Details
-
Bug
-
Resolution: Gone away
-
Major - P3
-
None
-
None
-
None
-
ALL
-
Dev Tools 2018-12-17
Description
server-build-time pip installs of cryptographic packages are not being given the appropriate options to point them at the toolchain's openssl libraries. So they end up dynamically linked to the system's openssl libraries, which causes a misalignment and segfaults on some build variants.
(e.g. https://jira.mongodb.org/browse/BF-11234 )
The toolchain cannot anticipate every version of every cryptographic python package to have them available when mongo needs to be built on every buildvariant and every active mongo release branch.
It would be good if we provided a way to make these unanticipated pip installs always point at the toolchain openssl libraries and headers. When toolchain-builder makes the crpytography-2.0 python package, this is done by setting CFLAGS and LDFLAGS in a precise way, deriving values from `pkg-config openssl` with the `PKG_CONFIG_PATH` set to include the openssl stow directory's lib/pkgconfig (see https://github.com/10gen/toolchain-builder/blob/34052ef713cfab4a005f5b8a5fbab692beb1b423/scripts/build-python.sh#L203 ). This pattern needs to be made available for use during mongo configuration when we set up the `virtualenv`s from scons.