curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Time to deprecate gskit

From: Calvin Buckley via curl-library <>
Date: Fri, 06 Jan 2023 13:44:48 -0400

On Tue, 2023-01-03 at 20:07 +0000, Sam James wrote:
> CCing Calvin who has a strong interest in this and might be able to
> coordinate something. He's not sub'd.
> Best,
> sam

Apologies for the late reply. I forgot to subscribe to the list when I
sent this, so my mail got eaten for the public list (sorry you'll be
receiving this one again Daniel!), but I took the time to revise this
based on things I've learned talking to someone at IBM.

Speaking as someone who has submitted patches to fix the curl build on
IBM i, I suspect there are some "dark matter" ILE curl users that
Patrick mentioned. I'm also in the habit of recommending curl to users
(because the built-in HTTP stuff was non-existent or very bad depending
on version) who need to do requests from RPG. (There is a nicer API on
newer versions on the OS, but it's only available through SQL, which
could be high overhead in some contexts. And it only does simpler HTTP
queries, nothing like what curl can do.)

(I note that there lots of users for PASE, but that's just basically
AIX w/ limitations. IBM provides ttheir own builds there.)

The big annoyances and possible challenges are:

- No CI; without this, everyone knows development is much harder if you
can't catch the FTBFS when it starts.
  - I have capacity on a shared system intended for open source
development. I should be able to set up some kind of CI runner here.
The very annoying part is Go isn't supported (bar an experimental port
of 1.16), so the stock GH Actions runner et al is likely to cause
trouble. I know Jenkins' runner works fine.
  - I talked to someone at IBM (who AFAIK has also contacted Daniel
privately) and they're trying to get resources available for CI, having
people look at things, etc.
- Not as many users, because no binary builds. It's pretty easy to
build, but having to build it at all is a hurdle. Not to mention the
other dependencies (zlib, libssh2).
  - I'd be tempted to offer binary builds that can be linked from
/download.html. Compilers let you target two versions back, and you can
get pretty much the entire install base that matters.
  - Binaries would basically involve a savefiles of the POSIX
filesystem parts (the headers) and the native system objects (the
shared library, build artifacts... also headers in a different form)
- GSKit is the system TLS library on i, and IBM is actually fairly good
about backporting feature updates to it for older versions of i (i.e.
TLSv1.3 et al). Plus features someone might care about like crypto
acceleration. However, it's definitely not popular anywhere else. Long-
term, it might be useful to look into porting a different TLS library,
even if it adds another dependency.
  - Native environment on i is basically something CHERI/WebAssembly
shaped, but with EBCDIC. Something like mbedTLS/BearSSL that doesn't
ask much of its host, sprinkled with iconv.

Received on 2023-01-06