diff --git a/src/libmain/local.mk b/src/libmain/local.mk index 16dbf7528..4ff114e4b 100644 --- a/src/libmain/local.mk +++ b/src/libmain/local.mk @@ -6,6 +6,8 @@ libmain_DIR := $(d) libmain_SOURCES := $(wildcard $(d)/*.cc) +libutil_LDFLAGS = $(OPENSSL_LIBS) + libmain_LIBS = libstore libutil libformat libmain_ALLOW_UNDEFINED = 1 diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index 88ed52497..8f2aa8420 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -5,10 +5,11 @@ #include "store-api.hh" #include "util.hh" -#include +#include #include #include -#include +#include +#include #include #include @@ -16,7 +17,7 @@ #include #include -extern char * * environ; +#include namespace nix { @@ -103,7 +104,18 @@ string getArg(const string & opt, } -void detectStackOverflow(); +/* OpenSSL is not thread-safe by default - it will randomly crash + unless the user supplies a mutex locking function. So let's do + that. */ +static std::vector opensslLocks; + +static void opensslLockCallback(int mode, int type, const char * file, int line) +{ + if (mode & CRYPTO_LOCK) + opensslLocks[type].lock(); + else + opensslLocks[type].unlock(); +} void initNix() @@ -119,6 +131,10 @@ void initNix() if (getEnv("IN_SYSTEMD") == "1") logType = ltSystemd; + /* Initialise OpenSSL locking. */ + opensslLocks = std::vector(CRYPTO_num_locks()); + CRYPTO_set_locking_callback(opensslLockCallback); + settings.processEnvironment(); settings.loadConfFile(); diff --git a/src/libmain/shared.hh b/src/libmain/shared.hh index 3f3f6f723..0682267fa 100644 --- a/src/libmain/shared.hh +++ b/src/libmain/shared.hh @@ -101,4 +101,8 @@ struct PrintFreed }; +/* Install a SIGSEGV handler to detect stack overflows. */ +void detectStackOverflow(); + + }