Skip to content

Overhaul feature flags for DNSSEC / crypto #553

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Overhaul feature flags for DNSSEC / crypto #553

wants to merge 1 commit into from

Conversation

@bal-e
Copy link
Contributor

@bal-e bal-e commented Jun 30, 2025

  • ring and openssl now enable a shared unstable-crypto-backend feature, which is used internally to test whether a common backend is available.

  • Examples / doc tests in crypto, relying on crypto::common, have been moved to the submodule to avoid needing more cfg magic.

  • unstable-crypto now enables std; this requirement was previously undetected (and the CI will be adjusted to try to catch more of these over time), but compilation would fail without it.

  • unstable-sign and unstable-validator now fail to compile if ring and/or openssl are not enabled. Previously, those modules would remain configured out. Its status as a breaking change is debatable, but in any case it only affects unstable features.

@bal-e
Overhaul feature flags for DNSSEC / crypto
1e83a50 
- 'ring' and 'openssl' now enable a shared 'unstable-crypto-backend'
  feature, which is used internally to test whether a common backend is
  available.

- Examples / doc tests in 'crypto', relying on 'crypto::common', have
  been moved to the submodule to avoid needing more 'cfg' magic.

- 'unstable-crypto' now enables 'std'; this requirement was previously
  undetected (and the CI will be adjusted to try to catch more of these
  over time), but compilation would fail without it.

- 'unstable-sign' and 'unstable-validator' now fail to compile if
  'ring' and/or 'openssl' are not enabled.  Previously, those modules
  would remain configured out.  Its status as a breaking change is
  debatable, but in any case it only affects unstable features.
@bal-e bal-e requested a review from Philip-NLnetLabs June 30, 2025 13:43
@bal-e bal-e self-assigned this Jun 30, 2025
@bal-e
Copy link
Contributor Author

bal-e commented Jun 30, 2025

This should also fix the CI failure in #547.

@Philip-NLnetLabs
Copy link
Member

Philip-NLnetLabs commented Jun 30, 2025

Can we rename it to 'internal-crypto-backend' or any other convention to show that something is not to be used?

@partim
Copy link
Member

partim commented Nov 6, 2025

I think having a separate prefix for internal features would indeed be good. I don’t think we need a separate prefix for internal unstable features, though, given that they not user-facing, anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Philip-NLnetLabs Philip-NLnetLabs Awaiting requested review from Philip-NLnetLabs

Assignees

@bal-e bal-e

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bal-e @Philip-NLnetLabs @partim