Minimum development environment: 2021 edition - mbed-tls

31 Mar 2021


      Hello,
In a nutshell:
1. Must Mbed TLS support Python 3.4 to configure and test, or can 3.6 be
enough?
2. Must the supplied CMake scripts support 2.8.12.2, or can 3.5.2 be enough?
This thread is about minimum tool versions to configure, build and test
Mbed TLS (excluding TLS interoperability testing and some maintainer
scripts) on Linux and similar (Unix-like) platforms. (This is not about
the set of platforms where Mbed TLS will _run_, which is as close to
“anything with CHAR_BIT==8 and sizeof(size_t) >= 4” as we can make it.)
Our general guideline is that Mbed TLS should build out of the box on
supported versions of major desktop and server operating systems. In
practice, this has tended to mean supporting tool versions from
RHEL/CentOS, SLES and Ubuntu LTS releases (but not necessarily extended
security maintenance releases).
Last year
(https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/thread.html)
we concluded that we should support the following minimum versions,
which will remain supported in the Mbed TLS 2.16 long-time support (LTS)
branch:
clang   3.8
cmake   2.8.12.2
gcc     4.4
make    3.81
python  3.4 (in 2.16: only to build the unit tests, not to configure)
Since then, RHEL 6 and Ubuntu 16.04 have reached their end of life, the
CentOS world has changed considerably. Looking at maintained platforms
after April 2021
(https://github.com/ARMmbed/mbedtls/issues/2896#issuecomment-603471273),
our current goal for the upcoming Mbed TLS 2.x LTS (last release before
3.0) is:
clang   6.0
cmake   2.8.12.2 (or 3.5.2? or 3.10.2?)
gcc     4.8
make    3.82
python  3.6 (or 3.4.10?)
Regarding Python: is there any demand for supporting Python versions
older than 3.6? Python 3 is required to fine-tune the library
configuration (it is not needed if you use the default config.h or a
handwritten one) and build the unit tests.
Regarding CMake: it is increasingly problematic for us to support CMake
2.8.12, which is only required for RHEL 7: other distributions under
consideration have at least CMake 3.5. There is an ongoing effort to
improve our CMake scripts to make it easier to integrate Mbed TLS into a
larger project, but it is difficult to preserve backward compatibility
with 2.8.12. Would it be acceptable to require CMake >= 3.5? CMake >=
3.10.2?
If you have any constraints that are not captured here or if you have an
opinion regarding Python and CMake versions, please let us know quickly.
-- 
Gilles Peskine
Mbed TLS developer