build: upgrade to openssl@3

[xxchan]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

And fix the compilation & linking error in the nightly pre-built binary enviroment.

Q: Does the upgrade contain behavior changes?

TBO I'm not sure.

According to the migration guide, the changes should be very occasional.

It is the intention that the large majority of applications will work unchanged with OpenSSL 3.0 if those applications previously worked with OpenSSL 1.1.1. However this is not guaranteed and some changes may be required in some cases.

Upgrading to OpenSSL 3.0 from OpenSSL 1.1.1 should be relatively straight forward in most cases. The most likely area where you will encounter problems is if you have used low level APIs in your code (as discussed above). In that case you are likely to start seeing deprecation warnings when compiling your application.

AFAIK for us, openssl is only used by pgwire and rdkafka. I did some very basic manual test:

• pgwire: We only support very basic SSL: feat: introduce basic ssl connection #5775... And it's not broken
• rdkafa: manually tested with SCRAM-SHA-256 + SASL_SSL. It works.

Anyway, since openssl 1.1 is already EOL in September, we have to upgrade it sooner or later.

Checklist

• I have written necessary rustdoc comments
• I have added necessary unit tests and integration tests
• I have added test labels as necessary. See details.
• I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features Sqlsmith: Sql feature generation #7934).
• My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
• All checks passed in ./risedev check (or alias, ./risedev c)
• My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)

• My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

• My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

[xxchan]

I'm trying these, but no luck for now:

1. upgrade lld (since it's linker error, and the version is quite old)? But there's no pre-built package I can found. Trying build from source but need to build whole LLVM (too slow). Tried homebrew, but can't install brew because curl is too old...
2. upgrade to another linux image? The next stable manylinux is also CentOS, but it's GLIBC 2.28, which doesn't support Amazon Linux.. I also tried Amazon Linux, but it needs quite some work to install dependencies in different ways.

[xxchan]

pre-built binary success!!! https://buildkite.com/risingwavelabs/docker/builds/14759#018c216c-1f88-48ea-8f14-addc9e7fcafb

[huangjw806]

LGTM!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a73d940) 68.19% compared to head (ad144d7) 68.24%.
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13746      +/-   ##
==========================================
+ Coverage   68.19%   68.24%   +0.05%     
==========================================
  Files        1524     1524              
  Lines      262232   262250      +18     
==========================================
+ Hits       178829   178984     +155     
+ Misses      83403    83266     -137     

Flag	Coverage Δ
rust	68.24% <100.00%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[xiangjinwu]

Just adding a link for future (in 7 months) reference:
https://github.com/pypa/manylinux

The goal of the manylinux project is to provide a convenient way to distribute binary Python extensions as wheels on Linux. This effort has produced PEP 513 (manylinux1), PEP 571 (manylinux2010), PEP 599 (manylinux2014) and PEP 600 (manylinux_x_y).

PEP 599 defines the following platform tags:

• manylinux2014_x86_64
• ...

Wheels are built on CentOS 7 which will reach End of Life (EOL) on June 30th, 2024.

PEP 600 has been designed to be "future-proof" and does not enforce specific symbols and a specific distro to build. It only states that a wheel tagged manylinux_x_y shall work on any distro based on glibc>=x.y. The manylinux project supports:

• manylinux_2_24 images for x86_64, i686, aarch64, ppc64le and s390x.
• manylinux_2_28 images for x86_64, aarch64, ppc64le and s390x.

manylinux_2_28 (AlmaLinux 8 based)

manylinux_2_24 (Debian 9 based) - EOL

Support for manylinux_2_24 has ended on January 1st, 2023.

[xxchan]

very unfortunately 2_24 is already EOL. When 2014 (2_17) is EOL, we won’t have a nice alternative immediately. 🤡

2_28 is larger than Amazon Linux. And... Amazon Linux‘s EOL is sooooo long