfs -mkdir /zone1
$ bin/hdfs crypto -createZone -path /zone1 -keyName key-sm4
$ bin/hdfs dfs -put README.txt /zone1/
2021-05-17 13:39:45,686 DEBUG crypto.OpensslSm4CtrCryptoCodec: Using org.apache.hadoop.crypto.random.OpensslSecureRandom as random number generator.
2021-05-17 13:39:45,687 DEBUG util.PerformanceAdvisory: Using crypto codec org.apache.hadoop.crypto.OpensslSm4CtrCryptoCodec.

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 34s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+1 💚 mvninstall 34m 21s trunk passed
+1 💚 compile 20m 54s trunk passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
+1 💚 compile 18m 13s trunk passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
+1 💚 mvnsite 1m 33s trunk passed
+1 💚 shadedclient 88m 58s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 52s the patch passed
+1 💚 compile 20m 9s the patch passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
-1 ❌ cc 20m 9s /results-compile-cc-root-jdkUbuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04.txt root-jdkUbuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 generated 45 new + 282 unchanged - 45 fixed = 327 total (was 327)
+1 💚 golang 20m 9s the patch passed
+1 💚 javac 20m 9s the patch passed
+1 💚 compile 18m 13s the patch passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
-1 ❌ cc 18m 13s /results-compile-cc-root-jdkPrivateBuild-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08.txt root-jdkPrivateBuild-1.8.0_282-8u282-b08-0ubuntu120.04-b08 with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu120.04-b08 generated 7 new + 320 unchanged - 7 fixed = 327 total (was 327)
+1 💚 golang 18m 13s the patch passed
+1 💚 javac 18m 13s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 1m 31s the patch passed
+1 💚 shadedclient 15m 16s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 17m 0s hadoop-common in the patch passed.
+1 💚 asflicense 0m 55s The patch does not generate ASF License warnings.
163m 55s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/1/artifact/out/Dockerfile
GITHUB PR #3019
Optional Tests dupname asflicense compile cc mvnsite javac unit codespell golang
uname Linux d873047096f0 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 5dc1070
Default Java Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/1/testReport/
Max. process+thread count 1941 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/1/console
versions git=2.25.1 maven=3.6.3
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 54s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 test4tests 0m 0s The patch appears to include 2 new or modified test files.
_ trunk Compile Tests _
+1 💚 mvninstall 37m 37s trunk passed
+1 💚 compile 29m 25s trunk passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04
+1 💚 compile 24m 29s trunk passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
+1 💚 checkstyle 1m 8s trunk passed
+1 💚 mvnsite 1m 44s trunk passed
+1 💚 javadoc 1m 12s trunk passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 1m 45s trunk passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
+1 💚 spotbugs 2m 52s trunk passed
+1 💚 shadedclient 21m 31s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 1m 8s the patch passed
+1 💚 compile 28m 43s the patch passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04
-1 ❌ cc 28m 43s /results-compile-cc-root-jdkUbuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04.txt root-jdkUbuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 generated 18 new + 309 unchanged - 18 fixed = 327 total (was 327)
+1 💚 golang 28m 43s the patch passed
+1 💚 javac 28m 43s the patch passed
+1 💚 compile 22m 57s the patch passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
-1 ❌ cc 22m 57s /results-compile-cc-root-jdkPrivateBuild-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10.txt root-jdkPrivateBuild-1.8.0_292-8u292-b10-0ubuntu120.04-b10 with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu120.04-b10 generated 37 new + 290 unchanged - 37 fixed = 327 total (was 327)
+1 💚 golang 22m 57s the patch passed
+1 💚 javac 22m 57s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 checkstyle 1m 21s the patch passed
+1 💚 mvnsite 1m 40s the patch passed
+1 💚 javadoc 1m 8s the patch passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04
+1 💚 javadoc 1m 47s the patch passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
+1 💚 spotbugs 3m 10s the patch passed
+1 💚 shadedclient 21m 31s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 19m 20s hadoop-common in the patch passed.
+1 💚 asflicense 0m 53s The patch does not generate ASF License warnings.
225m 25s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/2/artifact/out/Dockerfile
GITHUB PR #3019
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell cc golang
uname Linux 0638ff4f5c49 4.15.0-128-generic #131-Ubuntu SMP Wed Dec 9 06:57:35 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 8188038
Default Java Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/2/testReport/
Max. process+thread count 3136 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/2/console
versions git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 51s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 1s codespell was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 test4tests 0m 0s The patch appears to include 3 new or modified test files.
_ trunk Compile Tests _
+1 💚 mvninstall 35m 2s trunk passed
+1 💚 compile 20m 44s trunk passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
+1 💚 compile 18m 1s trunk passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
+1 💚 checkstyle 1m 6s trunk passed
+1 💚 mvnsite 1m 33s trunk passed
+1 💚 javadoc 1m 4s trunk passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
+1 💚 javadoc 1m 37s trunk passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
+1 💚 spotbugs 2m 20s trunk passed
+1 💚 shadedclient 15m 38s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 0m 53s the patch passed
+1 💚 compile 20m 6s the patch passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
-1 ❌ cc 20m 6s /results-compile-cc-root-jdkUbuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04.txt root-jdkUbuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 generated 17 new + 310 unchanged - 17 fixed = 327 total (was 327)
+1 💚 golang 20m 6s the patch passed
+1 💚 javac 20m 6s the patch passed
+1 💚 compile 18m 4s the patch passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
-1 ❌ cc 18m 4s /results-compile-cc-root-jdkPrivateBuild-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08.txt root-jdkPrivateBuild-1.8.0_282-8u282-b08-0ubuntu120.04-b08 with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu120.04-b08 generated 46 new + 281 unchanged - 46 fixed = 327 total (was 327)
+1 💚 golang 18m 4s the patch passed
+1 💚 javac 18m 4s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 checkstyle 1m 5s the patch passed
+1 💚 mvnsite 1m 31s the patch passed
+1 💚 javadoc 1m 3s the patch passed with JDK Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04
+1 💚 javadoc 1m 35s the patch passed with JDK Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
+1 💚 spotbugs 2m 31s the patch passed
+1 💚 shadedclient 15m 55s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 17m 0s hadoop-common in the patch passed.
+1 💚 asflicense 0m 54s The patch does not generate ASF License warnings.
179m 5s
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/3/artifact/out/Dockerfile
GITHUB PR #3019
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell cc golang
uname Linux 03c5ca06e0ec 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / c1b7f59
Default Java Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
Multi-JDK versions /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.10+9-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_282-8u282-b08-0ubuntu1~20.04-b08
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/3/testReport/
Max. process+thread count 1653 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/3/console
versions git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@iwasakims
Copy link
Member Author

The cc warnings are not related to the patch. I'm working on false positive cc warnings on YETUS-1107.

@busbey
Copy link
Contributor

busbey commented Oct 22, 2021

any progress on YETUS-1107 @iwasakims ?

@iwasakims
Copy link
Member Author

@busbey I filed apache/yetus#227. Thanks for reminding me of this..

@iwasakims iwasakims mentioned this pull request Dec 10, 2021
Merged
4 tasks
@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 35m 38s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 test4tests 0m 0s The patch appears to include 3 new or modified test files.
_ trunk Compile Tests _
+1 💚 mvninstall 33m 7s trunk passed
+1 💚 compile 19m 35s trunk passed
+1 💚 checkstyle 1m 8s trunk passed
+1 💚 mvnsite 1m 45s trunk passed
+1 💚 javadoc 1m 52s trunk passed
+1 💚 spotbugs 2m 33s trunk passed
+1 💚 shadedclient 21m 40s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 1m 1s the patch passed
+1 💚 compile 18m 54s the patch passed
-1 ❌ cc 18m 54s /results-compile-cc-root.txt root generated 32 new + 173 unchanged - 32 fixed = 205 total (was 205)
+1 💚 golang 18m 54s the patch passed
+1 💚 javac 18m 54s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 checkstyle 1m 7s the patch passed
+1 💚 mvnsite 1m 43s the patch passed
+1 💚 javadoc 1m 49s the patch passed
+1 💚 spotbugs 2m 38s the patch passed
+1 💚 shadedclient 21m 51s patch has no errors when building and testing our client artifacts.
_ Other Tests _
-1 ❌ unit 17m 52s /patch-unit-hadoop-common-project_hadoop-common.txt hadoop-common in the patch passed.
+1 💚 asflicense 1m 1s The patch does not generate ASF License warnings.
184m 16s
Reason Tests
Failed junit tests hadoop.service.launcher.TestServiceInterruptHandling
hadoop.ipc.TestIPC
Subsystem Report/Notes
Docker ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/4/artifact/out/Dockerfile
GITHUB PR #3019
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell cc golang
uname Linux 0108ec7cb67a 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 19552b4
Default Java Red Hat, Inc.-1.8.0_312-b07
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/4/testReport/
Max. process+thread count 1262 (vs. ulimit of 5500)
modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/4/console
versions git=2.9.5 maven=3.6.3 spotbugs=4.2.2
Powered by Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org

This message was automatically generated.

@iwasakims
Copy link
Member Author

The test failures are not related. HADOOP-18046 was filed for TestIPC. cc warnings will be addressed after bumping Yetus to 0.14.0 (containing apache/yetus#227).

@jojochuang Are you ok to merge this?

@iwasakims iwasakims requested a review from jojochuang July 19, 2022 22:58
@snmvaughan
Copy link
Contributor

I was able to test this locally and it worked as expected.

@snmvaughan
Copy link
Contributor

I'd suggest making it easy to control with a Maven system property like -Dopenssl.no.sm4.

OPENSSL_NO_SM4.patch

@iwasakims
Copy link
Member Author

@snmvaughan Thanks for testing this.

I'd suggest making it easy to control with a Maven system property like -Dopenssl.no.sm4.

Please file another JIRA issue for you proposal. I'm not intending to disable SM4 even if the platform support it.

@zhengchenyu
Copy link
Contributor

@jojochuang @iwasakims
Are you ok to merge this pr? It seems that changes to the common project's c code may trigger "Doesn't support SM4 CTR." For example: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6813/5/artifact/out/patch-unit-hadoop-common-project_hadoop-common.txt

@iwasakims
Copy link
Member Author

@zhengchenyu I'm still willing to fix this and waiting for +1 from another committer.

steveloughran
steveloughran approved these changes Aug 7, 2024
View reviewed changes
Copy link
Contributor

@steveloughran steveloughran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did a quick review; hadn't noticed it still needed attention

+1 pending the changes

...op-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c Outdated Show resolved Hide resolved
...op-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/crypto/OpensslCipher.c
return JNI_FALSE;
}

if (alg == AES_CTR && (dlsym_EVP_aes_256_ctr != NULL && dlsym_EVP_aes_128_ctr != NULL)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so this requires both aes 128 and aes 256?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Both is loaded in loadAesCtr .

...p-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestOpensslCipher.java Outdated Show resolved Hide resolved
@hadoop-yetus
Copy link

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 0s Docker mode activated.
-1 ❌ docker 22m 18s Docker failed to build run-specific yetus/hadoop:tp-30537}.
Subsystem Report/Notes
GITHUB PR #3019
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3019/5/console
versions git=2.34.1
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@iwasakims
Copy link
Member Author

iwasakims commented Aug 8, 2024
edited
Loading

Related unit tests passed on my local environment. Manual testing looks fine as before on current trunk with the patch.

@iwasakims
Copy link
Member Author

for my reminder: In order to test SM4 codec, we need to put the jar of Bouncy Castle Provider on $JAVA_HOME/jre/lib/ext and add a line to $JAVA_HOME/jre/lib/security/java.security as described in the comment of HADOOP-15098.

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

@zhengchenyu
Copy link
Contributor

Related unit tests passed on my local environment. Manual testing looks fine as before.

The error does not appear to involve unit test.
It seems that some build server does not get docker repo's authorization. I have also encountered it before, when I start a new pr and another build server to execute, then pass. But I don't know how to fix authorization.

 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

@iwasakims iwasakims merged commit 2a50911 into apache:trunk Aug 8, 2024
1 of 2 checks passed
iwasakims added a commit that referenced this pull request Aug 8, 2024
@iwasakims
HADOOP-17609. Make SM4 support optional for OpenSSL native code. (#3019)
6dc13bd 
Reviewed-by: Steve Loughran <[email protected]>
Reviewed-by: Wei-Chiu Chuang <[email protected]>
(cherry picked from commit 2a50911)
@iwasakims
Copy link
Member Author

I merged this to trunk and branch-3.4. Thanks, @steveloughran.

steveloughran pushed a commit to steveloughran/hadoop that referenced this pull request Aug 15, 2024
@iwasakims @steveloughran
HADOOP-17609. Make SM4 support optional for OpenSSL native code. (apa…
e296603 
…che#3019)

Reviewed-by: Steve Loughran <[email protected]>
Reviewed-by: Wei-Chiu Chuang <[email protected]>
(cherry picked from commit 2a50911)
KeeProMise pushed a commit to KeeProMise/hadoop that referenced this pull request Sep 9, 2024
@iwasakims @KeeProMise
HADOOP-17609. Make SM4 support optional for OpenSSL native code. (apa…
5530de6 
…che#3019)

Reviewed-by: Steve Loughran <[email protected]>
Reviewed-by: Wei-Chiu Chuang <[email protected]>
Hexiaoqiao pushed a commit to Hexiaoqiao/hadoop that referenced this pull request Sep 12, 2024
@iwasakims @Hexiaoqiao
HADOOP-17609. Make SM4 support optional for OpenSSL native code. (apa…
18acabd 
…che#3019)

Reviewed-by: Steve Loughran <[email protected]>
Reviewed-by: Wei-Chiu Chuang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steveloughran steveloughran steveloughran approved these changes

@jojochuang jojochuang Awaiting requested review from jojochuang

Assignees
No one assigned
Labels
Common Native trunk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@iwasakims @hadoop-yetus @busbey @snmvaughan @zhengchenyu @steveloughran @jojochuang