Re: [PATCH] openssl: set package level PERL5LIB

["Yang Xu (徐扬)" <Yang.Xu@mediatek.com>]

[-- Attachment #1: Type: text/html, Size: 7716 bytes --]

[-- Attachment #2: Type: text/plain, Size: 4162 bytes --]

Dear Alexander,

Sorry, let me explain the problem we met.

The simplified environment and scenarios is:
1) User A, his home directory is /home/A, generate one sstate cache
under /home/A.
2) This sstate cache moved to /home/Public, act as shared sstate cache
3) User B, his home directory is /home/B, using sstate cache in
/home/Public and build yocto.
4) User B has no permission to access /home/A.

The problem we met is while openssl built from scratch but perl using
cache,
it will be aborted at do_configure stage,
error message is "Can not locate Text/Template.pm at /home/A/[build
path]/[perl module path]/Text/Template.pm : Permission Denied".

There are some information about perl:
1. perl will hardcode buildtime path in @INC in binary (module search
directories)
2. when "use MODULE", perl will search @INC from begin to end until it
found MODULE.
3. when perl search module through directories in @INC
   3.1 if [directory]/MODULE.pm is not exist, search in next directory
in @INC.
   3.2 if [directory]/MODULE.pm has no permission to access, perl will
ABORT.

While build openssl from from scratch with perl using cache, @INC
directory order is:
1.<PERL5LIB>
2.<default module path in ${WORKDIR}/recipe-sysroot-native>
3.<hardcode module path in binary, which point to /home/A/XXX/YYY>
4.<module found by FindBin, module Text-Template can be found by it>

Q:What makes PERL5LIB setting inappropriate? Why is perl that has been
built by a different user (and placed into sstate) not suitable?
A:
There is no path external/perl/Text-Template-1.46/lib/ exists,
openssl has upgraded to external/perl/Text-Template-1.56/lib/.
With current recipe, highest priority folder <PERL5LIB> pointed to an
non-exist folder and meaningless.
Lowest priority folder "<module found by FindBin>" includes modules in
openssl source code.

While perl search "Text/Template.pm", it can not found it in <PERL5LIB>
and <default module path>.
And then perl search module in <hardcode module path in binary>,
*if /home/A is not existed, perl will search in <module found by
FindBin> and found Text/Template.pm finally. (OK case)
*if /home/A is existed but has no permission access, perl will ABORT
immediately. (NG case, case we met)

So my fixup is
1) set appropriate PERL5LIB to make perl can found Text/Tempalte.pm at
highest priority folder <PERL5LIB>.
2) add other perl module directories needed by openssl build in
PERL5LIB
3) set PERL5LIB as package environment variable

Q: Doesn't this mean that perl from sstate can be broken in certain
scenarios, and that needs to be fixed instead?
A:
I think it is a module/mechanisms co-work problem because I think
sstate cache and perl is behavior normally.
Caller of perl has response to prepare appropriate module setting.

Sorry, I hope I explain the situation clearly.

Thank you

On Thu, 2023-04-20 at 11:22 +0200, Alexander Kanavin wrote:
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
> 
> 
> On Thu, 20 Apr 2023 at 07:30, Yang Xu <yang.xu@mediatek.com> wrote:
> > 
> > Build openssl with shared state cache may meet problem under below
> > conditions:
> > 1. sstate cache generated by another user on same machine
> > 2. inappropriate PERL5LIB setting
> > 3. openssl build from scratch but perl using cache
> > 
> > When building openssl, without appropriate PERL5LIB setting, perl
> > tries
> > to search Text::Template in no permission path and abort.
> > 
> > This patch does three things:
> > 1. openssl upgrade external Text-Template from 1.46 to 1.56,
> > correct perl module path.
> > 2. add necessary module path while openssl build
> > 3. set package level PERL5LIB to make perl found module in S
> 
> I'm not sure I understand the description of the problem, or the fix.
> What makes PERL5LIB setting inappropriate? Why is perl that has been
> built by a different user (and placed into sstate) not suitable?
> Doesn't this mean that perl from sstate can be broken in certain
> scenarios, and that needs to be fixed instead?
> 
> Alex