MIRRORS/meta-freescale
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-freescale.git synced 2025-07-19 12:59:04 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

openssl: append to OE-core

Browse Source 
Instead of maintaing 98% copy of OE-core recipe without being up-to-date
as good as possible, inject patches into OE-core recipe of openssl when
compiling for the right platform.

Signed-off-by: Jens Rehsack <sno@netbsd.org>
This commit is contained in:
Jens Rehsack 2020-05-30 21:32:58 +02:00 committed by Otavio Salvador
parent abd947e51b
commit b837841b32
7 changed files with 6 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf/machine/include/qoriq-base.inc
View File

@ -2,7 +2,6 @@
PREFERRED_PROVIDER_cryptodev-linux = "cryptodev-qoriq-linux"
PREFERRED_PROVIDER_cryptodev-module = "cryptodev-qoriq-module"
PREFERRED_PROVIDER_cryptodev-tests = "cryptodev-qoriq-tests"
PREFERRED_PROVIDER_openssl = "openssl-qoriq"
PREFERRED_PROVIDER_u-boot ?= "u-boot-qoriq"
PREFERRED_PROVIDER_u-boot-fw-utils ?= "${PREFERRED_PROVIDER_u-boot}-fw-utils"
PREFERRED_PROVIDER_virtual/bootloader ?= "u-boot-qoriq"

1
recipes-connectivity/openssl/files/environment.d-openssl.sh
View File

@ -1 +0,0 @@
export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"

76
recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
View File

@ -1,76 +0,0 @@
From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
Date: Tue, 6 Nov 2018 14:50:47 +0100
Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
info
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The openssl build system generates buildinf.h containing the full
compiler command line used to compile objects. This breaks
reproducibility, as the compile command is baked into libcrypto, where
it is used when running `openssl version -f`.
Add stripped build variables for the compiler and cflags lines, and use
those when generating buildinfo.h.
This is based on a similar patch for older openssl versions:
https://patchwork.openembedded.org/patch/147229/
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
Configurations/unix-Makefile.tmpl | 10 +++++++++-
crypto/build.info | 2 +-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
+# *_Q variables are used for one thing only: to build up buildinf.h
CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
$cppflags2 =~ s|([\\"])|\\$1|g;
$lib_cppflags =~ s|([\\"])|\\$1|g;
join(' ', $lib_cppflags || (), $cppflags2 || (),
$cppflags1 || ()) -}
+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
+ }
+ join(' ', @{$config{CFLAGS}}) -}
+
+CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
+ join(' ', $config{CC}) -}
+
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
# For x86 assembler: Set PROCESSOR to 386 if you want to support
diff --git a/crypto/build.info b/crypto/build.info
index b515b7318e..8c9cee2a09 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
DEPEND[cversion.o]=buildinf.h
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
DEPEND[buildinf.h]=../configdata.pm
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
--
2.19.1

29
recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch
View File

@ -1,29 +0,0 @@
From 097b9081eced6ffc13c6cbb83abf7110baeca902 Mon Sep 17 00:00:00 2001
From: Chunrong Guo <chunrong.guo@nxp.com>
Date: Mon, 14 Oct 2019 14:59:11 +0800
Subject: [PATCH] skip test_symbol_presence
Upstream-Status: Inappropriate [OE Specific]
Signed-off-by: BJ DevOps Team <bjdevops@NXP1.onmicrosoft.com>
---
test/recipes/01-test_symbol_presence.t | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 7f2a2d7..918a8a19 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
setup("test_symbol_presence");
-plan skip_all => "Only useful when building shared libraries"
- if disabled("shared");
+plan skip_all => "The case needs debug symbols then we just disable it";
my @libnames = ("crypto", "ssl");
my $testcount = scalar @libnames;
--
2.7.4

31
recipes-connectivity/openssl/openssl-qoriq/afalg.patch
View File

@ -1,31 +0,0 @@
Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/Configure b/Configure
index 3baa8ce..9ef52ed 100755
--- a/Configure
+++ b/Configure
@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
unless ($disabled{afalgeng}) {
$config{afalgeng}="";
if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
- my $minver = 4*10000 + 1*100 + 0;
- if ($config{CROSS_COMPILE} eq "") {
- my $verstr = `uname -r`;
- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
- ($mi2) = $mi2 =~ /(\d+)/;
- my $ver = $ma*10000 + $mi1*100 + $mi2;
- if ($ver < $minver) {
- disable('too-old-kernel', 'afalgeng');
- } else {
- push @{$config{engdirs}}, "afalg";
- }
- } else {
- disable('cross-compiling', 'afalgeng');
- }
+ push @{$config{engdirs}}, "afalg";
} else {
disable('not-linux', 'afalgeng');
}

219
recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb
View File

@ -1,219 +0,0 @@
SUMMARY = "Secure Socket Layer"
DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
HOMEPAGE = "http://www.openssl.org/"
BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
SECTION = "libs/network"
DISABLE_STATIC = ""
# "openssl" here actually means both OpenSSL and SSLeay licenses apply
# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
DEPENDS = "hostperl-runtime-native"
SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1 \
file://run-ptest \
file://0001-skip-test_symbol_presence.patch \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
"
SRCREV = "36eadf1f84daa965041cce410b4ff32cbda4ef08"
SRC_URI_append_class-nativesdk = " \
file://environment.d-openssl.sh \
"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
PROVIDES = "openssl"
python() {
pkgs = d.getVar('PACKAGES').split()
for p in pkgs:
if 'openssl-qoriq' in p:
d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl'))
d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
}
PACKAGECONFIG ?= ""
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""
PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
S = "${WORKDIR}/git"
#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
do_configure () {
os=${HOST_OS}
case $os in
linux-gnueabi |\
linux-gnuspe |\
linux-musleabi |\
linux-muslspe |\
linux-musl )
os=linux
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm*)
target=linux-armv4
;;
linux-aarch64*)
target=linux-aarch64
;;
linux-i?86 | linux-viac3)
target=linux-x86
;;
linux-gnux32-x86_64 | linux-muslx32-x86_64 )
target=linux-x32
;;
linux-gnu64-x86_64)
target=linux-x86_64
;;
linux-mips | linux-mipsel)
# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
target="linux-mips32 ${TARGET_CC_ARCH}"
;;
linux-gnun32-mips*)
target=linux-mips64
;;
linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
target=linux64-mips64
;;
linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
target=linux-generic32
;;
linux-powerpc)
target=linux-ppc
;;
linux-powerpc64)
target=linux-ppc64
;;
linux-riscv32)
target=linux-generic32
;;
linux-riscv64)
target=linux-generic64
;;
linux-sparc | linux-supersparc)
target=linux-sparcv9
;;
esac
useprefix=${prefix}
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
perl ${B}/configdata.pm --dump
}
do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
oe_multilib_header openssl/opensslconf.h
# Create SSL structure for packages such as ca-certificates which
# contain hard-coded paths to /etc/ssl. Debian does the same.
install -d ${D}${sysconfdir}/ssl
mv ${D}${libdir}/ssl-1.1/certs \
${D}${libdir}/ssl-1.1/private \
${D}${libdir}/ssl-1.1/openssl.cnf \
${D}${sysconfdir}/ssl/
# Although absolute symlinks would be OK for the target, they become
# invalid if native or nativesdk are relocated from sstate.
ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
}
do_install_append_class-native () {
create_wrapper ${D}${bindir}/openssl \
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
}
do_install_append_class-nativesdk () {
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
}
PTEST_BUILD_HOST_FILES += "configdata.pm"
PTEST_BUILD_HOST_PATTERN = "perl_version ="
do_install_ptest () {
# Prune the build tree
rm -f ${B}/fuzz/*.* ${B}/test/*.*
cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
# For test_shlibload
ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
install -d ${D}${PTEST_PATH}/apps
ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
install -d ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
}
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the openssl-bin package and the libcrypto
# package since the openssl-bin package depends on the libcrypto package.
PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
FILES_${PN}-engines = "${libdir}/engines-1.1"
FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT = "openssl:openssl"

6
recipes-connectivity/openssl/openssl_%.bbappend Normal file
View File

@ -0,0 +1,6 @@
FILESEXTRAPATHS_append := "${THISDIR}/${PN}-qoriq:"
SRC_URI_append_qoriq = " \
file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
"