Bug 1395722 - link openssl statically when building sccache; r=ted.mielczarek
authorNathan Froyd <froydnj@mozilla.com>
Tue, 05 Sep 2017 11:37:51 -0400
changeset 428482 af2599f1d391fd2cb1c542d58ddb6debdbd87309
parent 428481 9fbd30932290df8363fdeb6c1923fed39dba9cbc
child 428483 8ec11dc8ccc40432e13f80fbaa8a109cd2cbf202
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1395722 - link openssl statically when building sccache; r=ted.mielczarek Our current sccache build links in openssl's libraries dynamically. The sonames of the dynamic libraries linked in are specific to the CentOS/Fedora-ish systems that we build on; attempting to run the generated sccache binaries on different systems (e.g. Debian-ish) will result in failure. All of our current automation images are CentOS-based, but for various reasons, Debian-based images may be used in the future, and it would be great to have an sccache binary to run on such systems as well. (It might also be interesting to distribute the sccache binary we use to local developers as well, but that's a bit further off.) Therefore, this patch alters the sccache build on Linux to use static linking for openssl. We cannot use the system openssl we build on because the system openssl links to libkrb5, and the distribution we use for the system images does not provide static libraries of libkrb5. Building openssl ourself enables us to eliminate the libkrb5 dependency. An sccache binary from builds with this patch depends on the following libraries: froydnj@hawkeye:~$ ldd sccache2/sccache linux-vdso.so.1 => (0x00007ffe02b39000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff0e7403000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007ff0e71fb000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ff0e6fdd000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007ff0e6dc6000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff0e69fc000) /lib64/ld-linux-x86-64.so.2 (0x0000557c8540b000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007ff0e66f2000) which are standard on any Linux distribution.
--- a/taskcluster/scripts/misc/build-sccache.sh
+++ b/taskcluster/scripts/misc/build-sccache.sh
@@ -34,15 +34,47 @@ cd $WORKSPACE/build/src
 git clone https://github.com/mozilla/sccache sccache
 cd sccache
 git checkout $SCCACHE_REVISION
-cargo build --verbose --release
+# Link openssl statically so we don't have to bother with different sonames
+# across Linux distributions.  We can't use the system openssl; see the sad
+# story in https://bugzilla.mozilla.org/show_bug.cgi?id=1163171#c26.
+case "$(uname -s)" in
+    OPENSSL_TARBALL=openssl-1.1.0f.tar.gz
+    curl -O https://www.openssl.org/source/$OPENSSL_TARBALL
+cat >$OPENSSL_TARBALL.sha256sum <<EOF
+12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765  openssl-1.1.0f.tar.gz
+    cat $OPENSSL_TARBALL.sha256sum
+    sha256sum -c $OPENSSL_TARBALL.sha256sum
+    tar zxf $OPENSSL_TARBALL
+    pushd $(basename $OPENSSL_TARBALL .tar.gz)
+    ./Configure --prefix=$OPENSSL_BUILD_DIRECTORY no-shared linux-x86_64
+    make -j `nproc --all`
+    # `make install` installs a *ton* of docs that we don't care about.
+    # Just the software, please.
+    make install_sw
+    popd
+    # We don't need to set OPENSSL_STATIC here, because we only have static
+    # libraries in the directory we are passing.
+    env "OPENSSL_DIR=$OPENSSL_BUILD_DIRECTORY" cargo build --verbose --release
+    ;;
+    cargo build --verbose --release
+    ;;
 mkdir sccache2
 cp target/release/sccache* sccache2/
 tar -acf sccache2.tar.$COMPRESS_EXT sccache2
 mkdir -p $UPLOAD_DIR
 cp sccache2.tar.$COMPRESS_EXT $UPLOAD_DIR