From d1b29222ad6243c15275a04f9de5989cf158cb2e Mon Sep 17 00:00:00 2001 From: Dan McGregor Date: Fri, 28 Feb 2025 14:32:06 -0600 Subject: [PATCH] openssl-native(sdk): poision built in paths Long ago, in the OpenSSL 1.1 days changing CFLAGS worked to override hard-coded paths in the OpenSSL libraries. Even as far back as kirkstone this was no longer working. Override make variables instead to poision the paths that get built into the native (and nativesdk) libraries so they become relocatable again. While here, remove the -isystem compiler argument from the compiler command line stored in the library, just like we already remove the prefix-map and sysroot arguments. Signed-off-by: Dan McGregor Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- ...-sysroot-and-debug-prefix-map-from-co.patch | 18 +++++++++++------- .../openssl/openssl_3.4.1.bb | 4 ++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index b8672735ab..91a95d8929 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -30,23 +30,26 @@ Update to fix buildpaths qa issue for '-ffile-prefix-map'. Signed-off-by: Khem Raj --- - Configurations/unix-Makefile.tmpl | 12 +++++++++++- + Configurations/unix-Makefile.tmpl | 16 +++++++++++++++- crypto/build.info | 2 +- - 2 files changed, 12 insertions(+), 2 deletions(-) + 2 files changed, 16 insertions(+), 2 deletions(-) -Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl -=================================================================== ---- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl -+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl -@@ -502,13 +502,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 09303c4..011bda1 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -502,13 +502,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h +# *_Q variables are used for one thing only: to build up buildinf.h CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; ++ $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g; $cppflags2 =~ s|([\\"])|\\$1|g; ++ $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g; $lib_cppflags =~ s|([\\"])|\\$1|g; ++ $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g; join(' ', $lib_cppflags || (), $cppflags2 || (), $cppflags1 || ()) -} @@ -54,6 +57,7 @@ Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; ++ s|-isystem/[^ ]+/usr/include ||g; + } + join(' ', @{$config{CFLAGS}}) -} + diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.1.bb b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb index 1a054a3675..8da64aea6a 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.4.1.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb @@ -49,8 +49,8 @@ EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom" EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom" # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' +EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' # This allows disabling deprecated or undesirable crypto algorithms. # The default is to trust upstream choices. -- 2.47.2