diff options
| author | Harmen Stoppels <harmenstoppels@gmail.com> | 2022-06-17 07:25:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-16 23:25:32 -0600 |
| commit | 1c0bf12e5b21de3d77af2b1025479d30c4c94400 (patch) | |
| tree | bd58d91c4725c10dedbbdc5debd1e547e1c3441a | |
| parent | bf990bc8ec2d6c51f7f40bc6b0f7fb3bba897a96 (diff) | |
| download | spack-1c0bf12e5b21de3d77af2b1025479d30c4c94400.tar.gz spack-1c0bf12e5b21de3d77af2b1025479d30c4c94400.tar.bz2 spack-1c0bf12e5b21de3d77af2b1025479d30c4c94400.tar.xz spack-1c0bf12e5b21de3d77af2b1025479d30c4c94400.zip | |
openssl package: default to mozilla certs (#31164)
On Cray systems that use Cray Data Virtualization Service (DVS),
symlinks across filesystems are not allowed, either due to a bug, or
because they're simply not POSIX compliant [1].
Spack's OpenSSL package defaults to `certs=system` which comes down to
symlinking `/etc/ssl` in the Spack install prefix, triggering this
problem, resulting in mysterious installation failures.
Instead of relying on system certs, we can just use
`ca-certificates-mozilla`, and if users really need system certs, then
they're probably better off marking OpenSSL entirely as external.
[1] https://github.com/glennklockwood/cray-dvs
| -rw-r--r-- | var/spack/repos/builtin/packages/openssl/package.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/var/spack/repos/builtin/packages/openssl/package.py b/var/spack/repos/builtin/packages/openssl/package.py index 330ed05bc6..decc5029cc 100644 --- a/var/spack/repos/builtin/packages/openssl/package.py +++ b/var/spack/repos/builtin/packages/openssl/package.py @@ -85,10 +85,17 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package version('1.0.1h', sha256='9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093', deprecated=True) version('1.0.1e', sha256='f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3', deprecated=True) - variant('certs', default='system', + # On Cray DVS mounts, we can't make symlinks to /etc/ssl/openssl.cnf, + # either due to a bug or because DVS is not intended to be POSIX compliant. + # Therefore, stick to system agnostic certs=mozilla. + variant('certs', default='mozilla', values=('mozilla', 'system', 'none'), multi=False, description=('Use certificates from the ca-certificates-mozilla ' - 'package, symlink system certificates, or none')) + 'package, symlink system certificates, or use none, ' + 'respectively. The default is `mozilla`, since it is ' + 'system agnostic. Instead of picking certs=system, ' + 'one can mark openssl as an external package, to ' + 'avoid compiling openssl entirely.')) variant('docs', default=False, description='Install docs and manpages') variant('shared', default=False, description="Build shared library version") with when('platform=windows'): |