[Python-checkins] bpo-43466: Unsupported static build hack (GH-25002)
miss-islington
webhook-mailer at python.org
Sat Mar 27 13:04:06 EDT 2021
https://github.com/python/cpython/commit/bacefbf41461ab703b8d561f0e3d766427eab367
commit: bacefbf41461ab703b8d561f0e3d766427eab367
branch: master
author: Christian Heimes <christian at python.org>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2021-03-27T10:03:54-07:00
summary:
bpo-43466: Unsupported static build hack (GH-25002)
Add undocumented hack to statically link ssl and hashlib modules with
OpenSSL.
Signed-off-by: Christian Heimes <christian at python.org>
files:
M setup.py
diff --git a/setup.py b/setup.py
index 80deacce8de48..a7d00841d0559 100644
--- a/setup.py
+++ b/setup.py
@@ -2447,24 +2447,48 @@ def split_var(name, sep):
else:
runtime_library_dirs = [openssl_rpath]
+ openssl_extension_kwargs = dict(
+ include_dirs=openssl_includes,
+ library_dirs=openssl_libdirs,
+ libraries=openssl_libs,
+ runtime_library_dirs=runtime_library_dirs,
+ )
+
+ # This static linking is NOT OFFICIALLY SUPPORTED.
+ # Requires static OpenSSL build with position-independent code. Some
+ # features like DSO engines or external OSSL providers don't work.
+ # Only tested on GCC and clang on X86_64.
+ if os.environ.get("PY_UNSUPPORTED_OPENSSL_BUILD") == "static":
+ extra_linker_args = []
+ for lib in openssl_extension_kwargs["libraries"]:
+ # link statically
+ extra_linker_args.append(f"-l:lib{lib}.a")
+ # don't export symbols
+ extra_linker_args.append(f"-Wl,--exclude-libs,lib{lib}.a")
+ openssl_extension_kwargs["extra_link_args"] = extra_linker_args
+ # don't link OpenSSL shared libraries.
+ openssl_extension_kwargs["libraries"] = []
+
if config_vars.get("HAVE_X509_VERIFY_PARAM_SET1_HOST"):
- self.add(Extension(
- '_ssl', ['_ssl.c'],
- include_dirs=openssl_includes,
- library_dirs=openssl_libdirs,
- libraries=openssl_libs,
- runtime_library_dirs=runtime_library_dirs,
- depends=['socketmodule.h', '_ssl/debughelpers.c'])
+ self.add(
+ Extension(
+ '_ssl',
+ ['_ssl.c'],
+ depends=['socketmodule.h', '_ssl/debughelpers.c'],
+ **openssl_extension_kwargs
+ )
)
else:
self.missing.append('_ssl')
- self.add(Extension('_hashlib', ['_hashopenssl.c'],
- depends=['hashlib.h'],
- include_dirs=openssl_includes,
- library_dirs=openssl_libdirs,
- runtime_library_dirs=runtime_library_dirs,
- libraries=openssl_libs))
+ self.add(
+ Extension(
+ '_hashlib',
+ ['_hashopenssl.c'],
+ depends=['hashlib.h'],
+ **openssl_extension_kwargs,
+ )
+ )
def detect_hash_builtins(self):
# By default we always compile these even when OpenSSL is available
More information about the Python-checkins
mailing list