bpo-43466: Unsupported static build hack (GH-25002)

Add undocumented hack to statically link ssl and hashlib modules with
OpenSSL.

Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
Christian Heimes 2021-03-27 18:03:54 +01:00 committed by GitHub
parent 9798cef92b
commit bacefbf414
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 13 deletions

View File

@ -2447,24 +2447,48 @@ def split_var(name, sep):
else:
runtime_library_dirs = [openssl_rpath]
openssl_extension_kwargs = dict(
include_dirs=openssl_includes,
library_dirs=openssl_libdirs,
libraries=openssl_libs,
runtime_library_dirs=runtime_library_dirs,
)
# This static linking is NOT OFFICIALLY SUPPORTED.
# Requires static OpenSSL build with position-independent code. Some
# features like DSO engines or external OSSL providers don't work.
# Only tested on GCC and clang on X86_64.
if os.environ.get("PY_UNSUPPORTED_OPENSSL_BUILD") == "static":
extra_linker_args = []
for lib in openssl_extension_kwargs["libraries"]:
# link statically
extra_linker_args.append(f"-l:lib{lib}.a")
# don't export symbols
extra_linker_args.append(f"-Wl,--exclude-libs,lib{lib}.a")
openssl_extension_kwargs["extra_link_args"] = extra_linker_args
# don't link OpenSSL shared libraries.
openssl_extension_kwargs["libraries"] = []
if config_vars.get("HAVE_X509_VERIFY_PARAM_SET1_HOST"):
self.add(Extension(
'_ssl', ['_ssl.c'],
include_dirs=openssl_includes,
library_dirs=openssl_libdirs,
libraries=openssl_libs,
runtime_library_dirs=runtime_library_dirs,
depends=['socketmodule.h', '_ssl/debughelpers.c'])
self.add(
Extension(
'_ssl',
['_ssl.c'],
depends=['socketmodule.h', '_ssl/debughelpers.c'],
**openssl_extension_kwargs
)
)
else:
self.missing.append('_ssl')
self.add(Extension('_hashlib', ['_hashopenssl.c'],
depends=['hashlib.h'],
include_dirs=openssl_includes,
library_dirs=openssl_libdirs,
runtime_library_dirs=runtime_library_dirs,
libraries=openssl_libs))
self.add(
Extension(
'_hashlib',
['_hashopenssl.c'],
depends=['hashlib.h'],
**openssl_extension_kwargs,
)
)
def detect_hash_builtins(self):
# By default we always compile these even when OpenSSL is available