GH-36456: [R] Link to correct version of OpenSSL when using autobrew #36551
Conversation
github-actions
bot
added
Component: R
awaiting committer review
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: b8962592d354f35dccf3684cf12ccb4618ef3cd5 Submitted crossbow builds: ursacomputing/crossbow @ actions-3d21794472
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 15700d424518c86d0441705f1df078ae5a1ab713 Submitted crossbow builds: ursacomputing/crossbow @ actions-007d7f7198
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 6a538f442cd1223d84551ac876370ef2c286f978 Submitted crossbow builds: ursacomputing/crossbow @ actions-0bc60af847
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 047bc6afcb085c736ad2b29d4b369e4e74963432 Submitted crossbow builds: ursacomputing/crossbow @ actions-bd672e75e9
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 047bc6afcb085c736ad2b29d4b369e4e74963432 Submitted crossbow builds: ursacomputing/crossbow @ actions-47a81f0980
|
|
@nealrichardson If my reading of all this is correct, I think this will change the OpenSSL that is linked by default in the CRAN package that everybody uses. Is there a reason that this wasn't done before that I'm not aware of? |
|
No reason I recall that it wasn't done before. How does upstream autobrew handle this? If we're pinning a version, why not pin 3 instead of 1.1? (Edit: oh I see you mentioned that in the description) |
assignUser
left a comment
assignUser
left a comment
There was a problem hiding this comment.
Nice! I don't think it should be an issue for CRAN as we modify/don't use system libs explicitly in autobrew#L68-L75
|
@nealrichardson Thanks!
I am not sure what this means! I assumed the formula in the autobrew repos is modified to reflect the one I modified here before each release? My understanding of autobrew is admittedly limited. |
github-actions
bot
added
awaiting merge
We do, but @jeroen maintains the actual autobrew formulae and scripts (here, here, and here, specifically), of which ours are copies that we modify to test on every commit. When changes to Homebrew happen or CRAN mandates new things, he handles it there, and we should watch (at release time, or when things break) for changes we need to pull in accordingly to stay in sync. I don't see openssl pinned there, so I'm not sure what's different such that we need it--something with the self-hosted runner setup, perhaps? If so, that's probably ok, though might be worth adding comments that that's the case. Re: openssl version, Homebrew actually has |
|
You already explicitly depend on openssl via thrift (and aws-sdk maybe)? ## brew deps --tree apache-arrow-static
autobrew/cran/apache-arrow-static
├── aws-sdk-cpp-static
├── brotli
├── lz4
├── snappy
├── thrift
│ └── openssl@3
│ └── ca-certificates
└── zstd
├── lz4
└── xzUpstream homebrew bumped thrift and aws-sdk to openssl@3 a few weeks ago, so the next release of the apache-arrow-static bundle will automatically include openssl@3. The current PR will probably create a conflict because you end up depending on both openssl@11 and openssl@3. This may work in a dynamic linked stack, but once you try to statically link the entire stack in the R package this will probably create symbol conflicts. |
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 018ca9807bc308cf6828bfdb7acd530ad28b1ef6 Submitted crossbow builds: ursacomputing/crossbow @ actions-225ba98cc6
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: ae451ee Submitted crossbow builds: ursacomputing/crossbow @ actions-0fd077276c
|
|
@github-actions crossbow submit r-binary-packages homebrew-r-autobrew |
|
Revision: 0043b1c Submitted crossbow builds: ursacomputing/crossbow @ actions-1602f52d96
|
|
Ok: I opened #36707 for the CI failure and for the r-binary-packages failure; also, I removed any unnecessary changes to the formulae. |
There was a problem hiding this comment.
Could you revert changes in this file?
github-actions
bot
added
awaiting merge
…36551) ### Rationale for this change The r-binary-packages job (which uses autobrew) and the autobrew nightly jobs are failing because they are linking to a different version of OpenSSL than the package was built against. I believe this occurred because Arrow and its dependencies are built against the autobrew headers which included openssl. The `ssl` and `crypto` libraries weren't explicitly linked, so I think whatever LibreSSL fork MacOS installs by default was getting linked. This was perhaps compatible using the version of autobrew for High Sierra/the version of LibreSSL on High Sierra but was not compatible with the version of autobrew for Big Sur/the version of LibreSSL on Big Sur. ### What changes are included in this PR? This PR explicitly adds OpenSSL 1.1 to the autobrew formulas and explicitly adds `-lssl -lcrypto` to the PKG_LIBS (1.1 because that's what was in the corresponding homebrew formula). ### Are these changes tested? Existing nightly tests cover these changes. ### Are there any user-facing changes? No. * Closes: #36456 Lead-authored-by: Dewey Dunnington <dewey@voltrondata.com> Co-authored-by: Dewey Dunnington <dewey@fishandwhistle.net> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Dewey Dunnington <dewey@fishandwhistle.net>
|
After merging your PR, Conbench analyzed the 6 benchmarking runs that have been run so far on merge-commit ed87a5b. There were no benchmark performance regressions. 🎉 The full Conbench report has more details. It also includes information about possible false positives for unstable benchmarks that are known to sometimes produce them. |
6 participants
Rationale for this change
The r-binary-packages job (which uses autobrew) and the autobrew nightly jobs are failing because they are linking to a different version of OpenSSL than the package was built against. I believe this occurred because Arrow and its dependencies are built against the autobrew headers which included openssl. The
sslandcryptolibraries weren't explicitly linked, so I think whatever LibreSSL fork MacOS installs by default was getting linked. This was perhaps compatible using the version of autobrew for High Sierra/the version of LibreSSL on High Sierra but was not compatible with the version of autobrew for Big Sur/the version of LibreSSL on Big Sur.What changes are included in this PR?
This PR explicitly adds OpenSSL 1.1 to the autobrew formulas and explicitly adds
-lssl -lcryptoto the PKG_LIBS (1.1 because that's what was in the corresponding homebrew formula).Are these changes tested?
Existing nightly tests cover these changes.
Are there any user-facing changes?
No.