Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38130

python pip requirements must be customized to find toolchain openssl

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Gone away
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Build
    • None
    • ALL
    • Dev Tools 2018-12-17

    Description

      server-build-time pip installs of cryptographic packages are not being given the appropriate options to point them at the toolchain's openssl libraries. So they end up dynamically linked to the system's openssl libraries, which causes a misalignment and segfaults on some build variants.

      (e.g. https://jira.mongodb.org/browse/BF-11234 )

      The toolchain cannot anticipate every version of every cryptographic python package to have them available when mongo needs to be built on every buildvariant and every active mongo release branch.

      It would be good if we provided a way to make these unanticipated pip installs always point at the toolchain openssl libraries and headers. When toolchain-builder makes the crpytography-2.0 python package, this is done by setting CFLAGS and LDFLAGS in a precise way, deriving values from `pkg-config openssl` with the `PKG_CONFIG_PATH` set to include the openssl stow directory's lib/pkgconfig (see https://github.com/10gen/toolchain-builder/blob/34052ef713cfab4a005f5b8a5fbab692beb1b423/scripts/build-python.sh#L203 ). This pattern needs to be made available for use during mongo configuration when we set up the `virtualenv`s from scons.

      Attachments

        Activity

          People

            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            billy.donahue@mongodb.com Billy Donahue
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: