From af477c715965e6808bc1f218aa02a4d1b6c22120 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Wed, 11 Oct 2023 07:38:56 +0200 Subject: [PATCH] document limited Chromium support level --- README.md | 6 ++++-- chromium/README-Linux.md | 4 +++- chromium/README.md | 6 ++++-- chromium/scripts/README | 2 +- nginx/fulltest-provider/genconfig.py | 22 +++++++++++++--------- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 974c6ab2..d4fa17a3 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,8 @@ Currently supported packages: | **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl) | | **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | | **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx) | -| **Chromium** | [Github: oqs-demos/chromium](chromium) | [Binary for Ubuntu 20](https://github.com/open-quantum-safe/oqs-demos/releases/download/0.7.2/chromium-ubuntu-0.7.2.tgz) | + + | **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | | **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | | **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | @@ -32,7 +33,8 @@ Currently supported packages: -You can use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.5.0` and `liboqs v0.8.0`). Chromium and `oqs-boringssl` are no longer maintained to the same set of algorithms, so are not to be expected to (inter)operate fully with the test server. +You can use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.5.0` and `liboqs v0.8.0`). + ## Contributing diff --git a/chromium/README-Linux.md b/chromium/README-Linux.md index f4782757..92aaa957 100644 --- a/chromium/README-Linux.md +++ b/chromium/README-Linux.md @@ -1,3 +1,5 @@ +** WARNING: THESE INSTRUCTIONS ARE OUTDATED. CONTRIBUTIONS WELCOME TO BRING THIS TO THE LATEST UP- AND DOWNSTREAM CODE LEVEL ** + Note that both cloning the source code as well as building Chromium can take several hours if you do not have excellent network connectivity and serious multicore CPUs at your disposal: The download has a size of over 40GB and even a size-and-performance optimized build (see note below) takes 1143 CPU user minutes on a 2.6GHz i7 CPU, i.e. something like 300 minutes or 5 hours on a quad-core system. 0. Ensure the system requirements listed [here](https://chromium.googlesource.com/chromium/src/+/master/docs/linux/build_instructions.md#System-requirements) are met. @@ -64,4 +66,4 @@ If all steps outlined above have been successfully executed, one can extract a s ### Automated build scripts As the instructions above are complex and hard to get right the first time, a set of build scripts is included in the -scripts subdirectory. Please read scripts/README for more information on how to use them. \ No newline at end of file +scripts subdirectory. Please read scripts/README for more information on how to use them. diff --git a/chromium/README.md b/chromium/README.md index 89767667..a150dbeb 100644 --- a/chromium/README.md +++ b/chromium/README.md @@ -1,7 +1,9 @@ -This directory contains instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. Note that these instructions have been tested only on Windows 10, Ubuntu 18, 19, and 20 (x86_64) installations and apply at present only to a subset of quantum-safe key-exchanges as [documented here](https://github.com/open-quantum-safe/boringssl#key-exchange). +This directory contains no longer fully maintained instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms. Note that these instructions have been tested only on Windows 10 installations and apply at present only to a subset of quantum-safe key-exchanges as [documented here](https://github.com/open-quantum-safe/boringssl#key-exchange). + +Please note that the Linux instructions are outdated and do not allow proper operation of a PQ-Chromium variant. The information is solely retained for people accepting this limitation. This limitation by no means should be understood as a preference for proprietary operating systems by the OQS team: Our focus remains on the support of open source software -- but we do not have the bandwidth to keep supporting the Chromium and BoringSSL PQ software stack at the same level as we did in the past. We welcome contributions and contributors allowing us to change this; most welcome would be contributions to bring up the Linux instructions and [patch](oqs-changes.patch) to the latest up- and downstream code level. --- -[Build Instructions for Linux](README-Linux.md) +[Outdated Build Instructions for Linux](README-Linux.md) [Build Instructions for Windows](README-Windows.md) diff --git a/chromium/scripts/README b/chromium/scripts/README index 156fd72f..f3624d45 100644 --- a/chromium/scripts/README +++ b/chromium/scripts/README @@ -1,5 +1,5 @@ These scripts help facilitate a build of PQC-enabled Chromium. -They have been tested on Ubuntu 20.04 . +They had been tested on Ubuntu 20.04 **BUT NO LONGER ARE MAINTAINED**. How to use : diff --git a/nginx/fulltest-provider/genconfig.py b/nginx/fulltest-provider/genconfig.py index c03b5e4c..d8d327eb 100644 --- a/nginx/fulltest-provider/genconfig.py +++ b/nginx/fulltest-provider/genconfig.py @@ -117,8 +117,9 @@ def write_nginx_config(f, i, cf, port, _sig, k): # deactivate if you don't like tables: i.write(""+sig+""+k+""+str(port)+""+sig+"/"+k+"\n") - if k in chromium_algs and not ("_" in sig and (sig.startswith("p") or (sig.startswith("rsa")))): - cf.write(""+sig+""+k+""+str(port)+""+sig+"/"+k+"\n") + # chromium support discontinued + #if k in chromium_algs and not ("_" in sig and (sig.startswith("p") or (sig.startswith("rsa")))): + # cf.write(""+sig+""+k+""+str(port)+""+sig+"/"+k+"\n") # generates nginx config @@ -126,14 +127,17 @@ def gen_conf(filename, indexbasefilename, chromiumfilename): port = STARTPORT assignments={} i = open(indexbasefilename, "w") - cf = open(chromiumfilename, "w") + # chromium support discontinued + cf = None + #cf = open(chromiumfilename, "w") # copy baseline templates with open(TEMPLATE_FILE, "r") as tf: for line in tf: i.write(line) - with open(CHROMIUM_TEMPLATE_FILE, "r") as ctf: - for line in ctf: - cf.write(line) + #chromium support discontinued + #with open(CHROMIUM_TEMPLATE_FILE, "r") as ctf: + # for line in ctf: + # cf.write(line) with open(filename, "w") as f: # baseline config @@ -193,9 +197,9 @@ def gen_conf(filename, indexbasefilename, chromiumfilename): i.write("\n") i.write("\n") i.close() - cf.write("\n") - cf.write("\n") - cf.close() + #cf.write("\n") + #cf.write("\n") + #cf.close() with open(ASSIGNMENT_FILE, 'w') as outfile: json.dump(assignments, outfile)