Commit dba87e9
authored
Ensure openssl 3.0 compatibility of released packages (#476)
Fixes: #455
## Problem recap
#455 correctly observed that linking the static driver library included
in release 1.0.0 (1.0.1 is also impacted) against an older OpenSSL
fails, because the lib has undefined symbols that are only supplied by
OpenSSL 3.3/3.4/3.5 or newer. Considering our OpenSSL minimum
requirements is 3.0.2 (should be enough - this is present on Ubuntu
22.04, so quite an old one), this should be considered a bug in our
build/release CI.
There are three problems in particular:
#### Problem 1: We have built packages with **_too new_** OpenSSL
headers.
This led to including functions not available at 3.0.x as unresolved
symbols.
#### Problem 2: We haven't verified that the released packages link
against OpenSSL 3.0.x correctly.
#### Problem 3: We didn't put any build info manifest in the released
package.
This @vladzcloudius noted in #455 as the minimum to address the issue.
## Solution
### Problem 2: OpenSSL 3.0.2 linking verification
This PR introduces an OpenSSL verification Makefile recipe. Outline:
1. copy the already-built static archive and pkg-config metadata into a
sysroot;
2. alongside, put OpenSSL 3.0.2 headers and static libraries from a
pinned Launchpad deb;
3. attempt to compile and link `examples/ssl/ssl.c`.
If the build environment was contaminated (e.g. by a newer OpenSSL with
IDEA or 3.3+ APIs), the archive will contain symbol references that
don't exist in OpenSSL 3.0 and the link will fail — catching the
regression from issue #455.
The verification runs in both PR CI (after `build-integration-test-bin`)
and packaging CI (after `test-package-deb`), since both produce the
static archive in `build/`.
### Problem 1: _too new_ OpenSSL in the building/packaging CI workflow
The plot twist is that one week after we released 1.0.1 with **no**
support for OpenSSL 3.0.x, once I freshly rebuilt the 1.0.1 package (in
the same CI workflow) and attempted linkage against OpenSSL 3.0.2 using
the new verification procedure, **it succeeded**. Investigation revealed
that the fresh lib has much different _cgus_ (compile gen units) -
different number and sizes. Most likely explanation: LTO in the Rust
toolchain improved during that week, fixing the problem in our
building/packaging CI.
If the problem happens to strike back, our verification step will
immediately catch it. We're thus guarded and safe.
### Problem 3: lack of build info in the package
It makes sense to generate plaintext build info manifest (`Key: Value`
lines) during build and put it in the built dev package. Exact contents
of this build info is subject to discussion; this PR introduces what
Opus came up with (and I believe it's a fine list of properties).
## PR contents in detail
### First 3 commits
They are extracted from #438. These are small fixes.
### Next 3 commits
Also extracted from #438.
1. Adds comments to existing logic in
`scylla-rust-wrapper/CMakeLists.txt`.
2. Registers transitive deps for the driver in the CMake dep resolution
subsystem, so that those who use the driver as a CMake dependency will
get driver's deps pulled in into the dependency graph, resulting in
correct linker invocation.
3. Publishes transitive deps in `scylladb_static.pc` (`pkg-config`
manifest). This supports a common (according to my research) way that
people configure their compiler & linker. More details in the commit
message.
### Next commit
Introduces the OpenSSL 3.0.2 compatibility verification, described
earlier.
### Last 2 commits
Introduce `BUILD_INFO` generation and include it in the generated `dev`
packages. This addresses the main request of #455.
<details><summary>`BUILD_INFO` contents when built on my
machine:</summary>
<p>
Build Information for scylla-cpp-driver v1.0.0-145-g541cb277
Platform
--------
OS: Ubuntu 25.10
Architecture: x86_64
Kernel: 6.17.0-35-generic
glibc: 2.42
Toolchain
---------
Rust: rustc 1.96.0 (ac68faa20 2026-05-25)
Cargo: cargo 1.96.0 (30a34c682 2026-05-25)
CMake: cmake version 3.31.6
CC: cc (Ubuntu 15.2.0-4ubuntu4) 15.2.0
OpenSSL (detected by openssl-sys at build time)
------------------------------------------------
Version: 3.5.0
Include path: /usr/include
Disabled (osslconf): OPENSSL_NO_IDEA OPENSSL_NO_SSL3_METHOD
Build Configuration
-------------------
CMAKE_BUILD_TYPE: Release
CMAKE_INSTALL_PREFIX: /usr
CASS_BUILD_SHARED: ON
CASS_BUILD_STATIC: ON
LTO: true
Panic strategy: abort
Static Library Compatibility Notes
----------------------------------
The static archive (libscylladb_static.a) requires consumers to
provide OpenSSL >= 3.0 at link time. The minimum OpenSSL version
is determined by the build-time detection performed by the
openssl-sys crate.
Consumers linking on systems with a different OpenSSL configuration
(e.g. different osslconf flags) may encounter undefined symbol errors
for conditionally-compiled functions.
</p>
</details>
<details><summary>`BUILD_INFO` contents when built in the CI:</summary>
<p>
Build Information for scylla-cpp-driver 6eff933
Platform
--------
OS: Ubuntu 22.04.5 LTS
Architecture: x86_64
Kernel: 6.8.0-1052-azure
glibc: 2.35
unknown
Toolchain
---------
Rust: rustc 1.96.0 (ac68faa20 2026-05-25)
Cargo: cargo 1.96.0 (30a34c682 2026-05-25)
CMake: cmake version 3.31.6
CC: cc (Ubuntu 11.4.0-1ubuntu1~22.04.3) 11.4.0
OpenSSL (detected by openssl-sys at build time)
------------------------------------------------
Version: 3.0.2
Include path: /usr/include
Disabled (osslconf): unknown (openssl-sys build output not found)
Build Configuration
-------------------
CMAKE_BUILD_TYPE: Release
CMAKE_INSTALL_PREFIX: /usr
CASS_BUILD_SHARED: ON
CASS_BUILD_STATIC: ON
LTO: true
Panic strategy: abort
Static Library Compatibility Notes
----------------------------------
The static archive (libscylladb_static.a) requires consumers to
provide OpenSSL >= 3.0 at link time. The minimum OpenSSL version
is determined by the build-time detection performed by the
openssl-sys crate.
Consumers linking on systems with a different OpenSSL configuration
(e.g. different osslconf flags) may encounter undefined symbol errors
for conditionally-compiled functions.
</p>
</details>6 files changed
Lines changed: 385 additions & 5 deletions
File tree
- .github/workflows
- ci
- scylla-rust-wrapper
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
50 | 53 | | |
51 | 54 | | |
52 | 55 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
50 | 53 | | |
51 | 54 | | |
52 | 55 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
193 | 193 | | |
194 | 194 | | |
195 | 195 | | |
196 | | - | |
| 196 | + | |
197 | 197 | | |
198 | 198 | | |
199 | 199 | | |
| 200 | + | |
200 | 201 | | |
201 | 202 | | |
202 | 203 | | |
| |||
274 | 275 | | |
275 | 276 | | |
276 | 277 | | |
| 278 | + | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
| 300 | + | |
| 301 | + | |
| 302 | + | |
| 303 | + | |
| 304 | + | |
| 305 | + | |
| 306 | + | |
| 307 | + | |
| 308 | + | |
| 309 | + | |
| 310 | + | |
| 311 | + | |
| 312 | + | |
| 313 | + | |
| 314 | + | |
| 315 | + | |
| 316 | + | |
| 317 | + | |
| 318 | + | |
| 319 | + | |
| 320 | + | |
277 | 321 | | |
278 | 322 | | |
279 | 323 | | |
| |||
345 | 389 | | |
346 | 390 | | |
347 | 391 | | |
348 | | - | |
| 392 | + | |
349 | 393 | | |
350 | 394 | | |
351 | 395 | | |
| |||
559 | 603 | | |
560 | 604 | | |
561 | 605 | | |
562 | | - | |
| 606 | + | |
563 | 607 | | |
564 | 608 | | |
565 | 609 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
0 commit comments