Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link Python to distro-independent libcrypt.so #5008

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Link Python to distro-independent libcrypt.so #5008

wants to merge 2 commits into from

Conversation

TimoWilken
Copy link
Contributor

We use el7-built Python binaries on el9 as well, but there, only libcrypt.so.2 is available (as opposed to libcrypt.so.1 on el7). However, loading .so.2 runtime still works, so patchelf the python executable to refer to the generic unversioned library.

@zensanp Is there some way you could test this? You can build the package as we do in the nightly builds using aliBuild build -a slc7_x86-64 --docker-image registry.cern.ch/alisw/slc7-builder:patchelf Python (the regular build container doesn't yet have patchelf).

@TimoWilken
Link Python to distro-independent libcrypt.so
1813cb5 
We use el7-built Python binaries on el9 as well, but there, only
libcrypt.so.2 is available (as opposed to libcrypt.so.1 on el7).
However, loading .so.2 runtime still works, so patchelf the python
executable to refer to the generic unversioned library.
@TimoWilken TimoWilken mentioned this pull request May 26, 2023
Closed
@TimoWilken TimoWilken requested a review from ktf May 26, 2023 14:33
ktf
ktf reviewed May 28, 2023
View reviewed changes
python.sh Show resolved Hide resolved
@TimoWilken
Copy link
Contributor Author

Hi @ktf, I've tried various ways to avoid having to patch the binary after compilation, but none have worked for me:

  1. Static linking: this would require users to install the glibc-static system package on slc7 (or equivalent package elsewhere). This package is not present by default.
  2. Forcing the linker to use the unversioned libcrypt.so, not libcrypt.so.1: this doesn't seem to be possible as far as I can tell; apparently GNU ld still resolves symlinks and will link to libcrypt.so.1 even when -l:libcrypt.so is given instead of -lcrypt.

I can't see a way around the patching-after-compilation approach unfortunately.

@ktf
Copy link
Member

ktf commented Jun 2, 2023

How difficult it is to bring in our own libcrypto?

@TimoWilken
Copy link
Contributor Author

It's libcrypt (from glibc), not libcrypto (from openssl) in this case. I'm not sure compiling our own glibc is a good idea, but we might be able to use libxcrypt instead (which apparently Gentoo use as well). I don't know if this would cause any compatibility/interop problems with the host system (e.g. if we link against system libs that were linked against glibc's libcrypt), but the libxcrypt compatibility notes sound promising:

On Linux-based systems, by default libxcrypt will be binary backward compatible with the libcrypt.so.1 shipped as part of the GNU C Library. This means that all existing binary executables linked against glibc’s libcrypt should work unmodified with this library’s libcrypt.so.1.

However, the converse is not true: programs linked against libxcrypt will not work with glibc’s libcrypt. Also, programs that use certain legacy APIs supplied by glibc’s libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt) cannot be compiled against libxcrypt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ktf ktf ktf left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TimoWilken @ktf