Skip to content

Unpin the nix installer after resolving s3 issue #5244

New issue
New issue
Closed
#5251
Closed
Unpin the nix installer after resolving s3 issue#5244
#5251
Assignees
dougch
Labels
priority/mediumRank 3size/small
@dougch

Description

@dougch
dougch
opened on Apr 4, 2025

Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

The kTLS test, which installs nix everytime on AL2023, started failing at 2025-04-04 9:00 PT with an error on the nix copy command complaining that doesn't know about s3.

There is also a warning now in the --help saying that nix must be compiled with AWS support for this to work.

It appears that nix released a new installer around that time, ver 2.28
https://releases.nixos.org/?prefix=nix/nix-2.28.0/

Need By Date:

Do you have a date that you need this issue resolved by? What is the reason for that date, and what are the consequences of missing it? Any additional information you can provide to help prioritize the issue is appreciated. However, we cannot guarantee that this issue will be fixed by the requested date.

Solution:

A description of the possible solution in terms of S2N architecture. Highlight and explain any potentially controversial design decisions taken.

  • Does this change what S2N sends over the wire? If yes, explain.
  • Does this change any public APIs? If yes, explain.
  • Which versions of TLS will this impact?

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

  • RFC links: Links to relevant RFC(s)
  • Related Issues: Link any relevant issues
  • Will the Usage Guide or other documentation need to be updated?
  • Testing: How will this change be tested? Call out new integration tests, functional tests, or particularly interesting/important unit tests.
    • Will this change trigger SAW changes? Changes to the state machine, the s2n_handshake_io code that controls state transitions, the DRBG, or the corking/uncorking logic could trigger SAW failures.
    • Should this change be fuzz tested? Will it handle untrusted input? Create a separate issue to track the fuzzing work.

Out of scope:

Is there anything the solution will intentionally NOT address?

Metadata

Metadata

Assignees

Labels

priority/mediumRank 3size/small

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions