openssl-native(sdk): poision built in paths

Message ID	20250228203206.1979714-3-danismostlikely@gmail.com
State	Accepted, archived
Commit	d1b29222ad6243c15275a04f9de5989cf158cb2e
Headers	show Return-Path: <danismostlikely@gmail.com> ip: 209.85.166.179, mailfrom: danismostlikely@gmail.com) From: Dan McGregor <danismostlikely@gmail.com> To: openembedded-core@lists.openembedded.org Subject: [PATCH] openssl-native(sdk): poision built in paths Date: Fri, 28 Feb 2025 14:32:06 -0600 Message-ID: <20250228203206.1979714-3-danismostlikely@gmail.com> In-Reply-To: <20250228203206.1979714-1-danismostlikely@gmail.com> References: <20250228203206.1979714-1-danismostlikely@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	openssl-native(sdk): poision built in paths \| expand openssl-native(sdk): poision built in paths

Message ID

20250228203206.1979714-3-danismostlikely@gmail.com

State

Accepted, archived

Commit

d1b29222ad6243c15275a04f9de5989cf158cb2e

Headers

From: Dan McGregor <danismostlikely@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] openssl-native(sdk): poision built in paths
Date: Fri, 28 Feb 2025 14:32:06 -0600
Message-ID: <20250228203206.1979714-3-danismostlikely@gmail.com>
In-Reply-To: <20250228203206.1979714-1-danismostlikely@gmail.com>
References: <20250228203206.1979714-1-danismostlikely@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

openssl-native(sdk): poision built in paths | expand

Commit Message

Dan McGregor Feb. 28, 2025, 8:32 p.m. UTC

From: Dan McGregor <dan.mcgregor@usask.ca>

Long ago, in the OpenSSL 1.1 days changing CFLAGS worked to override
hard-coded paths in the OpenSSL libraries. Even as far back as
kirkstone this was no longer working.

Override make variables instead to poision the paths that get built
into the native (and nativesdk) libraries so they become relocatable
again.

While here, remove the -isystem<foo> compiler argument from the compiler
command line stored in the library, just like we already remove the
prefix-map and sysroot arguments.

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
---
 ...-sysroot-and-debug-prefix-map-from-co.patch | 18 +++++++++++-------
 .../openssl/openssl_3.4.1.bb                   |  4 ++--
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index b8672735abe..91a95d89290 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -30,23 +30,26 @@  Update to fix buildpaths qa issue for '-ffile-prefix-map'.
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
 ---
- Configurations/unix-Makefile.tmpl | 12 +++++++++++-
+ Configurations/unix-Makefile.tmpl | 16 +++++++++++++++-
  crypto/build.info                 |  2 +-
- 2 files changed, 12 insertions(+), 2 deletions(-)
+ 2 files changed, 16 insertions(+), 2 deletions(-)
 
-Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
-===================================================================
---- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
-+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
-@@ -502,13 +502,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 09303c4..011bda1 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -502,13 +502,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
                           '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
  BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
  
 -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
 +# *_Q variables are used for one thing only: to build up buildinf.h
  CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
++              $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g;
                $cppflags2 =~ s|([\\"])|\\$1|g;
++              $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g;
                $lib_cppflags =~ s|([\\"])|\\$1|g;
++              $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g;
                join(' ', $lib_cppflags || (), $cppflags2 || (),
                          $cppflags1 || ()) -}
  
@@ -54,6 +57,7 @@  Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
 +              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
 +              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
 +              s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
++              s|-isystem/[^ ]+/usr/include ||g;
 +            }
 +            join(' ', @{$config{CFLAGS}}) -}
 +
diff --git a/meta/recipes-connectivity/openssl/openssl_3.4.1.bb b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
index 1a054a36753..8da64aea6a3 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.4.1.bb
@@ -49,8 +49,8 @@  EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom"
 EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom"
 
 # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
-CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"'
+EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"'
 
 # This allows disabling deprecated or undesirable crypto algorithms.
 # The default is to trust upstream choices.

openssl-native(sdk): poision built in paths

Commit Message

Patch