Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

"No compiler needed" is a lie, on Linux

See original GitHub issue

(Sorry for the clickbaity title, I couldn’t resist)

No compiler needed, ever. … Just distribute the Python source files, any way you want.

This is not correct on Linux systems. If you check the docs for ctypes.util.find_library(), it says

On Linux, find_library() tries to run external programs (/sbin/ldconfig, gcc, objdump and ld) to find the library file.

Which means, not only does it need a compiler, it needs it on runtime! You cannot use oscrypto on a system without a full development environment, which kind of defeats the purpose of a library.

The only way to make it work on a production system is calling use_openssl() to pass hard coded paths early in your app, which also is somewhat of a suboptimal hack.

I think oscrypto should call find_library() while installing and cache the openssl/libcrypto paths somehow, so that an install from a wheel package will work without further shenanigans?

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:9 (5 by maintainers)

Top GitHub Comments

1reaction

mjlcommented, Mar 9, 2022

Yes, providing the path was my workaround.

For anyone stumbling over the same problem on Alpine, here’s what I came up with. Feel free to stuff it in the readme or link to this issue if you deem it useful.

import sys
import wrapt
import oscrypto._ffi

@wrapt.patch_function_wrapper('oscrypto', '_ffi.get_library')
def get_library(wrapped, instance, args, kwargs):  # pylint: disable=unused-argument
    """Patch oscrypto._ffi.get_library(), as ctypes.util.find_library depends on gcc,
    ldconfig, ld and objdump, all of which are not available in a production build.
    Therefore, as a stopgap measure (that probably will live for several years),
    return a static value for some libraries on linux.
    """

    r = wrapped(*args, **kwargs)

    if not r and sys.platform == 'linux':
        #  args = (name, dylib_name, version)
        name = args[0]
        if name == 'crypto':
            return '/usr/lib/libcrypto.so.1.1'
        elif name == 'ssl':
            return '/usr/lib/libssl.so.1.1'

    return r

1reaction

mjlcommented, Jun 28, 2021

To be more specific, this is a problem mostly under Alpine Linux, which only implements a minimal version of ldconfig that does not support caching, thus find_library() falls back onto the expensive development toolchain gcc/objdump/ld method.

I’m not sure if one is to classify that as upstream bug, or oscrypto bug, but in any case, calling find_library() in production code feels wrong, considering the abovementioned details.