Closed sonOfRa closed 4 years ago
phxql
commented
4 years ago I don't know enough of C stuff to answer this. If I compile the built-in argon2 libs on a Ubuntu 16.04 against the old glibc, do they work on newer systems, too? If that's the case, I have no problem to spin up a 16.04 system and do the compiling there.
phxql
commented
4 years ago I have compiled the libraries in the develop branch on Ubuntu 16.04 against libc-2.23.so. It seems to work on my Fedora 31, could you give it a try?
sonOfRa
commented
4 years ago I just spun up a 16.04 VM and can confirm that 2.7-SNAPSHOT works there.
Regarding keeping compatibility with such old systems, I guess there's 3 options, which I'm listing in the order of how I personally would do it, if this was my library.
1) Just don't. People can build their own argon2 if they need. 2) Link against musl. I haven't tried this yet, but I can play around with that a bit. On ubuntu, there is musl-tools which includes musl-gcc, which is a wrapper around gcc allowing one to link against musl, rather than the system libc. All one needs to do is set CC=musl-gcc when running the build, and the resulting binaries will be linked against musl, thus not having any silly versioned glibc symbols. 3) Keep around an ancient compile box and build on that until 16.04 goes out of support in April 2021
phxql
commented
4 years ago Hmm, not sure if 1.) is really feasible. Sometimes in the future I'm sure to break stuff when updating my build box :( I personally don't mind keeping an old ubuntu box around for compiling (disk space is cheap) - if that has no impact on modern systems.
the musl lib is a libc which doesn't break APIs on new versions?
nrktkt
commented
4 years ago I'm running in to this as well, I've been using https://github.com/GoogleContainerTools/distroless/tree/master/java
being distroless it's possible they removed glibc altogether
FWIW I'd go with option 2
phxql
commented
4 years ago I'll look into compiling it against musl :)
jiri-pejchal
commented
4 years ago I get the same error with 2.6 on rhel/centos 7:
java.lang.UnsatisfiedLinkError: /lib64/libc.so.6: version GLIBC_2.25 not found
Rhel/centos 8 is fine.
phxql
commented
4 years ago Okay, i tried to compile argon2 against musl, that works without problems. But you can't load the argon2 library via JNA, as the JVM is running with a libc already (and that's no musl). Loading musl via JNA doesn't work as a libc with the same symbols is already loaded. So, as far as i see, there's no way to get that working with musl.
I'll release a new version of argon2-jvm with an argon2 library compiled against the glibc from ubuntu 16.04 and hopefully this fixes the problems.
if this doesn't do it, the only option I see is to install libargon2 on your system from your distribution. JNA will pick that up over the embedded libraries.
phxql
commented
4 years ago I released 2.7, please test if it works with that. Thanks!
nrktkt
commented
4 years ago I just tested in docker with the latest java distroless base image on an ubuntu 18.04 host, looks to be working.
jiri-pejchal
commented
4 years ago 2.7 also works on CentOS 7.
phxql
commented
4 years ago Thanks for the test - I will then compile all the linux binaries on Ubuntu 16.04, as this also supports older systems.
I'm not sure if supporting such old Ubuntus is a goal, so if it isn't, feel free to close this, I just ran into this today when upgrading dependencies in a library of mine; running with the prebuilt libraries and 2.6 on Xenial yields the following error:
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/travis/.cache/JNA/temp/jna321374786571894638.tmp). The error means that the library was built with glibc features inside it that aren't supported on the version of glibc used in Xenial.
Can be seen in the travis build log here:
https://travis-ci.org/sonOfRa/pwhash/builds/631984325#L2765
After downgrading to 2.5, the travis build succeeds:
https://travis-ci.org/sonOfRa/pwhash/builds/631986174
Updating travis to Ubuntu Bionic and the library to 2.6 again also yields a successful build:
https://travis-ci.org/sonOfRa/pwhash/builds/632001608
Again, if you feel like supporting Ubuntu 16.04 with prebuilt binaries is not a concern, feel free to close this. Otherwise, there might need to be a 2.6.1 release that is compatible with Xenial again that uses an older glibc to compile.