[SERVER-62381] CSFLE: remove shared library dependency to libsasl2 Created: 05/Jan/22  Updated: 29/Oct/23  Resolved: 11/Jan/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.3.0

Type: Task Priority: Major - P3
Reporter: Erwin Pe Assignee: Erwin Pe
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Security 2022-01-24
Participants:

 Description   

Current builds of the mongo_csfle_v1 shared library are pulling in libsasl2.so/dll as a DT_NEEDED dependency, which is unnecessary. There should be a way to tell scons to exclude sasl2 when building the shared library. Something like --use-sasl=none, modeled after --js-engine=none.

 

Edit: per the conversation below, we can accomplish this task by simply adding --enterprise-features=fle to the scons flags when building the csfle shared library.



 Comments   
Comment by Githook User [ 11/Jan/22 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-62381 CSFLE: remove shared library dependency to libsasl2
Branch: master
https://github.com/mongodb/mongo/commit/ea873bd665c5baf534b6e58f98a2bc5c4b427bf7

Comment by Erwin Pe [ 06/Jan/22 ]

Yes, just including the enterprise module in the build sets MONGO_BUILD_SASL_CLIENT to True regardless of --use-sasl-client, which then causes the "sasl2" (and "secur32" on windows) to be added to SYSLIBDEPS in src/mongo/client/SConscript. But looking closer at enterprise/build.py, it seems we can avoid this override by simply excluding 'sasl' from the list of enterprise features enabled, which can be controlled through the --enterprise-features flag.

Comment by Andrew Morrow (Inactive) [ 06/Jan/22 ]

Have you looked into the relationship between --use-sasl-client, the MONGO_BUILD_SASL_CLIENT SCons variable, and the direct override to MONGO_BUILD_SASL_CLIENT in the enterprise module when the sasl enterprise feature is enabled? I'd be surprised if there isn't enough machinery already there to do what is required.

Generated at Thu Feb 08 05:54:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.