GH-20272: [C++] Bump version of bundled AWS SDK #33808
Conversation
| # Workaround for https://github.com/aws/aws-sdk-cpp/issues/1750 | ||
| set(AWSSDK_PATCH_COMMAND "sed" "-i.bak" "-e" "s/\"-Werror\"//g" | ||
| "<SOURCE_DIR>/cmake/compiler_settings.cmake") | ||
| "<SOURCE_DIR>/cmake/compiler_settings.cmake" "&&") |
There was a problem hiding this comment.
Can we remove this patch?
It seems that 1.10.55 includes the fix for aws/aws-sdk-cpp#1750 .
| @@ -4643,7 +4644,7 @@ macro(build_awssdk) | |||
| set(AWSSDK_CMAKE_ARGS | |||
| ${AWSSDK_COMMON_CMAKE_ARGS} | |||
| -DOPENSSL_ROOT_DIR=${OPENSSL_ROOT_HINT} | |||
| -DBUILD_DEPS=OFF | |||
| -DBUILD_DEPS=ON # We need to build aws-crt-cpp from source | |||
There was a problem hiding this comment.
Can we build aws-crt-cpp by ourselves instead of using this and prefetch_crt_dependency.sh like other dependencies such as aws-c-common for portability?
There was a problem hiding this comment.
I see. I'll try building it manually.
|
I've changed to building aws-crt-cpp manually. It now works on my ubuntu and mac machine. Let's see if the CI checks pass. |
js8544
force-pushed
the
jinshang/bump_aws
branch
from
ba9dd47 to
ff5f19f
Compare
| @@ -4612,6 +4699,7 @@ endif() | |||
| macro(build_awssdk) | |||
| message(STATUS "Building AWS C++ SDK from source") | |||
| set(AWSSDK_PREFIX "${CMAKE_CURRENT_BINARY_DIR}/awssdk_ep-install") | |||
| set(AWSSDK_SOURCE "${CMAKE_CURRENT_BINARY_DIR}/awssdk_ep-prefix/src/awssdk_ep") | |||
There was a problem hiding this comment.
| set(AWSSDK_SOURCE "${CMAKE_CURRENT_BINARY_DIR}/awssdk_ep-prefix/src/awssdk_ep") |
| if(DEFINED ENV{ARROW_S2N_URL}) | ||
| set(S2N_SOURCE_URL "$ENV{ARROW_S2N_URL}") | ||
| else() | ||
| set_urls(S2N_SOURCE_URL | ||
| "https://github.com/awslabs/s2n/archive/${ARROW_S2N_BUILD_VERSION}.tar.gz") | ||
| endif() |
There was a problem hiding this comment.
s2n -> s2n-tls?
https://github.com/aws/s2n is redirected to https://github.com/aws/s2n-tls .
There was a problem hiding this comment.
Interestingly the archive files are stored in s2n not s2n-tls. https://github.com/awslabs/s2n-tls/archive/v1.3.27.tar.gz is not found but https://github.com/awslabs/s2n/archive/v1.3.27.tar.gz is.
There was a problem hiding this comment.
awslabs -> aws: https://github.com/aws/s2n-tls/archive/v1.3.27.tar.gz
Could you use S2N_TLS instead of S2N like ARROW_S2N_TLS_URL for all s2n-tls related variables?
BTW, the latest release is 1.3.35: https://github.com/aws/s2n-tls/releases
Can we use the latest version?
There was a problem hiding this comment.
@js854 Could you also confirm the above comment?
There was a problem hiding this comment.
@kou Oh sorry I missed it. I am looking at it now.
| crypto | ||
| ssl |
There was a problem hiding this comment.
Are they artifacts by s2n-tls?
Then we should not create AWS::crypto and AWS::ssl. We should create AWS::s2n-tls and associate libcrypto.a and libssl.a with AWS::s2n-tls.
There was a problem hiding this comment.
It turns out they are not needed. I've removed these two.
| BUILD_BYPRODUCTS ${AWS_CPP_SDK_COGNITO_IDENTITY_STATIC_LIBRARY} | ||
| ${AWS_CPP_SDK_CORE_STATIC_LIBRARY} | ||
| ${AWS_CPP_SDK_IDENTITY_MANAGEMENT_STATIC_LIBRARY} | ||
| ${AWS_CPP_SDK_S3_STATIC_LIBRARY} | ||
| ${AWS_CPP_SDK_STS_STATIC_LIBRARY} | ||
| DEPENDS aws_c_event_stream_ep) | ||
| DEPENDS aws_c_event_stream_ep aws_crt_cpp_ep) |
There was a problem hiding this comment.
Can we remove aws_c_event_stream_ep here because aws_crt_cpp_ep depends on aws_c_event_stream_ep?
| DEPENDS aws_c_event_stream_ep aws_crt_cpp_ep) | |
| DEPENDS aws_crt_cpp_ep) |
cpp/thirdparty/versions.txt
Outdated
| "ARROW_AWS_C_S3_URL aws-c-s3-${ARROW_AWS_C_S3_BUILD_VERSION}.tar.gz https://github.com/awslabs/aws-c-s3/archive/${ARROW_AWS_C_S3_BUILD_VERSION}.tar.gz" | ||
| "ARROW_AWS_C_SDKUTILS_URL aws-c-sdkutils-${ARROW_AWS_C_SDKUTILS_BUILD_VERSION}.tar.gz https://github.com/awslabs/aws-c-sdkutils/archive/${ARROW_AWS_C_SDKUTILS_BUILD_VERSION}.tar.gz" | ||
| "ARROW_AWS_LC_URL aws-lc-${ARROW_AWS_LC_BUILD_VERSION}.tar.gz https://github.com/awslabs/aws-lc/archive/${ARROW_AWS_LC_BUILD_VERSION}.tar.gz" | ||
| "ARROW_S2N_URL s2n-${ARROW_S2N_BUILD_VERSION}.tar.gz https://github.com/awslabs/s2n/archive/${ARROW_S2N_BUILD_VERSION}.tar.gz" |
|
I am stuck on this problem for some time. Due to this, we need to initialize AWS SDK twice in arrow-s3fs-test because AWS SDK is statically linked. With the new 1.10 version, its initialization involves adding an OpenSSL engine here. The problem is, OpenSSL is dynamically linked, so the second initialization will fail due to a name conflict. The problem is the same as this issue. In short, AWS SDK is statically linked but OpenSSL is dynamically linked, so we can't init AWS twice as we have been done in arrow-s3fs-test. What is the best way to resolve this? Any help is appreciated. cc @kou @pitrou |
|
I think we should simply switch to dynamic linking for the AWS SDK. Static linking is fine for leaf dependencies (such as lz4), but it should be unsupported for complex dependencies such as AWS, gRPC, etc. |
|
I'll take a look at this in this week. In general, we need additional work to use dynamic linking for bundled libraries. If we use dynamic linking for bundled libraries, we need to install them but it may overwrite existing libraries. So we need to install them to not |
Well, yes, but so what? People who are concerned about that should use their distribution's packages. |
|
I found out that S2N provides an option |
I think that this is a bad manner. But I just realized that I have never discussed this before. My concern may be overthinking. |
js8544
force-pushed
the
jinshang/bump_aws
branch
from
c554f03 to
27650c3
Compare
|
@github-actions crossbow submit -g cpp -g r |
This comment was marked as outdated.
This comment was marked as outdated.
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
|
@github-actions crossbow submit -g cpp -g r |
This comment was marked as outdated.
This comment was marked as outdated.
|
@github-actions crossbow submit -g cpp -g r |
This comment was marked as outdated.
This comment was marked as outdated.
|
@github-actions crossbow submit -g cpp -g r |
|
Revision: a9b2c3d Submitted crossbow builds: ursacomputing/crossbow @ actions-31adcf1058
|
|
Benchmark runs are scheduled for baseline = 6b65c84 and contender = e11ee40. e11ee40 is a master commit associated with this PR. Results will be available as each benchmark for each run completes. |
|
@github-actions crossbow submit java-jars |
|
Revision: a9b2c3d Submitted crossbow builds: ursacomputing/crossbow @ actions-d606dbb699
|
### Rationale for this change Bump AWS SDK version to 1.10.55. ### What changes are included in this PR? Bump AWS SDK version to 1.10.55. * Closes: apache#20272 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: Sutou Kouhei <kou@clear-code.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
|
@pitrou @kou When updating bundled dependencies please make sure to also update our fallback version in the artifactory to avoid something like #34120 (comment) this was missed in the recent round of version bumps (e.g. #13294). |
|
Oh, sorry. And we should have a script to mirror upstream archives to Artifactory. Could you open an issue for this too? |
…enSSL (#34159) Using OpenSSL causes various issues like #33808 (comment) and #34111. We should try to use aws-lc for libcrypto and libssl. We need to hide them inside s2n-tls to avoid name conflicts with OpenSSL used by other libraries. Some notes: 1. Only linux needs s2n-tls and aws-lc. 2. Because aws-c-http requires curl which requires libcrypto from OpenSSL, we need to hide Aws::libcrypto by S2N_INTERN_LIBCRYPTO=ON. 3. aws-c-cal also uses libcrypto, but it can't hide it. So we need to use OpenSSL instead of aws-lc for it. 4. Mac and windows don't need s2n-tls, but do need some security libs from system, like `-framework Security` and `ncrypt.lib`. 5. arrow-s3fs-test is re-enabled. 6. Force Java Gandiva to use static protobuf lib. * Closes: #34157 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: jinshang <jinshang@tencent.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
### Rationale for this change Bump AWS SDK version to 1.10.55. ### What changes are included in this PR? Bump AWS SDK version to 1.10.55. * Closes: apache#20272 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: Sutou Kouhei <kou@clear-code.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
… of OpenSSL (apache#34159) Using OpenSSL causes various issues like apache#33808 (comment) and apache#34111. We should try to use aws-lc for libcrypto and libssl. We need to hide them inside s2n-tls to avoid name conflicts with OpenSSL used by other libraries. Some notes: 1. Only linux needs s2n-tls and aws-lc. 2. Because aws-c-http requires curl which requires libcrypto from OpenSSL, we need to hide Aws::libcrypto by S2N_INTERN_LIBCRYPTO=ON. 3. aws-c-cal also uses libcrypto, but it can't hide it. So we need to use OpenSSL instead of aws-lc for it. 4. Mac and windows don't need s2n-tls, but do need some security libs from system, like `-framework Security` and `ncrypt.lib`. 5. arrow-s3fs-test is re-enabled. 6. Force Java Gandiva to use static protobuf lib. * Closes: apache#34157 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: jinshang <jinshang@tencent.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
### Rationale for this change Bump AWS SDK version to 1.10.55. ### What changes are included in this PR? Bump AWS SDK version to 1.10.55. * Closes: apache#20272 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: Sutou Kouhei <kou@clear-code.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
… of OpenSSL (apache#34159) Using OpenSSL causes various issues like apache#33808 (comment) and apache#34111. We should try to use aws-lc for libcrypto and libssl. We need to hide them inside s2n-tls to avoid name conflicts with OpenSSL used by other libraries. Some notes: 1. Only linux needs s2n-tls and aws-lc. 2. Because aws-c-http requires curl which requires libcrypto from OpenSSL, we need to hide Aws::libcrypto by S2N_INTERN_LIBCRYPTO=ON. 3. aws-c-cal also uses libcrypto, but it can't hide it. So we need to use OpenSSL instead of aws-lc for it. 4. Mac and windows don't need s2n-tls, but do need some security libs from system, like `-framework Security` and `ncrypt.lib`. 5. arrow-s3fs-test is re-enabled. 6. Force Java Gandiva to use static protobuf lib. * Closes: apache#34157 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: jinshang <jinshang@tencent.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
…enSSL (#34159) Using OpenSSL causes various issues like apache/arrow#33808 (comment) and apache/arrow#34111. We should try to use aws-lc for libcrypto and libssl. We need to hide them inside s2n-tls to avoid name conflicts with OpenSSL used by other libraries. Some notes: 1. Only linux needs s2n-tls and aws-lc. 2. Because aws-c-http requires curl which requires libcrypto from OpenSSL, we need to hide Aws::libcrypto by S2N_INTERN_LIBCRYPTO=ON. 3. aws-c-cal also uses libcrypto, but it can't hide it. So we need to use OpenSSL instead of aws-lc for it. 4. Mac and windows don't need s2n-tls, but do need some security libs from system, like `-framework Security` and `ncrypt.lib`. 5. arrow-s3fs-test is re-enabled. 6. Force Java Gandiva to use static protobuf lib. * Closes: #34157 Lead-authored-by: Jin Shang <shangjin1997@gmail.com> Co-authored-by: jinshang <jinshang@tencent.com> Co-authored-by: Sutou Kouhei <kou@cozmixng.org> Signed-off-by: Sutou Kouhei <kou@clear-code.com>
Rationale for this change
Bump AWS SDK version to 1.10.55.
What changes are included in this PR?
Bump AWS SDK version to 1.10.55.