Skip to content

Fix linux-x86_64 openssl-dynamic to link against OpenSSL 3.x#989

Merged
chrisvest merged 2 commits into
netty:mainfrom
colleenkinross:fix-x86_64-openssl-dynamic-openssl3
Jun 26, 2026
Merged

Fix linux-x86_64 openssl-dynamic to link against OpenSSL 3.x#989
chrisvest merged 2 commits into
netty:mainfrom
colleenkinross:fix-x86_64-openssl-dynamic-openssl3

Conversation

@colleenkinross

@colleenkinross colleenkinross commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

The previous fix (PR #986) built OpenSSL 3.x from source and symlinked /usr/local/ssl -> /opt/openssl-$VERSION, expecting tcnative's configure to find it via the default search path. This didn't work: the native build was still picking up the system OpenSSL 1.0.x.

Fix: pass -DopensslHome explicitly to every build command in the centos6 and debian7 docker-compose files, and add a Maven profile in openssl-dynamic/pom.xml that activates on -DopensslHome and forwards --with-ssl to configure. Remove the now-unnecessary symlink.

Verified the RPATH for each to verify fixed:
│ linux-x86_64-fedora (centos6) │ libssl.so.3 │ /opt/openssl-3.6.1/lib │ ✅ │
│ linux-aarch_64-fedora (centos7) │ libssl.so.3 │ /opt/openssl-3.6.1-share/lib │ ✅ │
│ linux-x86_64 (debian7) │ libssl.so.3 │ /opt/openssl-3.6.1/lib │ ✅

The previous fix (PR netty#986) built OpenSSL 3.x from source and symlinked
/usr/local/ssl -> /opt/openssl-$VERSION, expecting tcnative's configure
to find it via the default search path. This didn't work: the native
build was still picking up the system OpenSSL 1.0.x.

Fix: pass -DopensslHome explicitly to every build command in the centos6
and debian7 docker-compose files, and add a Maven profile in
openssl-dynamic/pom.xml that activates on -DopensslHome and forwards
--with-ssl to configure. Remove the now-unnecessary symlink.
Double-dash (--) is forbidden inside XML comment bodies. The previous
comment text referenced --with-ssl which caused all CI jobs to fail
with a POM parse error.
@colleenkinross colleenkinross marked this pull request as ready for review June 26, 2026 20:34
@colleenkinross

Copy link
Copy Markdown
Contributor Author

@chrisvest can you review ASAP and released?

Another emergency i'm sorry.

@colleenkinross

Copy link
Copy Markdown
Contributor Author

@normanmaurer

super super urgent (launching GA tuesday). let me know if you're able to review and release ASAP

@chrisvest chrisvest merged commit 185daef into netty:main Jun 26, 2026
10 checks passed
@colleenkinross

Copy link
Copy Markdown
Contributor Author

thank you very much @chrisvest !

@normanmaurer could you cut a release? The biggest emergency is mitigated on our side, but we would still like OpenSSL3.x linking across x86-64 as quickly as reasonable. Let me know if you need anything to proceed!

@normanmaurer

Copy link
Copy Markdown
Member

@colleenkinross done

@normanmaurer normanmaurer added this to the 2.0.80.Final milestone Jun 29, 2026
@colleenkinross

Copy link
Copy Markdown
Contributor Author

thank you very much!!!!! @normanmaurer and @chrisvest !!!

dongjoon-hyun added a commit to apache/spark that referenced this pull request Jul 7, 2026
### What changes were proposed in this pull request?

This PR aims to upgrade `netty-tcnative` to 2.0.80.Final.

### Why are the changes needed?

To bring the latest bug fixes and the updated BoringSSL.

- https://github.com/netty/netty-tcnative/releases/tag/netty-tcnative-parent-2.0.80.Final
  - netty/netty-tcnative#989

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?

Pass the CIs.

### Was this patch authored or co-authored using generative AI tooling?

Generated-by: Claude Fable 5

Closes #57064 from dongjoon-hyun/SPARK-57985.

Authored-by: Dongjoon Hyun <dongjoon@apache.org>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants