From 1c0bf12e5b21de3d77af2b1025479d30c4c94400 Mon Sep 17 00:00:00 2001 From: Harmen Stoppels Date: Fri, 17 Jun 2022 07:25:32 +0200 Subject: openssl package: default to mozilla certs (#31164) On Cray systems that use Cray Data Virtualization Service (DVS), symlinks across filesystems are not allowed, either due to a bug, or because they're simply not POSIX compliant [1]. Spack's OpenSSL package defaults to `certs=system` which comes down to symlinking `/etc/ssl` in the Spack install prefix, triggering this problem, resulting in mysterious installation failures. Instead of relying on system certs, we can just use `ca-certificates-mozilla`, and if users really need system certs, then they're probably better off marking OpenSSL entirely as external. [1] https://github.com/glennklockwood/cray-dvs --- var/spack/repos/builtin/packages/openssl/package.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/var/spack/repos/builtin/packages/openssl/package.py b/var/spack/repos/builtin/packages/openssl/package.py index 330ed05bc6..decc5029cc 100644 --- a/var/spack/repos/builtin/packages/openssl/package.py +++ b/var/spack/repos/builtin/packages/openssl/package.py @@ -85,10 +85,17 @@ class Openssl(Package): # Uses Fake Autotools, should subclass Package version('1.0.1h', sha256='9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093', deprecated=True) version('1.0.1e', sha256='f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3', deprecated=True) - variant('certs', default='system', + # On Cray DVS mounts, we can't make symlinks to /etc/ssl/openssl.cnf, + # either due to a bug or because DVS is not intended to be POSIX compliant. + # Therefore, stick to system agnostic certs=mozilla. + variant('certs', default='mozilla', values=('mozilla', 'system', 'none'), multi=False, description=('Use certificates from the ca-certificates-mozilla ' - 'package, symlink system certificates, or none')) + 'package, symlink system certificates, or use none, ' + 'respectively. The default is `mozilla`, since it is ' + 'system agnostic. Instead of picking certs=system, ' + 'one can mark openssl as an external package, to ' + 'avoid compiling openssl entirely.')) variant('docs', default=False, description='Install docs and manpages') variant('shared', default=False, description="Build shared library version") with when('platform=windows'): -- cgit v1.2.3-60-g2f50