Message 388463 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	barry, christian.heimes, gregory.p.smith, pablogsal
Date	2021-03-10.23:14:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1615418043.46.0.229114131093.issue43466@roundup.psfhosted.org>
In-reply-to

Content
Python's configure script has the option --with-openssl. It sets a path to a custom OpenSSL installation. Internally it provides OPENSSL_INCLUDES, OPENSSL_LIBS, and OPENSSL_LDFLAGS. The setup.py script turns the variables into include_dirs, library_dirs, and libraries arguments for _ssl and _hashlib extension modules. However neither --with-openssl nor setup.py sets a custom runtime library path (rpath). This makes it confusing and hard for users to use a custom OpenSSL installation. They need to know that a) they have to take care of rpath on the first place, and b) how to set an rpath at compile or runtime. Without an rpath, the dynamic linker either fails to locate libssl/libcrypto or load system-provided shared libraries. Ticket bpo-34028 contains examples of user issues. I propose to include a new option to make it easier for users to use a custom build of OpenSSL: --with-openssl-rpath=<DIR\|auto\|no> no (default): don't set an rpath auto: auto-detect rpath from OPENSSL_LDFLAGS (--with-openssl or pkg-config) DIR: set a custom rpath The option will only affect the rpath of _ssl and _hashlib modules. The default value "no" is fully backwards compatible with 3.9 and earlier.

Python's configure script has the option --with-openssl. It sets a path to a custom OpenSSL installation. Internally it provides OPENSSL_INCLUDES, OPENSSL_LIBS, and OPENSSL_LDFLAGS. The setup.py script turns the variables into include_dirs, library_dirs, and libraries arguments for _ssl and _hashlib extension modules.

However neither --with-openssl nor setup.py sets a custom runtime library path (rpath). This makes it confusing and hard for users to use a custom OpenSSL installation. They need to know that a) they have to take care of rpath on the first place, and b) how to set an rpath at compile or runtime. Without an rpath, the dynamic linker either fails to locate libssl/libcrypto or load system-provided shared libraries. Ticket bpo-34028 contains examples of user issues.

I propose to include a new option to make it easier for users to use a custom build of OpenSSL:

--with-openssl-rpath=<DIR|auto|no>

no (default): don't set an rpath
auto: auto-detect rpath from OPENSSL_LDFLAGS (--with-openssl or pkg-config)
DIR: set a custom rpath

The option will only affect the rpath of _ssl and _hashlib modules. The default value "no" is fully backwards compatible with 3.9 and earlier.

History
Date	User	Action	Args
2021-03-10 23:14:03	christian.heimes	set	recipients: + christian.heimes, barry, gregory.p.smith, pablogsal
2021-03-10 23:14:03	christian.heimes	set	messageid: <1615418043.46.0.229114131093.issue43466@roundup.psfhosted.org>
2021-03-10 23:14:03	christian.heimes	link	issue43466 messages
2021-03-10 23:14:03	christian.heimes	create