Closed Bug 1395722 Opened 2 years ago Closed 2 years ago

link openssl statically when building sccache


(Firefox Build System :: General, enhancement)

Not set


(firefox57 fixed)

Tracking Status
firefox57 --- fixed


(Reporter: froydnj, Assigned: froydnj)




(2 files)

Our current sccache build links in openssl's libraries dynamically.  The
sonames of the dynamic libraries linked in are specific to the
CentOS/Fedora-ish systems that we build on; attempting to run the
generated sccache binaries on different systems (e.g. Debian-ish) will
result in failure.  All of our current automation images are
CentOS-based, but for various reasons, Debian-based images may be used
in the future, and it would be great to have an sccache binary to run on
such systems as well.  (It might also be interesting to distribute the
sccache binary we use to local developers as well, but that's a bit
further off.)

Therefore, this patch alters the sccache build on Linux to use static
linking for openssl.  We cannot use the system openssl we build on
because the system openssl links to libkrb5, and the distribution we use
for the system images does not provide static libraries of libkrb5.
Building openssl ourself enables us to eliminate the libkrb5 dependency.

An sccache binary from builds with this patch depends on the following

froydnj@hawkeye:~$ ldd sccache2/sccache =>  (0x00007ffe02b39000) => /lib/x86_64-linux-gnu/ (0x00007ff0e7403000) => /lib/x86_64-linux-gnu/ (0x00007ff0e71fb000) => /lib/x86_64-linux-gnu/ (0x00007ff0e6fdd000) => /lib/x86_64-linux-gnu/ (0x00007ff0e6dc6000) => /lib/x86_64-linux-gnu/ (0x00007ff0e69fc000)
	/lib64/ (0x0000557c8540b000) => /lib/x86_64-linux-gnu/ (0x00007ff0e66f2000)

which are standard on any Linux distribution.
I am open to suggestions on how to better integrate the openssl build.
Attachment #8903318 - Flags: review?(ted)
Blocks: 1163171
Blocks: 1396098
Comment on attachment 8903318 [details] [diff] [review]
link openssl statically when building sccache

Review of attachment 8903318 [details] [diff] [review]:

::: taskcluster/scripts/misc/
@@ +57,5 @@
> +
> +    pushd $(basename $OPENSSL_TARBALL .tar.gz)
> +    ./Configure --prefix=$OPENSSL_BUILD_DIRECTORY no-shared linux-x86_64
> +    make

You probably want a  -j `nproc --all` in there to make this a little faster, like we do in other build scripts:

Ideally we wouldn't have to rebuild this for every build, but I don't know how we'd usefully wire that up.
Attachment #8903318 - Flags: review?(ted) → review+
Ah, thanks for the pointer.  I additionally modified things to just install the
software, not the (extensive!) documentation.  Carrying over r+, doing an
all-platforms try run just to make sure something didn't break:
Attachment #8904582 - Flags: review+
Pushed by
link openssl statically when building sccache; r=ted.mielczarek
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.