Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL_jll alignment is stricter than necessary for ABI compatibility #151

Closed
iamed2 opened this issue Sep 30, 2024 · 2 comments · May be fixed by #152
Closed

OpenSSL_jll alignment is stricter than necessary for ABI compatibility #151

iamed2 opened this issue Sep 30, 2024 · 2 comments · May be fixed by #152

Comments

@iamed2
Copy link

iamed2 commented Sep 30, 2024

OpenSSL policy states:

A minor release is indicated by changing the second number of the version. A minor release can, and generally will, introduce new features. However both the API and ABI will be preserved.

For example, a program built with OpenSSL release 3.0.1 will be able to run with OpenSSL 3.1.0 but might not be able to take advantage of new features without modification.

The CondaPkg.jl source code shows:

    if version.major >= 3
        # from v3, minor releases are ABI-compatible
        return ">=$(version.major), <$(version.major).$(version.minor+1)"

I believe if the reason is ABI compatibility, the restriction should be:

    if version.major >= 3
        # from v3, minor releases are ABI-compatible
        return ">=$(version.major), <$(version.major+1)"
@iamed2 iamed2 mentioned this issue Sep 30, 2024
Open
@cjdoris
Copy link
Collaborator

cjdoris commented Oct 1, 2024

No the current behaviour is intended, and is indeed for ABI compatibility.

The bounds are chosen assuming that the Julia OpenSSL package is loaded before the Python one. Suppose that Julia is on OpenSSL 3.0. In your proposal, we allow Python to install OpenSSL 3.3. Now because Julia's OpenSSL package is loaded first, version 3.0 of the libopenssl library is loaded into memory. Then when Python's OpenSSL package is loaded, it does not override libopenssl, it just uses whatever is already in memory, namely 3.0. However because Python is on OpenSSL 3.3, the Python OpenSSL package will expect to be able to use features present in the 3.3 ABI of libopenssl. If it tries to do so it will crash, because 3.3 is not actually loaded, an older version is loaded.

Therefore the Python OpenSSL package needs to be older than the Julia one, which is the current behaviour.

@cjdoris
Copy link
Collaborator

cjdoris commented Nov 8, 2024

You can now set JULIA_CONDAPKG_OPENSSL_VERSION=ignore if you'd like to turn off this behaviour. See the README for more info.

@cjdoris cjdoris closed this as completed Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Widen OpenSSL restriction in line with OpenSSL 3 policy on ABI compat iamed2/CondaPkg.jl
2 participants
@cjdoris @iamed2