[jira] [Updated] (HADOOP-11216) Improve Openssl library finding

Mon, 27 Oct 2014 16:55:31 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-11216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colin Patrick McCabe updated HADOOP-11216:
------------------------------------------
    Attachment: HADOOP-11216.003.patch

* Use {{find_package(OpenSSL)}}, which relies on the built-in 
{{FindOpenSSL.cmake}} module.  This avoids the problem where we have to guess 
the version number (it is wildly different on different distros, and there is 
no major/minor version consistency).

* Set {{bundle.snappy.in.bin}} to false by default.  We definitely don't want 
to bundle openssl by default.  Given that the library has experienced several 
security vulnerabilities recently, we don't want to distribute it.

* Remove {{openssl.prefix}}, {{openssl.lib}}, {{openssl.include}}.  These were 
not implemented previously (they could be set, but they didn't do anything.)  
They  are not necessary because people can simply set the 
{{CMAKE_LIBRARY_PATH}} environment variable when building, or modify 
{{ld.so.conf}} to get the same effect.  We shouldn't need these in any case, 
since we should be linking against the system openssl.

> Improve Openssl library finding
> -------------------------------
>
>                 Key: HADOOP-11216
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11216
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Yi Liu
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-11216.003.patch
>
>
> When we compile Openssl 1.0.0\(x\) or 1.0.1\(x\) using default options, there 
> will be {{libcrypto.so.1.0.0}} in output lib dir, so we expect this version 
> suffix in cmake build file
> {code}
> SET(STORED_CMAKE_FIND_LIBRARY_SUFFIXES CMAKE_FIND_LIBRARY_SUFFIXES)
> set_find_shared_library_version("1.0.0")
> SET(OPENSSL_NAME "crypto")
> ....
> {code}
> If we don't bundle the crypto shared library in Hadoop distribution, then 
> Hadoop will try to find crypto library in system path when running.
> But in real linux distribution, there may be no {{libcrypto.so.1.0.0}} or 
> {{libcrypto.so}} even the system embedded openssl is 1.0.1\(x\).  Then we 
> need to make symbolic link.
> This JIRA is to improve the Openssl library finding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to