BLD/RLS: ensure wheels are including GDAL built with openssl #506
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
And to be clear, the curl that is included in our wheels that gdal uses for other cloud interaction is built with openssl (as far as I can see in the logs (example log), at least), it's only for a few other things (like google cloud authorization) that GDAL needs itself to be directly built with openssl |
|
And based on my comment at #161 (comment), we did correctly build with libcrypto in the past, but I assume because of how vcpkg refactored the gdal port to allow better selection of individual features, we accidentally lost that (that also means we could now remove the |
|
Great, this passes, and can confirm locally that with the built wheel from CI my test data can be read from GCS! |
brendan-ward
approved these changes
Dec 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I am running into the issue that pyogrio (or geopandas with the pyogrio engine) cannot read a file from Google Cloud Storage.
I get intermittently either a
DataSourceError: CPLRSASHA256Sign() not implemented: GDAL must be built against libcrypto++ or libcrypto (openssl)orDataSourceError: HTTP response code: 403.This is specifically with the wheels (with conda it works), and using fiona it also works. The first error message seems to indicate we don't properly built with openssl, although vcpkg does install openssl. For the Fiona wheels (and the conda libgdal), I can verify with
lddthat the libgdal.so included in the wheel is linking against libcrypto (which comes from openssl). For our own wheel I can't check that the same way because we statically link the gdal dependencies into libgdal.so.Now, based on the fact that sometimes the message indicates GDAL is not built against libcrypto, I am assuming this is indeed the case.
Looking a bit further into this, the logs of building GDAL with vcpkg on CI clearly shows that vcpkg is also installing openssl. However, the vcpkg port of GDAL has an explicit "feature" for openssl (https://github.com/microsoft/vcpkg/blob/14542c8ad9b6bcb9da755884ab823605c3300b68/ports/gdal/vcpkg.json#L227-L232), and that we are not explicitly enabling. And while GDAL's cmake default is to built against OpenSSL if it is found (docs), I am assuming that vcpkg might override this default to disable
GDAL_USE_OPENSSLif you don't explicitly enable the feature through the vcpkg install of gdal (https://github.com/microsoft/vcpkg/blob/14542c8ad9b6bcb9da755884ab823605c3300b68/ports/gdal/portfile.cmake#L47C26-L47C42, not entirely sure howvcpkg_check_featuresworks).So testing this hypothesis here by explicitly adding
"openssl"as a vcpkg feature for gdal. I should be able to test the generated wheel. Although not entirely sure if we also have a way we can test this on CI.