zhangyiss/spack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl package: default to mozilla certs (#31164)

Browse Source 
On Cray systems that use Cray Data Virtualization Service (DVS),
symlinks across filesystems are not allowed, either due to a bug, or
because they're simply not POSIX compliant [1].

Spack's OpenSSL package defaults to `certs=system` which comes down to
symlinking `/etc/ssl` in the Spack install prefix, triggering this
problem, resulting in mysterious installation failures.

Instead of relying on system certs, we can just use
`ca-certificates-mozilla`, and if users really need system certs, then
they're probably better off marking OpenSSL entirely as external.

[1] https://github.com/glennklockwood/cray-dvs
This commit is contained in:
Harmen Stoppels 2022-06-17 07:25:32 +02:00 committed by GitHub
parent bf990bc8ec
commit 1c0bf12e5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
var/spack/repos/builtin/packages/openssl/package.py
View File

@ -85,10 +85,17 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package
version('1.0.1h', sha256='9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093', deprecated=True)
version('1.0.1e', sha256='f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3', deprecated=True)
variant('certs', default='system',
# On Cray DVS mounts, we can't make symlinks to /etc/ssl/openssl.cnf,
# either due to a bug or because DVS is not intended to be POSIX compliant.
# Therefore, stick to system agnostic certs=mozilla.
variant('certs', default='mozilla',
values=('mozilla', 'system', 'none'), multi=False,
description=('Use certificates from the ca-certificates-mozilla '
'package, symlink system certificates, or none'))
'package, symlink system certificates, or use none, '
'respectively. The default is `mozilla`, since it is '
'system agnostic. Instead of picking certs=system, '
'one can mark openssl as an external package, to '
'avoid compiling openssl entirely.'))
variant('docs', default=False, description='Install docs and manpages')
variant('shared', default=False, description="Build shared library version")
with when('platform=windows'):