Repository: kudu Updated Branches: refs/heads/master ac6311a09 -> 10f525519
Allow binaries built on el6.6+ to run on el6.4 This provides a workaround to an OpenSSL ABI compatibility break between el6.4 and later versions. See the comment in install-openssl-el6-workaround.sh for details. Change-Id: I115540d59580170404f9e65303214edf95b592e6 Reviewed-on: http://gerrit.cloudera.org:8080/5011 Tested-by: Kudu Jenkins Reviewed-by: Adar Dembo <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/10f52551 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/10f52551 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/10f52551 Branch: refs/heads/master Commit: 10f525519f5f3efb47fe89af22c188247cd9e37d Parents: ac6311a Author: Todd Lipcon <[email protected]> Authored: Tue Nov 8 14:38:58 2016 -0800 Committer: Adar Dembo <[email protected]> Committed: Wed Nov 9 20:37:11 2016 +0000 ---------------------------------------------------------------------- CMakeLists.txt | 8 +++ thirdparty/download-thirdparty.sh | 13 ++++ thirdparty/install-openssl-el6-workaround.sh | 78 +++++++++++++++++++++++ thirdparty/vars.sh | 2 + 4 files changed, 101 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/10f52551/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/CMakeLists.txt b/CMakeLists.txt index 08d936d..9a76424 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -843,6 +843,14 @@ ADD_THIRDPARTY_LIB(squeasel ## ## cmake -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl ... ## +## If no such OPENSSL_ROOT_DIR is specified, and we see that there is an OpenSSL +## binary in thirdparty (deposited there by thirdparty/install-openssl-el6-workaround.sh) +## then we'll use that one. See that script for more information. +set(CENTOS_6_4_OPENSSL_DIR "${THIRDPARTY_INSTALL_DIR}/openssl-el6-workaround/usr/") +if (NOT "${OPENSSL_ROOT_DIR}" AND + EXISTS "${CENTOS_6_4_OPENSSL_DIR}") + set(OPENSSL_ROOT_DIR "${CENTOS_6_4_OPENSSL_DIR}") +endif() find_package(OpenSSL 1.0.0 REQUIRED) include_directories(${OPENSSL_INCLUDE_DIR}) ADD_THIRDPARTY_LIB(openssl_ssl http://git-wip-us.apache.org/repos/asf/kudu/blob/10f52551/thirdparty/download-thirdparty.sh ---------------------------------------------------------------------- diff --git a/thirdparty/download-thirdparty.sh b/thirdparty/download-thirdparty.sh index 1a74a3e..9b8c8ce 100755 --- a/thirdparty/download-thirdparty.sh +++ b/thirdparty/download-thirdparty.sh @@ -252,5 +252,18 @@ if [ ! -d $BOOST_SOURCE ]; then echo fi +# Return 0 if the current system appears to be el6 (either CentOS or proper RHEL) +needs_openssl_workaround() { + test -f /etc/redhat-release || return 1 + rel="$(cat /etc/redhat-release)" + pat="(CentOS|Red Hat Enterprise).* release 6.*" + [[ "$rel" =~ $pat ]] + return $? +} +if needs_openssl_workaround && [ ! -d "$OPENSSL_WORKAROUND_DIR" ] ; then + echo Building on el6: installing OpenSSL from CentOS 6.4. + $TP_DIR/install-openssl-el6-workaround.sh +fi + echo "---------------" echo "Thirdparty dependencies downloaded successfully" http://git-wip-us.apache.org/repos/asf/kudu/blob/10f52551/thirdparty/install-openssl-el6-workaround.sh ---------------------------------------------------------------------- diff --git a/thirdparty/install-openssl-el6-workaround.sh b/thirdparty/install-openssl-el6-workaround.sh new file mode 100755 index 0000000..020aab6 --- /dev/null +++ b/thirdparty/install-openssl-el6-workaround.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# This script serves to workaround a problematic OpenSSL ABI change +# made between RHEL 6.4 and 6.5. Namely: +# +# RHEL 6.4's OpenSSL library is built with no symbol versioning. For example: +# $ objdump -T libssl.so | grep SSL_CTX_new +# 0000000000037110 g DF .text 0000000000000577 Base SSL_CTX_new +# +# RHEL 6.5's OpenSSL library has symbol versions. For example: +# $ objdump -T /usr/lib64/libssl.so | grep SSL_CTX_new +# 0000003ae8243610 g DF .text 0000000000000597 libssl.so.10 SSL_CTX_new +# +# Thus, if we build Kudu on RHEL 6.5 or later, the resulting binaries expect +# the versioned symbols in libssl and will not run on RHEL 6.4 or earlier: +# +# $ objdump -T kudu-tserver | grep SSL_CTX_new +# 0000000000000000 DF *UND* 0000000000000000 libssl.so.10 SSL_CTX_new +# +# In contrast, if a binary is built not expecting versioned symbols, the runtime +# linker can still resolve those symbols by choosing the versioned ones. Thus, +# binaries built against RHEL 6.4 are forward-compatible to later versions, but +# not vice versa. +# +# Note that Kudu cannot simply be built on RHEL 6.4 because the devtoolset toolchain is +# not available. So, given that we want to produce binaries that run on RHEL 6.4, +# we need to perform a workaround such that our binaries built on 6.6 don't depend +# on the versioned symbols in OpenSSL. This script provides such a workaround. +# +# The workaround itself is quite simple: we download the OpenSSL RPMs from CentOS 6.4 +# and unpack them into a directory in thirdparty/. If we then build against those +# the resulting binaries can run on either el6.4 or el6.6. + +set -e + +TP_DIR=$(cd "$(dirname "$BASH_SOURCE")"; pwd) +source $TP_DIR/vars.sh + +mkdir -p $OPENSSL_WORKAROUND_DIR +cd $OPENSSL_WORKAROUND_DIR + +# Clean up any previous leftovers. +rm -Rf usr etc + +# Download and unpack OpenSSL RPMs from CentOS 6.4. +# +# We have mirrored these in our S3 bucket, but the original sources are in +# http://vault.centos.org/6.4/os/x86_64/Packages/ . +for FILENAME in openssl-1.0.0-27.el6.x86_64.rpm openssl-devel-1.0.0-27.el6.x86_64.rpm ; do + FULL_URL="${CLOUDFRONT_URL_PREFIX}/${FILENAME}" + if [ -r "$FILENAME" ]; then + echo $FILENAME already exists. Not re-downloading. + else + echo "Fetching $FILENAME from $FULL_URL" + curl -L -O "${FULL_URL}" + fi + + echo "Unpacking $FILENAME" + rpm2cpio $FILENAME | cpio -idm +done + http://git-wip-us.apache.org/repos/asf/kudu/blob/10f52551/thirdparty/vars.sh ---------------------------------------------------------------------- diff --git a/thirdparty/vars.sh b/thirdparty/vars.sh index f25f290..80cffea 100644 --- a/thirdparty/vars.sh +++ b/thirdparty/vars.sh @@ -169,3 +169,5 @@ NVML_SOURCE=$TP_SOURCE_DIR/$NVML_NAME BOOST_VERSION=1_61_0 BOOST_NAME=boost_$BOOST_VERSION BOOST_SOURCE=$TP_SOURCE_DIR/$BOOST_NAME + +OPENSSL_WORKAROUND_DIR="$TP_DIR/installed/openssl-el6-workaround"
