Failed to build aws-lc-fips-sys v0.13.15 for arm #762
Comments
|
Hello! This is a target that our CI builds/tests w/ FIPS, so there should be a way to get it working. This is an issue related to our "delocator". (The use of the delocator is unique to our FIPS build. Its purpose is discussed here.) Such problems are typically compiler-specific, so using another compiler might be all that's needed. Users often have more success with the FIPS build when using a "clang" compiler. But I notice that your environment does have a preference for Perhaps you don't have a Clang compiler installed? Or perhaps another environment variable (like I hope the above helps! Please let us know if you identify the root cause. |
|
We're seeing a similar error. When we switch to using clang with We see something like this, though maybe this is more of an issue with our dockerfile than with the specifics of the build process? |
|
Hello! So, "musl" targets differ from "gnu" targets in that they typically statically link to the musl libc library. For this reason, it's best to use a cross-compiler specifically configured for a musl target. I found some guidance on how to compile to a musl target here: https://wiki.musl-libc.org/getting-started.html I'm not sure about your build environment, but most Linux distributions have packages that provide cross-compilers for "musl". (On a related note, I recently submitted this PR upstream to cc-rs to help it find a musl compiler for |
|
Something seems to be up with the I switched to building with gcc and was able to reproduce the issue in a dockerfile: FROM public.ecr.aws/docker/library/alpine:3.20
ARG PLATFORM
RUN apk add --no-cache \
curl \
gcc \
musl-dev \
perl \
go \
cmake \
make \
linux-headers
RUN curl https://sh.rustup.rs -sSf | \
sh -s -- --profile minimal --default-toolchain stable-$PLATFORM-unknown-linux-musl -y
ENV PATH=/root/.cargo/bin:$PATH
RUN rustup component add rust-src --toolchain stable-$PLATFORM-unknown-linux-musl
RUN cargo new build_checker --edition 2021
WORKDIR /build_checker
# This is necessary for linking with alpine and musl
ENV RUSTFLAGS="-C link-arg=-lgcc"
# check that empty project builds
RUN cargo build
RUN cargo add aws-lc-rs --features fips
RUN cargo tree
RUN echo "[profile.release]" >> Cargo.toml
RUN echo "opt-level = \"z\"" >> Cargo.toml
RUN cat Cargo.toml
RUN cargo +stable build --verbose --release --target $PLATFORM-unknown-linux-muslThis succeeds when building with
but fails for
Seems like there's something up with the opt-level. Both "z" and "s" result in the error below, but on Alpine linux ARM. No such error on AMD. |
|
Hello again! I think you've run into a variant of aws/aws-lc#2010. It occurs consistently for GCC >= v14, but I've also seen it with v12 and v13 when compiling for a "musl" target (as your output above indicates). The failure is related to our "delocator", which is unique to our FIPS build. Its purpose is discussed here. Failures due to the delocator are typically compiler-specific, so switching to another compiler version might be the easiest workaround. Compiling for "musl" might make switching compilers a little more challenging. In general, we recommend using "clang" when compiling for FIPS. Sorry about this difficulty. Please let us know if you have any other questions. |
|
Unfortunately I was unable to get a clang equivalent build process up in that dockerfile (though it does work on an Amazon Linux 2 base). It runs into a some sort of clang/cmake issue with the linker, but that's been really hard to debug since it's a few layers below the |
|
We have an Alpine docker image that we use for CI here. However, we don't use that image to test our FIPS build. You might also check out our use of cross-rs -- here -- where we do test our FIPS build for both Feel free to browse our CI configurations to see how we've setup various builds. Let us know if you have any questions! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
Failed to build aws-lc-fips-sys v0.13.15 for target
aarch64_unknown_linux_musl.Build output:
The text was updated successfully, but these errors were encountered: