fix: Uses rustls-tls for reqwest instead of requiring openssl
#1048
Conversation
There was a problem hiding this comment.
Instead of downgrading Ubuntu, we can download and install the library from the openssl archive:
FROM ubuntu:22.04
RUN apt update && apt install wget -y
RUN wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
RUN dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
docker/Dockerfile.bridge
Outdated
| FROM ubuntu:22.04 | ||
| FROM ubuntu:20.04 | ||
|
|
||
| RUN apt-get update && apt-get install libssl-dev -y |
There was a problem hiding this comment.
I'd say we consolidate this line with line 53...
RUN apt-get update && apt-get install libcurl4 -y && apt-get install libssl-dev -y
docker/Dockerfile.bridge
Outdated
| @@ -35,7 +35,9 @@ COPY ./rpc ./rpc | |||
| RUN cargo build -p trin -p portal-bridge --release | |||
|
|
|||
| # final base | |||
| FROM ubuntu:22.04 | |||
| FROM ubuntu:20.04 | |||
There was a problem hiding this comment.
I think it's also worth a comment mentioning why we're on an old ubuntu in both dockerfiles
There was a problem hiding this comment.
Though if @ogenev 's suggestion works, I agree it's better to keep ubuntu version up to date
There was a problem hiding this comment.
I think we should revert these changes and add default-features = false, to the cargo.toml in trin-beacon/light-client/cargo.toml
This way we no longer rely on openssl for TLS. Our default JSON-RPC already doesn't support TLS, so why should trin-beacon/light-client rpc support it
reqwest = { version = "0.11.13", default-features = false, features = ["json", "rustls-tls"] } this is another option which would keep TLS support, but not use openssl
|
Yeah so it seems like our solution should be |
mrferris
changed the title
rustls-tls for reqwest instead of requiring openssl
KolbyML
changed the title
rustls-tls for reqwest instead of requiring openssl
|
whoops didn't mean to switch your title on you xD editing each other's comments will lead to a lot of confusion and we should probably just put our thoughts in our own comments |
KolbyML
changed the title
rustls-tls for reqwest instead of requiring openssl
What was wrong?
/usr/bin/trin: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directorywhen running a docker image built from trin'sdocker/Dockerfile.I thought it was interesting that @njgheorghita saw this error but his instance kept running normally.
This was caused by this commit on master 00cbbd8
Which started using openssl through our reqwest library
How was it fixed?
By changing
reqwest = { version = "0.11.13", features = ["json"] }to
reqwest = { version = "0.11.13", default-features = false, features = ["json", "rustls-tls"] }default-features = falsedisables openssl from being usedfeatures = ["rustls-tls"]enables using the rust native tls libraryKolby tested the docker build on portal-hive and it works
To-Do