[SERVER-62381] CSFLE: remove shared library dependency to libsasl2 Created: 05/Jan/22 Updated: 29/Oct/23 Resolved: 11/Jan/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.3.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2022-01-24 |
| Participants: |
| Description |
|
Current builds of the mongo_csfle_v1 shared library are pulling in libsasl2.so/dll as a DT_NEEDED dependency, which is unnecessary. There should be a way to tell scons to exclude sasl2 when building the shared library. Something like --use-sasl=none, modeled after --js-engine=none.
Edit: per the conversation below, we can accomplish this task by simply adding --enterprise-features=fle to the scons flags when building the csfle shared library. |
| Comments |
| Comment by Githook User [ 11/Jan/22 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Erwin Pe [ 06/Jan/22 ] |
|
Yes, just including the enterprise module in the build sets MONGO_BUILD_SASL_CLIENT to True regardless of --use-sasl-client, which then causes the "sasl2" (and "secur32" on windows) to be added to SYSLIBDEPS in src/mongo/client/SConscript. But looking closer at enterprise/build.py, it seems we can avoid this override by simply excluding 'sasl' from the list of enterprise features enabled, which can be controlled through the --enterprise-features flag. |
| Comment by Andrew Morrow (Inactive) [ 06/Jan/22 ] |
|
Have you looked into the relationship between --use-sasl-client, the MONGO_BUILD_SASL_CLIENT SCons variable, and the direct override to MONGO_BUILD_SASL_CLIENT in the enterprise module when the sasl enterprise feature is enabled? I'd be surprised if there isn't enough machinery already there to do what is required. |