From 6c556ed3553d8f5e75d65cd7db92b26df43846b7 Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky@intel.com>
Date: Sat, 10 Mar 2018 11:27:29 -0800
Subject: openssl_1.0.2n: improve reproducibility

Improve reproducible build of:

openssl-staticdev
openssl-dbg
libcrypto

There are two main causes that prevent reproducible build, both related to
the generated file "buildinf.h":

1. "buildinf.h" contains build host CFLAGS, containing various build
   host references.  We need to pass sanitized CFLAGS to the script
   generating this file ("mkbuildinf.pl". )

2. We also need to modify the script "mkbuildinf.pl" itsel in order to
   generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
   the environment.

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../openssl-1.0.2n/reproducible-cflags.patch        | 20 ++++++++++++++++++++
 .../openssl-1.0.2n/reproducible-mkbuildinf.patch    | 21 +++++++++++++++++++++
 meta/recipes-connectivity/openssl/openssl10.inc     |  3 +++
 meta/recipes-connectivity/openssl/openssl_1.0.2n.bb |  5 +++++
 4 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch

(limited to 'meta/recipes-connectivity')

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
new file mode 100644
index 0000000000..2803cb0393
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
@@ -0,0 +1,20 @@
+Allow passing custom c-flags to mkbuildinf.pl in order to pass
+flags without any build host references
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- Makefile	2018-03-06 14:50:18.342138147 -0800
++++ Makefile	2018-03-06 15:24:04.794239071 -0800
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -55,7 +55,7 @@
+ all: shared
+ 
+ buildinf.h: ../Makefile
+-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
+ 
+ x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
+ 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
new file mode 100644
index 0000000000..b556731219
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
@@ -0,0 +1,21 @@
+If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
+Also make sure to use UTC time.
+
+Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- mkbuildinf.pl	2018-03-06 14:20:09.438048058 -0800
++++ mkbuildinf.pl	2018-03-06 14:19:20.722045632 -0800
+--- a/util/mkbuildinf.pl
++++ b/util/mkbuildinf.pl
+@@ -3,7 +3,8 @@
+ my ($cflags, $platform) = @ARGV;
+ 
+ $cflags = "compiler: $cflags";
+-$date = localtime();
++my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
++
+ print <<"END_OUTPUT";
+ #ifndef MK1MF_BUILD
+     /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
index 02a0e16e97..0598195965 100644
--- a/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/meta/recipes-connectivity/openssl/openssl10.inc
@@ -162,6 +162,9 @@ do_configure () {
 
 do_compile_prepend_class-target () {
     sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+    oe_runmake depend
+	cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
+	oe_runmake CC_INFO="${cc_sanitized}"
 }
 
 do_compile () {
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
index 75e44bae9f..ae851067f9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
@@ -42,6 +42,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
            file://0001-Fix-build-with-clang-using-external-assembler.patch \
            file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
            "
+
+SRC_URI_append_class-target = "\
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
 SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4"
 SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe"
 
-- 
cgit 1.2.3-korg