New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search for libblosc2 with pkg-config if not in the python blosc2 installation #1000
Conversation
cb5e062
to
73770df
Compare
@bnavigator thanks for submitting this PR. |
@bnavigator If I read this correctly, this would use the system blosc2 library in case this is not found; could you develop more on why this could happen when python-blosc2 is a requirement? If for some reason you want to enforce this, wouldn't be better to use an environment variable (let's say |
I made it because like @avalentino pointed out in #983 linux distributions like to separate libraries and python modules. The I made this before I have seen #983, and #983 seems to inlcude a lot more stuff which is not yet merged into the main branch. |
Ah, that clarifies your intent indeed. Just to confirm, python-blosc2 is not meant as a strict requirement, but as a way to be able to fulfill dependencies and publish our wheels. After figuring out what you are after, I suggest to first try to use the system c-blosc2 and then fallback to use the python-blosc2 wheel. |
13ad71f
to
3b50636
Compare
5998404
to
0c1c417
Compare
Hi @bnavigator, builds on windows are still failing due to a blosc2 relate issue. |
0c1c417
to
8653aca
Compare
8653aca
to
f16c76f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me. I have just found a small issue in the minimum blosc2 required.
Thanks @bnavigator |
blosc2_found = False | ||
blosc2_search_paths = [blosc2_lib_hardcoded, | ||
os.path.join(current_dir, blosc2_lib_hardcoded), | ||
find_library("blosc2")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see a few problems:
find_library()
returns None if it doesn't find the library, andcdll.LoadLibrary(None)
doesn't DTRT:
>>> ctypes.util.find_library('missing.so') is None
True
>>> ctypes.cdll.LoadLibrary(None)
<CDLL 'None', handle 7f317dd372c0 at 0x7f316f9e7f10>
That loop needs an additional if blosc2_lib
check.
-
Loading of library from $PWD creates the obvious security issue where an attacker can place a file in $PWD and cause the user to load it. Loading from $PWD can be done in a test environment, but MUST NOT be done in production code.
-
find_library()
doesn't seem to fit the bill. Quoting the docs: "The purpose of the find_library() function is to locate a library in a way similar to what the compiler or runtime loader does (on platforms with several versions of a shared library the most recent should be loaded)". It would find the newest version of the library, which might or might not be what is needed. The whole point of the SONAME field (i.e. the thing that gives the .2 suffix) is to refer to a specific version from code using the library, so that when a future incompatible version appears, existing code is not broken.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://src.fedoraproject.org/rpms/python-tables/blob/rawhide/f/0007-Drop-misguided-check.patch
This is the patch I pushed in Fedora. It ignores non-Linux systems, so it's not suitable for inclusion upstream.
Dear @keszybz, I think that the purpose of that code is just to raise an early error in case any kind of block2 library is available in the system.
for blosc2_lib in blosc2_search_paths:
try:
- cdll.LoadLibrary(blosc2_lib)
- blosc2_found = True
- break
+ if blosc2_lib and cdll.LoadLibrary(blosc2_lib) is not None:
+ blosc2_found = True
+ break
except OSError:
pass
As I said we use Please let me know if the patch proposed at point 1. is OK for you, and I will commit it. |
Hi, sorry for my snarky tone earlier. There was no good reason for it.
Yes. This check is not very useful on systems with package management, but it makes sense in other scenarios.
I think this is better: for blosc2_lib in blosc2_search_paths:
if blosc2_lib:
try:
cdll.LoadLibrary(blosc2_lib)
except OSError:
pass
break
else:
raise RuntimeError(…)
Yep, my bad. There is no security issue.
Let's say that we have
I don't think it quite fixes the issue, because of the problem with |
no problem
OK, but we still need to check the case in which
My point is that in the worst case we could have a misdetection of the correct version of the By the way I agree with you that it makes totally sense to drop totally the |
I'm not sure. blosc2 doesn't use versioned symbols, so only one version of each symbol (function) can be loaded into the global namespace. So when the library is loaded in the normal fashion (with |
This is a bit different than #983, but works for my packaging efforts on openSUSE. I thought I should share. Feel free to use it in #983 or modify.