2

I need to test a debugging tool on a variety of outdated distributions. I managed to install build-essential package on Debian Squeeze. The problem though is now that it's impossible to download sources from GitHub/GitLab with either git or curl/wget. The reason is simple - deprecation of the older SSL protocols, while curl or git don't know newer protocols. Is it possible to workaround this for the CI job that needs to do git clone or curl <gittag>.zip? You can see current GitHub Actions CI configuration for Debian Wheezy and Debian Jessie.

Anton Kochkov
  • 179
  • 1
    I wonder if you can get away with only installing a modern version of buxybox with the wget applet enabled somehow. – muru Aug 05 '20 at 13:16
  • You can try using SSH to clone from GitHub or GitLab. However, since these systems don't have security updates applied, they shouldn't be connected to the Internet, so you're probably better off unplugging them and using a bundle to transfer data via flash drive. – bk2204 Aug 06 '20 at 01:18
  • @bk2204 it's for CI so it doesn't really matter. They recreated every time for every build anyway. – Anton Kochkov Aug 06 '20 at 04:08

1 Answers1

2

In wheezy, git depends on libcurl3-gnutls 7.26.0 which in turn depends on libgnutls26 2.12.17. Curl depends on libssl1.0.0 1.0.1 (that's OpenSSL). These series are very out of date and I don't think current versions have a compatible ABI. So just compiling SSL libraries and putting them in /usr/local won't cut it.

If you only need a download tool, you could compile a current version of wget or curl with a statically linked openssl. For git this may be harder.

The easy brute-force approach is to arrange two installations that share a filesystem, for example installing one in a chroot. For your use case, it may be easier to have one CI action to do the initial downloading on a modern system and store the data locally, then have another CI action for the build and test on the obsolete system.

Gilles 'SO- stop being evil'
  • 829,060