From c226820183f44a2830b5172cac5888b17872c5c8 Mon Sep 17 00:00:00 2001 From: Andre McCurdy Date: Mon, 20 Aug 2018 17:47:28 -0700 Subject: openssl: fix hardcoded paths in native for openssl 1.1 Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. Solution for openssl 1.1, based on the existing solution from openssl 1.0: http://git.openembedded.org/openembedded-core/commit/?id=771d3123331fbfab1eb9ce47e3013eabcb2248f5 Signed-off-by: Andre McCurdy Signed-off-by: Richard Purdie --- ...SLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch | 39 ++++++++++++++++++++++ .../recipes-connectivity/openssl/openssl_1.1.0i.bb | 10 ++++++ 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch diff --git a/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch b/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch new file mode 100644 index 0000000000..67d06fc78e --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch @@ -0,0 +1,39 @@ +From 26e98beb8a987cdc69699aaffc5599926fb1b293 Mon Sep 17 00:00:00 2001 +From: Andre McCurdy +Date: Fri, 17 Aug 2018 20:33:44 -0700 +Subject: [PATCH] allow OPENSSLDIR and ENGINESDIR CFLAGS to be controlled + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Andre McCurdy +--- + Configurations/unix-Makefile.tmpl | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 034d93e..2310d12 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -156,6 +156,10 @@ LIBDIR={- # + ENGINESDIR={- use File::Spec::Functions; + catdir($prefix,$libdir,"engines-$sover") -} + ++# Intermediate variables so the values defined via CFLAGS can be controlled. ++OE_DOPENSSLDIR=$(OPENSSLDIR) ++OE_DENGINESDIR=$(ENGINESDIR) ++ + # Convenience variable for those who want to set the rpath in shared + # libraries and applications + LIBRPATH=$(INSTALLTOP)/$(LIBDIR) +@@ -174,7 +178,7 @@ HTMLSUFFIX=html + + CROSS_COMPILE= {- $config{cross_compile_prefix} -} + CC= $(CROSS_COMPILE){- $target{cc} -} +-CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} ++CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OE_DOPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(OE_DENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} + CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} + LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} + PLIB_LDFLAGS= {- $target{plib_lflags} -} +-- +1.9.1 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb index 507f8f881b..d2f2624f9e 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb @@ -14,6 +14,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://openssl-c_rehash.sh \ file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \ + file://0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch \ " SRC_URI_append_class-nativesdk = " \ @@ -30,6 +31,9 @@ inherit lib_package multilib_header ptest relative_symlinks #| ./libcrypto.so: undefined reference to `makecontext' EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC" +EXTRA_OEMAKE_append_class-native = " OE_DOPENSSLDIR='/not/builtin' OE_DENGINESDIR='/not/builtin'" +EXTRA_OEMAKE_append_class-nativesdk = " OE_DOPENSSLDIR='/not/builtin' OE_DENGINESDIR='/not/builtin'" + do_configure () { os=${HOST_OS} case $os in @@ -116,6 +120,12 @@ do_install () { } do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl-1.1/engines + # Install a custom version of c_rehash that can handle sysroots properly. # This version is used for example when installing ca-certificates during # image creation. -- cgit 1.2.3-korg