diff mbox series

openssl: add workaround for broken paths in native libcrypto.pc

Message ID 20250703132105.4005278-1-ejo@pengutronix.de
State New
Headers show
Series openssl: add workaround for broken paths in native libcrypto.pc | expand

Commit Message

Enrico Jörns July 3, 2025, 1:21 p.m. UTC 
Since d1b29222 ("openssl-native(sdk): poision built in paths") the
workaround for host path contamination in native(sdk) openssl is fixed.
But an unfortunate side-effect of forcing the directory variables
(OPENSSLDIR, ENGINESDIR, MODULESDIR) to be invalid is that it renders
the generated native pkg-config file (libcrypto.pc) unusable:

  [..]
  includedir=${prefix}/include
  enginesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin
  modulesdir=${libdir}/../../../../../../../../../../../../../../../../not/builtin

  Name: OpenSSL-libcrypto
  [..]

This will prevent other native tools (like libp11-native) from
installing their (.so) files into valid OpenSSL directories.

The strange paths are a result of OpenSSL's build system attempting to
resolve the dummy path "/not/builtin" relative to ${libdir} for
libcrypto.pc.in:

| enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0] -}

There doesn't appear to be a straightforward way to avoid embedding a
built-in host path while still generating a valid libcrypto.pc file.

This workaround now post-fixes the .pc files for openssl-native by using
two sed calls to replace the invalid paths with the valid ones.
(To prevent bitbake from early expanding the libdir variables, use a
group as a simple hack.)

Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
---
 meta/recipes-connectivity/openssl/openssl_3.5.0.bb | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.0.bb b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
index 0f5c28dafa..a7d08d5b86 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
@@ -192,6 +192,11 @@  do_install:append:class-native () {
 	    SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \
 	    OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \
 	    OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules}
+
+	# Setting ENGINESDIR and MODULESDIR to invalid paths prevents host contamination,
+	# but also breaks the generated libcrypto.pc file. Post-Fix it manually here.
+	sed -i 's|^enginesdir=\($.libdir.\)/.*|enginesdir=\1/engines-3|' ${D}${libdir}/pkgconfig/libcrypto.pc
+	sed -i 's|^modulesdir=\($.libdir.\)/.*|modulesdir=\1/ossl-modules|' ${D}${libdir}/pkgconfig/libcrypto.pc
 }
 
 do_install:append:class-nativesdk () {