Stability: Dynamic libraries dependencies

[hug-dev]

Definition: Linking and loading the same versions of libraries should still work in future stable versions of Parsec.
Enforcement: Stable versions of Parsec should not require newer dependencies.

Enforcement Check

A new stable version of Parsec should not introduce a requirement on a new library dependency. The dynamic libraries dependencies should be listed (with their working versions). The only ones I can think of now are the TSS libraries.

Dynamically loaded libraries like PKCS 11 implementations should also be looked at.

Testing

For testing, different versions of Parsec should be checked with the same set of supported dynamic libraries versions.

[hug-dev]

I think build-time dependencies like libclang should also be considered here as distributions often have the requirement that Parsec needs to be build locally, without internet connection. So that an upgrade to Parsec also means upgrade the needed dependencies to build it.

All dependencies (other than the ones locally compiled) should be listed with their working versions. If a new Parsec version requires a new version for one of those dependencies then it could be considered as a breaking change for the environment and should be communicated.

The version of those dependencies should be clearly set and the CI should break if a new version is required.

[hug-dev]

Looking at our various dependencies I noted down the important ones. There are of course other dependencies but they should be broadbly available where Parsec is running.

• cryptoki: dynamically loading a pkcs11 implementation at version 2.40
• bindgen: libclang version 6.0 or later
• pkg-config (no specific version requirement)
• parsec-interface (for targets other than x86/Aarch64): protoc (no specific version requirement)
• tss-esapi: TSS libraries version 2.3.3 or later
• psa-crypto: when dynamically linking to Mbed Crypto, Mbed Crypto from Mbed TLS version 2.25.0 or later
• psa-crypto: Python 3, C99 toolchain
• CMake
• Trusted Service library (no specific version requirement at this stage)

I think the ones we should note in the book and test are:

• version 2.40 of the PKCS11 interface (currently checked via testing through SoftHSM)
• libclang version 6.0. In our CI we use the default libclang-dev from Ubuntu 18.04 which happens to be libclang 6.0. We should probably pin it to libclang-6.0-dev instead.
• TSS libraries version 2.3.3: currently checked in CI
• Mbed TLS version 2.25.0. We compile Mbed Crypto from source at every build. Instead we should build it at version 2.25.0 on CI to make sure it still works in the future.