hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-11216) Improve Openssl library finding
Date Mon, 27 Oct 2014 23:54:35 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-11216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colin Patrick McCabe updated HADOOP-11216:
------------------------------------------
    Attachment: HADOOP-11216.003.patch

* Use {{find_package(OpenSSL)}}, which relies on the built-in {{FindOpenSSL.cmake}} module.
 This avoids the problem where we have to guess the version number (it is wildly different
on different distros, and there is no major/minor version consistency).

* Set {{bundle.snappy.in.bin}} to false by default.  We definitely don't want to bundle openssl
by default.  Given that the library has experienced several security vulnerabilities recently,
we don't want to distribute it.

* Remove {{openssl.prefix}}, {{openssl.lib}}, {{openssl.include}}.  These were not implemented
previously (they could be set, but they didn't do anything.)  They  are not necessary because
people can simply set the {{CMAKE_LIBRARY_PATH}} environment variable when building, or modify
{{ld.so.conf}} to get the same effect.  We shouldn't need these in any case, since we should
be linking against the system openssl.

> Improve Openssl library finding
> -------------------------------
>
>                 Key: HADOOP-11216
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11216
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Yi Liu
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-11216.003.patch
>
>
> When we compile Openssl 1.0.0\(x\) or 1.0.1\(x\) using default options, there will be
{{libcrypto.so.1.0.0}} in output lib dir, so we expect this version suffix in cmake build
file
> {code}
> SET(STORED_CMAKE_FIND_LIBRARY_SUFFIXES CMAKE_FIND_LIBRARY_SUFFIXES)
> set_find_shared_library_version("1.0.0")
> SET(OPENSSL_NAME "crypto")
> ....
> {code}
> If we don't bundle the crypto shared library in Hadoop distribution, then Hadoop will
try to find crypto library in system path when running.
> But in real linux distribution, there may be no {{libcrypto.so.1.0.0}} or {{libcrypto.so}}
even the system embedded openssl is 1.0.1\(x\).  Then we need to make symbolic link.
> This JIRA is to improve the Openssl library finding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message