search

jborean93 / omi

Open Management Infrastructure
Other
108 stars 13 forks source link

Add support for ARM64 on macOS builds #34

Closed jborean93 closed 2 years ago

jborean93 commented 3 years ago

Turns out is it possible to do this in CI, it just needed the SDK version to be explicitly set. This change will make sure we build a universal2 library for macOS that supports both x86_64 and arm64. This should allow PSWSMan to support PowerShell running on native arm on macOS.

Requires https://github.com/PowerShell/PowerShell/pull/15768 and an actual M1 mac to test support for.

Fixes https://github.com/jborean93/omi/issues/20

TODO

franklouwers commented 3 years ago

Have an M1, let me know if I can help debugging?

jborean93 commented 2 years ago

Thanks @franklouwers, I need to get back to this hopefully soon. The changes in here will build the library but more work is needed in the Install-WSMan script to support this environment and fix some lingering issues.

jborean93 commented 2 years ago

@franklouwers I've done some very basic testing and the library loads on the latest pwsh preview running as arm64. Feel free to try out the dev nupkg to validate it on your host.

I'm planning on pushing through one more change that adjusts how pwsh loads the library before cutting an actual release.

mcx808 commented 2 years ago

Hi @jborean93 , I just did a quick test but was unsuccessful:

# Tried to run the command normally.
Install-WSMan
Install-WSMan: Failed to select the necessary library, the host isn't macOS, Linux based on GLIBC or musl, or OpenSSL isn't installed

# Tried to step through the steps in the Function Get-OpenSSLInfo manually. It crashed pwsh:

$sslPaths =                                                      
         @(
             'libssl',
             'libssl.dylib',
             'libssl.1.1.dylib',
             'libssl.10.dylib',
             'libssl.1.0.0.dylib',
             'libssl.3.dylib'
         )
[PSWSMan.Native]::OpenSSL_version_num($sslPaths)
WARNING: /usr/local/bin/pwsh is loading libcrypto in an unsafe way
zsh: abort      pwsh
jborean93 commented 2 years ago

Try doing Install-WSMan -Verbose as that will give you more detailed info around how its trying to find OpenSSL.

jborean93 commented 2 years ago

Also went looking into the segmentation fault you received it somewhat makes sense if pwsh is trying to load things like libssl.dylib. This will most likely be the one provided by Apple which has all sorts of limitations around it. When looking at the code anytime this function is called the $sslPaths is just 1 path as retrieved by Get-MacOSOpenSSL to avoid this from happening on the platform. Unfortunately in your case Get-MacOSOpenSSL is most likely failing to find a usable library but the -Verbose messages should help track it down a bit more.

mcx808 commented 2 years ago

Here's the verbose output. Initially I only had openssl@1 installed via homebrew so I also added openssl@3 but it still fails.

Install-WSMan -Verbose
VERBOSE: Attempting to get OpenSSL info with /opt/homebrew/bin/brew --prefix openssl
STDOUT: /opt/homebrew/opt/openssl@3

STDERR: 
RC: 0
VERBOSE: Checking arch information for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' and '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
VERBOSE: Checking if 'x86_64' for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' is one of 'arm64'
VERBOSE: Attempting to get OpenSSL info with /opt/homebrew/bin/brew --prefix openssl@3
STDOUT: /opt/homebrew/opt/openssl@3

STDERR: 
RC: 0
VERBOSE: Checking arch information for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' and '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
VERBOSE: Checking if 'x86_64' for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' is one of 'arm64'
VERBOSE: Attempting to get OpenSSL info with /opt/homebrew/bin/brew --prefix openssl@1.1
STDOUT: /opt/homebrew/opt/openssl@1.1

STDERR: 
RC: 0
VERBOSE: Checking arch information for '/opt/homebrew/opt/openssl@1.1/lib/libcrypto.dylib' and '/opt/homebrew/opt/openssl@1.1/lib/libssl.dylib'
VERBOSE: Checking if 'x86_64' for '/opt/homebrew/opt/openssl@1.1/lib/libcrypto.dylib' is one of 'arm64'
VERBOSE: Failed to find brew at '/usr/local/bin/brew'
VERBOSE: Failed to find OpenSSL with homebrew, falling back to port
VERBOSE: Failed to find port at 'port'
VERBOSE: Failed to find port at '/opt/local/bin/port'
VERBOSE: Host Info:
jborean93 commented 2 years ago

In this case the below shows your error

VERBOSE: Checking if 'x86_64' for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' is one of 'arm64'

The OpenSSL lib installed by Homebrew is for arm64 but you are running the x86_64 pwsh binary. You cannot cross architectures like this and is why PSWSMan is skipping it. To solve this you need to do one of the following:

mcx808 commented 2 years ago

Ah, didn't realise pwsh-preview supported macOS arm64 yet. I've installed preview 7.20. There's still an error message because there's nothing in omi/PSWSMan/lib/macOS-3 in the repository, but the symlinks are created afterwards. And unfortunately trying to create a New-PSSession to a winrm endpoint afterwards I still get the error Enter-PSSession: This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system.

VERBOSE: Attempting to get OpenSSL info with /opt/homebrew/bin/brew --prefix openssl
STDOUT: /opt/homebrew/opt/openssl@3

STDERR:
RC: 0
VERBOSE: Checking arch information for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' and '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
VERBOSE: Checking if 'arm64' for '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' is one of 'arm64'
VERBOSE: Checking if 'arm64' for '/opt/homebrew/opt/openssl@3/lib/libssl.dylib' is one of 'arm64'
VERBOSE: Brew openssl libcrypto|ssl exists and is valid at '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib' and '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
VERBOSE: Getting OpenSSL version for '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
VERBOSE: OpenSSL Version: Major 3 Minor 0 Patch 0
VERBOSE: Host Info:
{
  "Distribution": "macOS",
  "StandardLib": "macOS",
  "OpenSSL": "3",
  "LibCrypto": {
    "Target": "/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib",
    "Source": "libcrypto.3.dylib"
  },
  "LibSSL": {
    "Target": "/opt/homebrew/opt/openssl@3/lib/libssl.dylib",
    "Source": "libssl.3.dylib"
  }
}
VERBOSE: Installing WSMan libs for 'macOS-3'
Get-ChildItem: Cannot find path '/Usr/local/microsoft/omi/PSWSMan/lib/macOS-3' because it does not exist.

VERBOSE: Creating symbolic link '/usr/local/microsoft/powershell/7-preview/libcrypto.3.dylib' -> '/opt/homebrew/opt/openssl@3/lib/libcrypto.dylib'
VERBOSE: Creating symbolic link '/usr/local/microsoft/powershell/7-preview/libssl.3.dylib' -> '/opt/homebrew/opt/openssl@3/lib/libssl.dylib'
mcx808 commented 2 years ago

@jborean93 some additional troubleshooting info:

PS /Users/admin> $PWSHDIR = '/usr/local/microsoft/powershell/7-preview/'
PS /Users/admin> otool -L "${PWSHDIR}/libpsrpclient.dylib"
/usr/local/microsoft/powershell/7-preview//libpsrpclient.dylib:
    @rpath/libpsrpclient.dylib (compatibility version 0.0.0, current version 0.0.0)
    @executable_path/libmi.dylib (compatibility version 0.0.0, current version 0.0.0)
    /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.60.2)
PS /Users/admin> otool -L "${PWSHDIR}/libmi.dylib"
/usr/local/microsoft/powershell/7-preview//libmi.dylib:
    @rpath/libmi.dylib (compatibility version 0.0.0, current version 0.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1238.60.2)
    /usr/lib/libpam.2.dylib (compatibility version 3.0.0, current version 3.0.0)
    /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.8)
jborean93 commented 2 years ago

There's still an error message because there's nothing in omi/PSWSMan/lib/macOS-3 in the repository, but the symlinks are created afterwards.

There's nothing in the immediate checkout of this repo as the binaries are generated by CI for the official release. You can get this dir by looking at the latest CI run for the repo and manually place it there. I'm unsure if you can see these or download them but the ones you are looking for are at https://dev.azure.com/jborean93/jborean93/_build/results?buildId=1273&view=artifacts&pathAsName=false&type=publishedArtifacts.

Just in case you cannot get it through Azure Pipelines here is the macOS-3.zip build.

Looks like you solved the OpenSSL problem, you should just need the folder for macOS-3 with the 2 libraries inside it and Install-WSMan should work.

mcx808 commented 2 years ago

A quick check after download the artifacts for macOS-1.1/3 and Install-WSMan works without error! When first performing New-PSSession I had to allow the libraries to load in gatekeeper, and can now connect to an https winRM endpoint using basic authentication. I cannot yet connect to a Kerberos winRM endpoint after running kinit, I get the error MI_RESULT_FAILED but I will look into this more once I have time. Thanks!

mcx808 commented 2 years ago

I've just successfully tested kerberos authentication too, I think my previous issue was specific to the connection I tried.

So all looking good from my side. I'll keep the powershell preview available if any more testing is needed.

jborean93 commented 2 years ago

Thanks for testing and confirming you were able to get it working.