Bump hiredis to v1.2.0

[thomasdesr]

Why are these changes needed?

Bump to latest to fix outstanding vulnerabilities

Related issue number

Closes #40279

Checks

• I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
• I've run scripts/format.sh to lint the changes in this PR.
• I've included any doc changes needed for https://docs.ray.io/en/master/.
  • I've added any new APIs to the API Reference. For example, if I added a
    method in Tune, I've added it in doc/source/tune/api/ under the
    corresponding .rst file.
• I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
• Testing Strategy
  • Unit tests
  • Release tests
  • This PR is not tested :(

[rkooo567]

Hmm actually all the windows build seem to fail?

[mattip]

The windows error starts with

external/com_github_redis_hiredis/alloc.c(40): error C2065: 'strdup': undeclared identifier

Does that version work with MSVC?

[mattip]

This diff will fix the failure in alloc.c. There is still a failure to build boringssl. I don't really understand a few things:

• what changed, why does master build boringssl and this version does not?
• why use boringssl for hiredis, and openssl for redis? It seems openssl is more prevalent, especially in the documentation.
• If we are talking about security, why is openssl pinned to the very old openssl v1.1.1f when there are security releases, the final 1.1.1 version is 1.1.1w

Anyhow, here is what I have so far

diff --git a/thirdparty/patches/hiredis-windows-msvc.patch b/thirdparty/patches/hiredis-windows-msvc.patch
index 2d05b117c4..733cb75665 100644
--- a/thirdparty/patches/hiredis-windows-msvc.patch
+++ b/thirdparty/patches/hiredis-windows-msvc.patch
@@ -17,7 +17,7 @@ diff --git sds.h sds.h
 diff --git fmacros.h fmacros.h
 --- fmacros.h
 +++ fmacros.h
-@@ -12,0 +12,3 @@
+@@ -13,0 +13,3 @@
 +#if defined(_MSC_VER) && !defined(__clang__) && !defined(strdup)
 +#define strdup _strdup
 +#endif

[rkooo567]

Seems like this is still failing. @iycheng do you know the answer for questions ^?

[peytondmurray]

@rkooo567 @iycheng It would be nice to keep this from falling through the cracks. @iycheng do you have any information about the questions above?

[stale]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

• If you'd like to keep this open, just leave any comment, and the stale label will be removed.

[mattip]

I rebased to see if by magic anything changed and boringssl now builds on windows.

[rkooo567]

@mattip since we don't support ray ha in windows, the best way forward seems to just not include redis for windows build. Do you think it is possible to take this approach instead?

[mattip]

the best way forward seems to just not include redis for windows build

I see redis-client is a dependency of _raylet, gcs_pub_sub_lib, gcs_client_lib, gcs_table_storage_test_lib, gcs_table_storage_lib, chaos_redis_store_client_test. Will any of that work without redis?

[mattip]

Also see #42098

[stephanie-wang]

the best way forward seems to just not include redis for windows build

I see redis-client is a dependency of _raylet, gcs_pub_sub_lib, gcs_client_lib, gcs_table_storage_test_lib, gcs_table_storage_lib, chaos_redis_store_client_test. Will any of that work without redis?

Is it possible to include redis-client but not redis server?

[mattip]

Is it possible to include redis-client but not redis sever?

I don't think that would solve the current problem. The dependency is redis_client depends on hiredis, and hiredis does not build on windows due to a failure to build boringssl:

ERROR: C:/tmp/wqe5u2zk/external/com_github_redis_hiredis/BUILD.bazel:28:11: Compiling ssl.c failed: (Exit 2): cl.exe failed: error executing command
...
external/boringssl/src/include\openssl/base.h(299): error C2059: syntax error: '<parameter-list>'
external/boringssl/src/include\openssl/pkcs7.h(123): error C2059: syntax error: '<parameter-list>'
external/boringssl/src/include\openssl/x509.h(186): error C2059: syntax error: '<parameter-list>'
external/boringssl/src/include\openssl/x509.h(189): error C2059: syntax error: '<parameter-list>'
external/boringssl/src/include\openssl/x509.h(325): error C2059: syntax error: '('

[rkooo567]

@mattip everything will work without redis actually. It is only used when GCS HA is enabled (which is not supported in windows anyway).

[rkooo567]

is it possible to just make it build mocked version if it is used for Windows?

[mattip]

It is only used when GCS HA

What is the name of GCS HA in bazel terms? In other words: where is this non-windows-only dependency expressed in the bazel build?

[mattip]

is it possible to just make it build mocked version if it is used for Windows?

If redis_client is never needed for windows, it would be better to redo BUILD.bazel to include it only when building on non-windows. Is there a way to express this in bazel?

[rkooo567]

ray/src/ray/gcs/gcs_server/gcs_server.cc

Line 76 in eb19da2

case StorageType::IN_MEMORY:

I don't think there's a way to express this in bazel build now, but redis is used only when this condition is met (and in Windows, you always go to IN_MEMORY).

[rkooo567]

Not sure if there's a good way to just not include redis in this case. I wonder if we don't import any redis related dependency if the platform is windows within code?

[mattip]

Not sure if there's a good way to just not include redis in this case

There should be a way to tell bazel "do not add redis_client to the dependencies" in BUILD.bazel, would something like this work?

deps = select({
        "@bazel_tools//src/conditions:windows": [
            <everything but redis_client>
        ],
        "//conditions:default": [
            <everything including redis_client>
        ],
    }),

[rkooo567]

I think that could work, but we also need #ifndef _WIN32 within code where redis client is imported and used (I believe gcs_server.cc).

[rkooo567]

@mattip ^ Does it make sense? We can also discuss in person to quickly find a solution.

[mattip]

we also need #ifndef _WIN32 within code where redis client is imported

Yes, makes perfect sense. I will try to push that into this PR.

[mattip]

I am trying to untangle this. I have excluded redis_client, but that is not enough. I need to exclude the actual redis sources from gcs:

diff --git a/BUILD.bazel b/BUILD.bazel
index c1453b0037..f575eac8d0 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -2268,13 +2285,24 @@ ray_cc_library(
         ],
         exclude = [
             "src/ray/gcs/*_test.cc",
+            # These are conditionally included in ray_client
+            "src/ray/gcs/asio.cc",
+            "src/ray/gcs/redis_async_context.cc",
+            "src/ray/gcs/redis_client.cc",
+            "src/ray/gcs/redis_context.cc",
         ],
     ),
     hdrs = glob([
-        "src/ray/gcs/*.h",
-    ]),
+            "src/ray/gcs/*.h",
+        ],
+        exclude = [
+            "src/ray/gcs/asio.h",
+            "src/ray/gcs/redis_async_context.h",
+            "src/ray/gcs/redis_client.h",
+            "src/ray/gcs/redis_context.h",
+        ],
+    ),
     deps = [
-        ":hiredis",
         ":node_manager_fbs",
         ":node_manager_rpc",
         ":ray_common",
@@ -2284,7 +2312,10 @@ ray_cc_library(
         "//src/ray/protobuf:gcs_service_cc_proto",
         "//src/ray/util",
         "@boost//:asio",
-    ],
+    ] + select({
+        "@bazel_tools//src/conditions:windows": [],
+        "//conditions:default": [":hiredis", ":redis_client"],
+    }),
 )

 ray_cc_test(

but then various parts of the gcs table storage do not work. Is there someone who understands the interactions between redis and the gcs table storage who can give me some guidance?

[rkooo567]

cc @iycheng can you make some comments on ^?

[fishbone]

@mattip I think exclude hiredis building from windows actually needs more work. let me take a look at the building failure first.

[fishbone]

This diff will fix the failure in alloc.c. There is still a failure to build boringssl. I don't really understand a few things:

• what changed, why does master build boringssl and this version does not?
• why use boringssl for hiredis, and openssl for redis? It seems openssl is more prevalent, especially in the documentation.
• If we are talking about security, why is openssl pinned to the very old openssl v1.1.1f when there are security releases, the final 1.1.1 version is 1.1.1w

Sorry, I don't know the answer
I always think the dependence in bazel is a messy thing. Like grpc depends implicitly on boringssl and openssl is required for some other libs. Also it seems super hard to make things compiled successfully in bazel.

[mattip]

Getting closer. Now everything compiles, but there is a linking error:

hiredis.lib(ssl.obj) : error LNK2019: unresolved external symbol __imp_CertCloseStore referenced in function redisCreateSSLContextWithOptions
hiredis.lib(ssl.obj) : error LNK2019: unresolved external symbol __imp_CertEnumCertificatesInStore referenced in function redisCreateSSLContextWithOptions
hiredis.lib(ssl.obj) : error LNK2019: unresolved external symbol __imp_CertFreeCertificateContext referenced in function redisCreateSSLContextWithOptions
hiredis.lib(ssl.obj) : error LNK2019: unresolved external symbol __imp_CertOpenSystemStoreA referenced in function redisCreateSSLContextWithOptions

stack overflow thinks the link is missing Windows' crypt32.lib library. This would be the link command for hiredis.

[mattip]

DCO run is failing with

Commit sha: b31089f, Author: Yi Cheng, Committer: Yi Cheng; The sign-off is missing.

[mattip]

Ahh, additional_linker_inputs is not available in this version of bazel, I changed it to linkopts.

[fishbone]

all passed. merging it.