| Message ID | 20260612153339.2514304-1-ecordonnier@snap.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-oe,1/2] android-libboringssl: add new recipe for BoringSSL shared libraries | expand |
On Fri, Jun 12, 2026 at 4:33 PM Etienne Cordonnier via lists.openembedded.org <ecordonnier=snap.com@lists.openembedded.org> wrote: > > From: Etienne Cordonnier <ecordonnier@snap.com> > > Add a recipe shipping the BoringSSL shared libraries required by > android-tools-adbd. BoringSSL is the TLS/crypto library used by adbd > for ADB authentication. > > The libraries are installed under ${libdir}/android/ to avoid conflicting > with the system libcrypto/libssl in the sysroot. A SOVERSION=0 patch is > applied so Yocto's standard .so / .so.0 packaging split works correctly. > An ld.so.conf.d drop-in registers ${libdir}/android so binaries can find > the libraries at runtime. > > This recipe is tightly coupled to android-tools: update it together when > upgrading android-tools to a new version. > > AI-Generated: Uses GitHub Copilot (Claude Sonnet 4.6) > > Signed-off-by: Mihajlo Marinkovic <mmarinkovic@snap.com> > Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com> > --- Just sent this: https://patchwork.yoctoproject.org/project/oe/patch/20260613073026.529355-2-alex.kiernan@gmail.com/ Which I needed to get it to build against current master OE-Core (at least I think that's what was the important dimension). > ...ION-0-to-crypto-and-ssl-shared-libra.patch | 62 ++++++++++++++++ > .../android-libboringssl/boringssl-go-stub | 22 ++++++ > .../boringssl-gtest-stub.cc | 1 + > .../android-libboringssl_14.0.0+r45.bb | 70 +++++++++++++++++++ > 4 files changed, 155 insertions(+) > create mode 100644 meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > create mode 100644 meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > create mode 100644 meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > create mode 100644 meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb > > diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > new file mode 100644 > index 0000000000..74ad93aa8d > --- /dev/null > +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > @@ -0,0 +1,62 @@ > +From 03a13ef3ea786286d9317562647e9856c1b71736 Mon Sep 17 00:00:00 2001 > +From: Etienne Cordonnier <ecordonnier@snap.com> > +Date: Thu, 11 Jun 2026 00:00:00 +0000 > +Subject: [PATCH] cmake: add SOVERSION 0 to crypto and ssl shared libraries > + > +BoringSSL's CMakeLists.txt does not set SOVERSION, so the built shared > +libraries have no SONAME embedded and cmake names them libcrypto.so / > +libssl.so without any version suffix. This causes two problems in a > +Yocto build: > + > +1. The Yocto QA check "dev-so" rejects unversioned .so symlinks in > + non-dev packages, but those symlinks are required at runtime because > + the DT_NEEDED entry in binaries that link against BoringSSL refers to > + the bare libcrypto.so name. > + > +2. Standard Yocto FILES patterns split libraries by suffix: .so.* goes > + into the runtime package and .so symlinks go into -dev. Without a > + SOVERSION these patterns do not apply correctly. > + > +Setting SOVERSION to 0 causes cmake to: > + - build libcrypto.so.0 as the real ELF with SONAME=libcrypto.so.0 > + - create libcrypto.so as a development symlink > + > +Binaries linked with -l:libcrypto.so.0 (as android-tools does) will > +record DT_NEEDED=libcrypto.so.0 and resolve correctly at runtime. > + > +Upstream-Status: Inappropriate [OE-specific packaging requirement] > +Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> > +--- > + crypto/CMakeLists.txt | 2 ++ > + ssl/CMakeLists.txt | 2 ++ > + 2 files changed, 4 insertions(+) > + > +diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt > +index cdb5ddc..fca86cc 100644 > +--- a/crypto/CMakeLists.txt > ++++ b/crypto/CMakeLists.txt > +@@ -327,6 +327,8 @@ endif() > + > + set_target_properties(crypto PROPERTIES LINKER_LANGUAGE C) > + > ++set_target_properties(crypto PROPERTIES SOVERSION 0) > ++ > + if(WIN32) > + target_link_libraries(crypto ws2_32) > + endif() > +diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt > +index d8d997e..e49b350 100644 > +--- a/ssl/CMakeLists.txt > ++++ b/ssl/CMakeLists.txt > +@@ -46,6 +46,8 @@ install_if_enabled(TARGETS ssl EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAU > + set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) > + target_link_libraries(ssl crypto) > + > ++set_target_properties(ssl PROPERTIES SOVERSION 0) > ++ > + add_executable( > + ssl_test > + > +-- > +2.43.0 > + > diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > new file mode 100644 > index 0000000000..de63f38c9c > --- /dev/null > +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > @@ -0,0 +1,22 @@ > +#!/bin/sh > +if [ "$1" = "run" ] && [ "$2" = "util/embed_test_data.go" ]; then > + echo 'extern const int boringssl_dummy_crypto_test_data = 0;' > + exit 0 > +fi > +if [ "$1" = "run" ] && [ "$2" = "err_data_generate.go" ]; then > + cat <<'EOF' > +#include <stddef.h> > +#include <stdint.h> > + > +const uint32_t kOpenSSLReasonValues[] = {0}; > +const size_t kOpenSSLReasonValuesLen = 0; > +const char kOpenSSLReasonStringData[] = ""; > +EOF > + exit 0 > +fi > +if [ "$1" = "version" ]; then > + echo 'go version go0.0.0 yocto/stub' > + exit 0 > +fi > +echo "Unexpected Go invocation: $*" >&2 > +exit 1 > diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > new file mode 100644 > index 0000000000..7477536281 > --- /dev/null > +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > @@ -0,0 +1 @@ > +int boringssl_dummy_gtest_translation_unit = 0; > diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb > new file mode 100644 > index 0000000000..fccf6e0dff > --- /dev/null > +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb > @@ -0,0 +1,70 @@ > +DESCRIPTION = "BoringSSL shared libraries for android-tools" > +SECTION = "libs" > +# This recipe is tightly coupled to android-tools: when upgrading android-tools, > +# update this recipe to the BoringSSL version shipped in the corresponding Debian > +# android-platform-tools source package. > +# BoringSSL is a fork of OpenSSL; new files carry ISC license, OpenSSL license > +# covers the forked parts. > +LICENSE = "OpenSSL & ISC" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=2ca501bc96ce9ed0814e2c592c3f9593" > + > +SRC_URI = " \ > + https://deb.debian.org/debian/pool/main/a/android-platform-external-boringssl/android-platform-external-boringssl_${PV}.orig.tar.xz \ > + file://boringssl-go-stub \ > + file://boringssl-gtest-stub.cc \ > + file://0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch \ > +" > +SRC_URI[md5sum] = "83d24d2f3136ba6a486b5464369b91b4" > +SRC_URI[sha256sum] = "f9223e8c15ad5d9e3f1cd50861f4c272658864661e2332bea5d60952aa0930cd" > + > +# The Debian orig tarball unpacks to android-platform-external-boringssl-${PV}/ > +# with the actual source under a src/ subdirectory. > +S = "${UNPACKDIR}/android-platform-external-boringssl-${PV}/src" > + > +inherit cmake > + > +CFLAGS:append = " -Wno-discarded-qualifiers" > + > +OECMAKE_TARGET_COMPILE = "crypto ssl" > + > +EXTRA_OECMAKE = " \ > + -DBUILD_SHARED_LIBS=ON \ > + -DBUILD_TESTING=OFF \ > + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ > + -DGO_EXECUTABLE=${WORKDIR}/hosttools/go \ > +" > + > +do_configure:prepend() { > + install -d ${WORKDIR}/hosttools > + install -m 0755 ${UNPACKDIR}/boringssl-go-stub ${WORKDIR}/hosttools/go > + > + # BoringSSL builds its own minimal gtest from third_party/googletest; provide > + # an empty stub .cc. We only build the crypto and ssl targets so the test > + # source files are never compiled, but cmake still needs gtest-all.cc to > + # exist to create the boringssl_gtest target. > + if [ ! -f ${S}/third_party/googletest/src/gtest-all.cc ]; then > + install -d ${S}/third_party/googletest/src > + install -m 0644 ${UNPACKDIR}/boringssl-gtest-stub.cc \ > + ${S}/third_party/googletest/src/gtest-all.cc > + fi > +} > +do_install() { > + # Install headers under a boringssl/ subdirectory to avoid shadowing the > + # system OpenSSL headers in the sysroot. > + install -d ${D}${includedir}/boringssl > + cp -a ${S}/include/openssl ${D}${includedir}/boringssl/ > + > + # Install shared libraries under ${libdir}/android/ to avoid conflicting > + # with the system libssl/libcrypto in the sysroot. > + install -d ${D}${libdir}/android > + install -m 0755 ${B}/crypto/libcrypto.so.0 ${D}${libdir}/android/libcrypto.so.0 > + ln -sf libcrypto.so.0 ${D}${libdir}/android/libcrypto.so > + install -m 0755 ${B}/ssl/libssl.so.0 ${D}${libdir}/android/libssl.so.0 > + ln -sf libssl.so.0 ${D}${libdir}/android/libssl.so > + > +} > + > +FILES:${PN}-dev = "${includedir}/boringssl ${libdir}/android/libcrypto.so ${libdir}/android/libssl.so" > +FILES:${PN} = "${libdir}/android/libcrypto.so.0 ${libdir}/android/libssl.so.0" > + > +BBCLASSEXTEND = "native" > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#127541): https://lists.openembedded.org/g/openembedded-devel/message/127541 > Mute This Topic: https://lists.openembedded.org/mt/119775569/3618097 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [alex.kiernan@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Thanks for the fix Alex. My local build and testing is with openembedded-core commit https://git.openembedded.org/openembedded-core/commit/?id=b5c24e1491dcb9ab0f782df6be6582fbd2151724 On Sat, Jun 13, 2026 at 9:33 AM Alex Kiernan <alex.kiernan@gmail.com> wrote: > On Fri, Jun 12, 2026 at 4:33 PM Etienne Cordonnier via > lists.openembedded.org <ecordonnier=snap.com@lists.openembedded.org> > wrote: > > > > From: Etienne Cordonnier <ecordonnier@snap.com> > > > > Add a recipe shipping the BoringSSL shared libraries required by > > android-tools-adbd. BoringSSL is the TLS/crypto library used by adbd > > for ADB authentication. > > > > The libraries are installed under ${libdir}/android/ to avoid conflicting > > with the system libcrypto/libssl in the sysroot. A SOVERSION=0 patch is > > applied so Yocto's standard .so / .so.0 packaging split works correctly. > > An ld.so.conf.d drop-in registers ${libdir}/android so binaries can find > > the libraries at runtime. > > > > This recipe is tightly coupled to android-tools: update it together when > > upgrading android-tools to a new version. > > > > AI-Generated: Uses GitHub Copilot (Claude Sonnet 4.6) > > > > Signed-off-by: Mihajlo Marinkovic <mmarinkovic@snap.com> > > Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com> > > --- > > Just sent this: > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__patchwork.yoctoproject.org_project_oe_patch_20260613073026.529355-2D2-2Dalex.kiernan-40gmail.com_&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=SQmJGIsA5X3gdlStxI-8A4kfaK5CEr-sSH5aEWaLMDQ&e= > > Which I needed to get it to build against current master OE-Core (at > least I think that's what was the important dimension). > > > ...ION-0-to-crypto-and-ssl-shared-libra.patch | 62 ++++++++++++++++ > > .../android-libboringssl/boringssl-go-stub | 22 ++++++ > > .../boringssl-gtest-stub.cc | 1 + > > .../android-libboringssl_14.0.0+r45.bb | 70 +++++++++++++++++++ > > 4 files changed, 155 insertions(+) > > create mode 100644 > meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > > create mode 100644 > meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > > create mode 100644 > meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > > create mode 100644 > meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+ > r45.bb > > > > diff --git > a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > > new file mode 100644 > > index 0000000000..74ad93aa8d > > --- /dev/null > > +++ > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch > > @@ -0,0 +1,62 @@ > > +From 03a13ef3ea786286d9317562647e9856c1b71736 Mon Sep 17 00:00:00 2001 > > +From: Etienne Cordonnier <ecordonnier@snap.com> > > +Date: Thu, 11 Jun 2026 00:00:00 +0000 > > +Subject: [PATCH] cmake: add SOVERSION 0 to crypto and ssl shared > libraries > > + > > +BoringSSL's CMakeLists.txt does not set SOVERSION, so the built shared > > +libraries have no SONAME embedded and cmake names them libcrypto.so / > > +libssl.so without any version suffix. This causes two problems in a > > +Yocto build: > > + > > +1. The Yocto QA check "dev-so" rejects unversioned .so symlinks in > > + non-dev packages, but those symlinks are required at runtime because > > + the DT_NEEDED entry in binaries that link against BoringSSL refers to > > + the bare libcrypto.so name. > > + > > +2. Standard Yocto FILES patterns split libraries by suffix: .so.* goes > > + into the runtime package and .so symlinks go into -dev. Without a > > + SOVERSION these patterns do not apply correctly. > > + > > +Setting SOVERSION to 0 causes cmake to: > > + - build libcrypto.so.0 as the real ELF with SONAME=libcrypto.so.0 > > + - create libcrypto.so as a development symlink > > + > > +Binaries linked with -l:libcrypto.so.0 (as android-tools does) will > > +record DT_NEEDED=libcrypto.so.0 and resolve correctly at runtime. > > + > > +Upstream-Status: Inappropriate [OE-specific packaging requirement] > > +Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> > > +--- > > + crypto/CMakeLists.txt | 2 ++ > > + ssl/CMakeLists.txt | 2 ++ > > + 2 files changed, 4 insertions(+) > > + > > +diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt > > +index cdb5ddc..fca86cc 100644 > > +--- a/crypto/CMakeLists.txt > > ++++ b/crypto/CMakeLists.txt > > +@@ -327,6 +327,8 @@ endif() > > + > > + set_target_properties(crypto PROPERTIES LINKER_LANGUAGE C) > > + > > ++set_target_properties(crypto PROPERTIES SOVERSION 0) > > ++ > > + if(WIN32) > > + target_link_libraries(crypto ws2_32) > > + endif() > > +diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt > > +index d8d997e..e49b350 100644 > > +--- a/ssl/CMakeLists.txt > > ++++ b/ssl/CMakeLists.txt > > +@@ -46,6 +46,8 @@ install_if_enabled(TARGETS ssl EXPORT OpenSSLTargets > ${INSTALL_DESTINATION_DEFAU > > + set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) > > + target_link_libraries(ssl crypto) > > + > > ++set_target_properties(ssl PROPERTIES SOVERSION 0) > > ++ > > + add_executable( > > + ssl_test > > + > > +-- > > +2.43.0 > > + > > diff --git > a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > > new file mode 100644 > > index 0000000000..de63f38c9c > > --- /dev/null > > +++ > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub > > @@ -0,0 +1,22 @@ > > +#!/bin/sh > > +if [ "$1" = "run" ] && [ "$2" = "util/embed_test_data.go" ]; then > > + echo 'extern const int boringssl_dummy_crypto_test_data = 0;' > > + exit 0 > > +fi > > +if [ "$1" = "run" ] && [ "$2" = "err_data_generate.go" ]; then > > + cat <<'EOF' > > +#include <stddef.h> > > +#include <stdint.h> > > + > > +const uint32_t kOpenSSLReasonValues[] = {0}; > > +const size_t kOpenSSLReasonValuesLen = 0; > > +const char kOpenSSLReasonStringData[] = ""; > > +EOF > > + exit 0 > > +fi > > +if [ "$1" = "version" ]; then > > + echo 'go version go0.0.0 yocto/stub' > > + exit 0 > > +fi > > +echo "Unexpected Go invocation: $*" >&2 > > +exit 1 > > diff --git > a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > > new file mode 100644 > > index 0000000000..7477536281 > > --- /dev/null > > +++ > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc > > @@ -0,0 +1 @@ > > +int boringssl_dummy_gtest_translation_unit = 0; > > diff --git > a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+ > r45.bb > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+ > r45.bb > > new file mode 100644 > > index 0000000000..fccf6e0dff > > --- /dev/null > > +++ > b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+ > r45.bb > > @@ -0,0 +1,70 @@ > > +DESCRIPTION = "BoringSSL shared libraries for android-tools" > > +SECTION = "libs" > > +# This recipe is tightly coupled to android-tools: when upgrading > android-tools, > > +# update this recipe to the BoringSSL version shipped in the > corresponding Debian > > +# android-platform-tools source package. > > +# BoringSSL is a fork of OpenSSL; new files carry ISC license, OpenSSL > license > > +# covers the forked parts. > > +LICENSE = "OpenSSL & ISC" > > +LIC_FILES_CHKSUM = "file://LICENSE;md5=2ca501bc96ce9ed0814e2c592c3f9593" > > + > > +SRC_URI = " \ > > + > https://urldefense.proofpoint.com/v2/url?u=https-3A__deb.debian.org_debian_pool_main_a_android-2Dplatform-2Dexternal-2Dboringssl_android-2Dplatform-2Dexternal-2Dboringssl-5F-24-257BPV-257D.orig.tar.xz&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=h9UIfZ9dc3gsp4QbhsGF_Rgdtn0WP9593DrpZPubTfQ&e= > \ > > + file://boringssl-go-stub \ > > + file://boringssl-gtest-stub.cc \ > > + > file://0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch \ > > +" > > +SRC_URI[md5sum] = "83d24d2f3136ba6a486b5464369b91b4" > > +SRC_URI[sha256sum] = > "f9223e8c15ad5d9e3f1cd50861f4c272658864661e2332bea5d60952aa0930cd" > > + > > +# The Debian orig tarball unpacks to > android-platform-external-boringssl-${PV}/ > > +# with the actual source under a src/ subdirectory. > > +S = "${UNPACKDIR}/android-platform-external-boringssl-${PV}/src" > > + > > +inherit cmake > > + > > +CFLAGS:append = " -Wno-discarded-qualifiers" > > + > > +OECMAKE_TARGET_COMPILE = "crypto ssl" > > + > > +EXTRA_OECMAKE = " \ > > + -DBUILD_SHARED_LIBS=ON \ > > + -DBUILD_TESTING=OFF \ > > + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ > > + -DGO_EXECUTABLE=${WORKDIR}/hosttools/go \ > > +" > > + > > +do_configure:prepend() { > > + install -d ${WORKDIR}/hosttools > > + install -m 0755 ${UNPACKDIR}/boringssl-go-stub > ${WORKDIR}/hosttools/go > > + > > + # BoringSSL builds its own minimal gtest from > third_party/googletest; provide > > + # an empty stub .cc. We only build the crypto and ssl targets so > the test > > + # source files are never compiled, but cmake still needs > gtest-all.cc to > > + # exist to create the boringssl_gtest target. > > + if [ ! -f ${S}/third_party/googletest/src/gtest-all.cc ]; then > > + install -d ${S}/third_party/googletest/src > > + install -m 0644 ${UNPACKDIR}/boringssl-gtest-stub.cc \ > > + ${S}/third_party/googletest/src/gtest-all.cc > > + fi > > +} > > +do_install() { > > + # Install headers under a boringssl/ subdirectory to avoid > shadowing the > > + # system OpenSSL headers in the sysroot. > > + install -d ${D}${includedir}/boringssl > > + cp -a ${S}/include/openssl ${D}${includedir}/boringssl/ > > + > > + # Install shared libraries under ${libdir}/android/ to avoid > conflicting > > + # with the system libssl/libcrypto in the sysroot. > > + install -d ${D}${libdir}/android > > + install -m 0755 ${B}/crypto/libcrypto.so.0 > ${D}${libdir}/android/libcrypto.so.0 > > + ln -sf libcrypto.so.0 ${D}${libdir}/android/libcrypto.so > > + install -m 0755 ${B}/ssl/libssl.so.0 > ${D}${libdir}/android/libssl.so.0 > > + ln -sf libssl.so.0 ${D}${libdir}/android/libssl.so > > + > > +} > > + > > +FILES:${PN}-dev = "${includedir}/boringssl > ${libdir}/android/libcrypto.so ${libdir}/android/libssl.so" > > +FILES:${PN} = "${libdir}/android/libcrypto.so.0 > ${libdir}/android/libssl.so.0" > > + > > +BBCLASSEXTEND = "native" > > -- > > 2.43.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#127541): > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_g_openembedded-2Ddevel_message_127541&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=tKojqt9NG1_BHdn7ClkkG0OWnG_Qg7BGhNruKcCd3Lk&e= > > Mute This Topic: > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_mt_119775569_3618097&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=oT1P95vYBxermV8mYJOjBrTU6Lmss-YqQQR_Uh3xgw0&e= > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_g_openembedded-2Ddevel_unsub&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=a9elE7-4qo7nTUY6Y8krrO9ZN7FOf_j5MDNA-CLKa-w&e= > [alex.kiernan@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > -- > Alex Kiernan >
Hi,
I've noticed a small error in the commit message:
" An ld.so.conf.d drop-in registers ${libdir}/android so binaries can
find
the libraries at runtime."
This is no longer true. This was true in an earlier version of the commit,
but it now works using RUNPATH. Thus this sentence could be removed.
Étienne
On Mon, Jun 15, 2026 at 10:04 AM Etienne Cordonnier via
lists.openembedded.org <ecordonnier=snap.com@lists.openembedded.org> wrote:
> Thanks for the fix Alex. My local build and testing is with
> openembedded-core commit
> https://git.openembedded.org/openembedded-core/commit/?id=b5c24e1491dcb9ab0f782df6be6582fbd2151724
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__git.openembedded.org_openembedded-2Dcore_commit_-3Fid-3Db5c24e1491dcb9ab0f782df6be6582fbd2151724&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=CWeprpi7dtgNeP1I8HHF-ui7HJrmG-6bcrqLeuYcRhw&e=>
>
>
> On Sat, Jun 13, 2026 at 9:33 AM Alex Kiernan <alex.kiernan@gmail.com>
> wrote:
>
>> On Fri, Jun 12, 2026 at 4:33 PM Etienne Cordonnier via
>> lists.openembedded.org
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openembedded.org&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=PNr5HkvRX6VlmZPDFgBLr4yrLqs_0bfmi-6jkK2p0NY&e=>
>> <ecordonnier=snap.com@lists.openembedded.org>
>> wrote:
>> >
>> > From: Etienne Cordonnier <ecordonnier@snap.com>
>> >
>> > Add a recipe shipping the BoringSSL shared libraries required by
>> > android-tools-adbd. BoringSSL is the TLS/crypto library used by adbd
>> > for ADB authentication.
>> >
>> > The libraries are installed under ${libdir}/android/ to avoid
>> conflicting
>> > with the system libcrypto/libssl in the sysroot. A SOVERSION=0 patch is
>> > applied so Yocto's standard .so / .so.0 packaging split works correctly.
>> > An ld.so.conf.d drop-in registers ${libdir}/android so binaries can find
>> > the libraries at runtime.
>> >
>> > This recipe is tightly coupled to android-tools: update it together when
>> > upgrading android-tools to a new version.
>> >
>> > AI-Generated: Uses GitHub Copilot (Claude Sonnet 4.6)
>> >
>> > Signed-off-by: Mihajlo Marinkovic <mmarinkovic@snap.com>
>> > Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com>
>> > ---
>>
>> Just sent this:
>>
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__patchwork.yoctoproject.org_project_oe_patch_20260613073026.529355-2D2-2Dalex.kiernan-40gmail.com_&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=SQmJGIsA5X3gdlStxI-8A4kfaK5CEr-sSH5aEWaLMDQ&e=
>>
>> Which I needed to get it to build against current master OE-Core (at
>> least I think that's what was the important dimension).
>>
>> > ...ION-0-to-crypto-and-ssl-shared-libra.patch | 62 ++++++++++++++++
>> > .../android-libboringssl/boringssl-go-stub | 22 ++++++
>> > .../boringssl-gtest-stub.cc | 1 +
>> > .../android-libboringssl_14.0.0+r45.bb
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__r45.bb&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=clgsP3vNtvsca98l4igtjmm_-BhUhn4lDk3FL3rl37c&e=>
>> | 70 +++++++++++++++++++
>> > 4 files changed, 155 insertions(+)
>> > create mode 100644
>> meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch
>> > create mode 100644
>> meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub
>> > create mode 100644
>> meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc
>> > create mode 100644
>> meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+
>> r45.bb
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__r45.bb&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=clgsP3vNtvsca98l4igtjmm_-BhUhn4lDk3FL3rl37c&e=>
>> >
>> > diff --git
>> a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch
>> > new file mode 100644
>> > index 0000000000..74ad93aa8d
>> > --- /dev/null
>> > +++
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch
>> > @@ -0,0 +1,62 @@
>> > +From 03a13ef3ea786286d9317562647e9856c1b71736 Mon Sep 17 00:00:00 2001
>> > +From: Etienne Cordonnier <ecordonnier@snap.com>
>> > +Date: Thu, 11 Jun 2026 00:00:00 +0000
>> > +Subject: [PATCH] cmake: add SOVERSION 0 to crypto and ssl shared
>> libraries
>> > +
>> > +BoringSSL's CMakeLists.txt does not set SOVERSION, so the built shared
>> > +libraries have no SONAME embedded and cmake names them libcrypto.so /
>> > +libssl.so without any version suffix. This causes two problems in a
>> > +Yocto build:
>> > +
>> > +1. The Yocto QA check "dev-so" rejects unversioned .so symlinks in
>> > + non-dev packages, but those symlinks are required at runtime because
>> > + the DT_NEEDED entry in binaries that link against BoringSSL refers
>> to
>> > + the bare libcrypto.so name.
>> > +
>> > +2. Standard Yocto FILES patterns split libraries by suffix: .so.* goes
>> > + into the runtime package and .so symlinks go into -dev. Without a
>> > + SOVERSION these patterns do not apply correctly.
>> > +
>> > +Setting SOVERSION to 0 causes cmake to:
>> > + - build libcrypto.so.0 as the real ELF with SONAME=libcrypto.so.0
>> > + - create libcrypto.so as a development symlink
>> > +
>> > +Binaries linked with -l:libcrypto.so.0 (as android-tools does) will
>> > +record DT_NEEDED=libcrypto.so.0 and resolve correctly at runtime.
>> > +
>> > +Upstream-Status: Inappropriate [OE-specific packaging requirement]
>> > +Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
>> > +---
>> > + crypto/CMakeLists.txt | 2 ++
>> > + ssl/CMakeLists.txt | 2 ++
>> > + 2 files changed, 4 insertions(+)
>> > +
>> > +diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
>> > +index cdb5ddc..fca86cc 100644
>> > +--- a/crypto/CMakeLists.txt
>> > ++++ b/crypto/CMakeLists.txt
>> > +@@ -327,6 +327,8 @@ endif()
>> > +
>> > + set_target_properties(crypto PROPERTIES LINKER_LANGUAGE C)
>> > +
>> > ++set_target_properties(crypto PROPERTIES SOVERSION 0)
>> > ++
>> > + if(WIN32)
>> > + target_link_libraries(crypto ws2_32)
>> > + endif()
>> > +diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
>> > +index d8d997e..e49b350 100644
>> > +--- a/ssl/CMakeLists.txt
>> > ++++ b/ssl/CMakeLists.txt
>> > +@@ -46,6 +46,8 @@ install_if_enabled(TARGETS ssl EXPORT OpenSSLTargets
>> ${INSTALL_DESTINATION_DEFAU
>> > + set_property(TARGET ssl PROPERTY EXPORT_NAME SSL)
>> > + target_link_libraries(ssl crypto)
>> > +
>> > ++set_target_properties(ssl PROPERTIES SOVERSION 0)
>> > ++
>> > + add_executable(
>> > + ssl_test
>> > +
>> > +--
>> > +2.43.0
>> > +
>> > diff --git
>> a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub
>> > new file mode 100644
>> > index 0000000000..de63f38c9c
>> > --- /dev/null
>> > +++
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub
>> > @@ -0,0 +1,22 @@
>> > +#!/bin/sh
>> > +if [ "$1" = "run" ] && [ "$2" = "util/embed_test_data.go" ]; then
>> > + echo 'extern const int boringssl_dummy_crypto_test_data = 0;'
>> > + exit 0
>> > +fi
>> > +if [ "$1" = "run" ] && [ "$2" = "err_data_generate.go" ]; then
>> > + cat <<'EOF'
>> > +#include <stddef.h>
>> > +#include <stdint.h>
>> > +
>> > +const uint32_t kOpenSSLReasonValues[] = {0};
>> > +const size_t kOpenSSLReasonValuesLen = 0;
>> > +const char kOpenSSLReasonStringData[] = "";
>> > +EOF
>> > + exit 0
>> > +fi
>> > +if [ "$1" = "version" ]; then
>> > + echo 'go version go0.0.0 yocto/stub'
>> > + exit 0
>> > +fi
>> > +echo "Unexpected Go invocation: $*" >&2
>> > +exit 1
>> > diff --git
>> a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc
>> > new file mode 100644
>> > index 0000000000..7477536281
>> > --- /dev/null
>> > +++
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc
>> > @@ -0,0 +1 @@
>> > +int boringssl_dummy_gtest_translation_unit = 0;
>> > diff --git
>> a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+
>> r45.bb
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__r45.bb&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=clgsP3vNtvsca98l4igtjmm_-BhUhn4lDk3FL3rl37c&e=>
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+
>> r45.bb
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__r45.bb&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=clgsP3vNtvsca98l4igtjmm_-BhUhn4lDk3FL3rl37c&e=>
>> > new file mode 100644
>> > index 0000000000..fccf6e0dff
>> > --- /dev/null
>> > +++
>> b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+
>> r45.bb
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__r45.bb&d=DwMFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=clgsP3vNtvsca98l4igtjmm_-BhUhn4lDk3FL3rl37c&e=>
>> > @@ -0,0 +1,70 @@
>> > +DESCRIPTION = "BoringSSL shared libraries for android-tools"
>> > +SECTION = "libs"
>> > +# This recipe is tightly coupled to android-tools: when upgrading
>> android-tools,
>> > +# update this recipe to the BoringSSL version shipped in the
>> corresponding Debian
>> > +# android-platform-tools source package.
>> > +# BoringSSL is a fork of OpenSSL; new files carry ISC license, OpenSSL
>> license
>> > +# covers the forked parts.
>> > +LICENSE = "OpenSSL & ISC"
>> > +LIC_FILES_CHKSUM =
>> "file://LICENSE;md5=2ca501bc96ce9ed0814e2c592c3f9593"
>> > +
>> > +SRC_URI = " \
>> > +
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__deb.debian.org_debian_pool_main_a_android-2Dplatform-2Dexternal-2Dboringssl_android-2Dplatform-2Dexternal-2Dboringssl-5F-24-257BPV-257D.orig.tar.xz&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=0I9kcs3yTZeLi7TbI-G0bkjbrmVNpkpDZTF0qEOxbR6rOj9We36bB3auvx3yHUu8&s=h9UIfZ9dc3gsp4QbhsGF_Rgdtn0WP9593DrpZPubTfQ&e=
>> \
>> > + file://boringssl-go-stub \
>> > + file://boringssl-gtest-stub.cc \
>> > +
>> file://0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch \
>> > +"
>> > +SRC_URI[md5sum] = "83d24d2f3136ba6a486b5464369b91b4"
>> > +SRC_URI[sha256sum] =
>> "f9223e8c15ad5d9e3f1cd50861f4c272658864661e2332bea5d60952aa0930cd"
>> > +
>> > +# The Debian orig tarball unpacks to
>> android-platform-external-boringssl-${PV}/
>> > +# with the actual source under a src/ subdirectory.
>> > +S = "${UNPACKDIR}/android-platform-external-boringssl-${PV}/src"
>> > +
>> > +inherit cmake
>> > +
>> > +CFLAGS:append = " -Wno-discarded-qualifiers"
>> > +
>> > +OECMAKE_TARGET_COMPILE = "crypto ssl"
>> > +
>> > +EXTRA_OECMAKE = " \
>> > + -DBUILD_SHARED_LIBS=ON \
>> > + -DBUILD_TESTING=OFF \
>> > + -DCMAKE_BUILD_TYPE=RelWithDebInfo \
>> > + -DGO_EXECUTABLE=${WORKDIR}/hosttools/go \
>> > +"
>> > +
>> > +do_configure:prepend() {
>> > + install -d ${WORKDIR}/hosttools
>> > + install -m 0755 ${UNPACKDIR}/boringssl-go-stub
>> ${WORKDIR}/hosttools/go
>> > +
>> > + # BoringSSL builds its own minimal gtest from
>> third_party/googletest; provide
>> > + # an empty stub .cc. We only build the crypto and ssl targets so
>> the test
>> > + # source files are never compiled, but cmake still needs
>> gtest-all.cc to
>> > + # exist to create the boringssl_gtest target.
>> > + if [ ! -f ${S}/third_party/googletest/src/gtest-all.cc ]; then
>> > + install -d ${S}/third_party/googletest/src
>> > + install -m 0644 ${UNPACKDIR}/boringssl-gtest-stub.cc \
>> > + ${S}/third_party/googletest/src/gtest-all.cc
>> > + fi
>> > +}
>> > +do_install() {
>> > + # Install headers under a boringssl/ subdirectory to avoid
>> shadowing the
>> > + # system OpenSSL headers in the sysroot.
>> > + install -d ${D}${includedir}/boringssl
>> > + cp -a ${S}/include/openssl ${D}${includedir}/boringssl/
>> > +
>> > + # Install shared libraries under ${libdir}/android/ to avoid
>> conflicting
>> > + # with the system libssl/libcrypto in the sysroot.
>> > + install -d ${D}${libdir}/android
>> > + install -m 0755 ${B}/crypto/libcrypto.so.0
>> ${D}${libdir}/android/libcrypto.so.0
>> > + ln -sf libcrypto.so.0 ${D}${libdir}/android/libcrypto.so
>> > + install -m 0755 ${B}/ssl/libssl.so.0
>> ${D}${libdir}/android/libssl.so.0
>> > + ln -sf libssl.so.0 ${D}${libdir}/android/libssl.so
>> > +
>> > +}
>> > +
>> > +FILES:${PN}-dev = "${includedir}/boringssl
>> ${libdir}/android/libcrypto.so ${libdir}/android/libssl.so"
>> > +FILES:${PN} = "${libdir}/android/libcrypto.so.0
>> ${libdir}/android/libssl.so.0"
>> > +
>> > +BBCLASSEXTEND = "native"
>> > --
>> > 2.43.0
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Alex Kiernan
>>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#127582):
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_g_openembedded-2Ddevel_message_127582&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=Ika6LPC5Ewu7W4dcCp7zUHIFxID7vEvnSINx0aSq_Nc&e=
> Mute This Topic:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_mt_119775569_7048771&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=x3dzROXs9l3ivtVjITtccKhEeGHQMmqW_AeWCJRbW0s&e=
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openembedded.org_g_openembedded-2Ddevel_unsub&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_4vCHvabgGkICC2epckfdiw&r=AhkbNonVuMIGRfPx_Qj9TsRih1DULJTKUkSGa66m67E&m=u2Cwo2K-ydtt9_ShhkiUH91O8cYqbu988cxbRKIBcEphOgnCn3BaS-KW6x9pTx0g&s=Oi6YeDRHLzPc9yzQAk-ymFYP9zlP-Fx9wCxk9kFlnVg&e=
> [ecordonnier@snap.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch new file mode 100644 index 0000000000..74ad93aa8d --- /dev/null +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch @@ -0,0 +1,62 @@ +From 03a13ef3ea786286d9317562647e9856c1b71736 Mon Sep 17 00:00:00 2001 +From: Etienne Cordonnier <ecordonnier@snap.com> +Date: Thu, 11 Jun 2026 00:00:00 +0000 +Subject: [PATCH] cmake: add SOVERSION 0 to crypto and ssl shared libraries + +BoringSSL's CMakeLists.txt does not set SOVERSION, so the built shared +libraries have no SONAME embedded and cmake names them libcrypto.so / +libssl.so without any version suffix. This causes two problems in a +Yocto build: + +1. The Yocto QA check "dev-so" rejects unversioned .so symlinks in + non-dev packages, but those symlinks are required at runtime because + the DT_NEEDED entry in binaries that link against BoringSSL refers to + the bare libcrypto.so name. + +2. Standard Yocto FILES patterns split libraries by suffix: .so.* goes + into the runtime package and .so symlinks go into -dev. Without a + SOVERSION these patterns do not apply correctly. + +Setting SOVERSION to 0 causes cmake to: + - build libcrypto.so.0 as the real ELF with SONAME=libcrypto.so.0 + - create libcrypto.so as a development symlink + +Binaries linked with -l:libcrypto.so.0 (as android-tools does) will +record DT_NEEDED=libcrypto.so.0 and resolve correctly at runtime. + +Upstream-Status: Inappropriate [OE-specific packaging requirement] +Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> +--- + crypto/CMakeLists.txt | 2 ++ + ssl/CMakeLists.txt | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt +index cdb5ddc..fca86cc 100644 +--- a/crypto/CMakeLists.txt ++++ b/crypto/CMakeLists.txt +@@ -327,6 +327,8 @@ endif() + + set_target_properties(crypto PROPERTIES LINKER_LANGUAGE C) + ++set_target_properties(crypto PROPERTIES SOVERSION 0) ++ + if(WIN32) + target_link_libraries(crypto ws2_32) + endif() +diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt +index d8d997e..e49b350 100644 +--- a/ssl/CMakeLists.txt ++++ b/ssl/CMakeLists.txt +@@ -46,6 +46,8 @@ install_if_enabled(TARGETS ssl EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAU + set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) + target_link_libraries(ssl crypto) + ++set_target_properties(ssl PROPERTIES SOVERSION 0) ++ + add_executable( + ssl_test + +-- +2.43.0 + diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub new file mode 100644 index 0000000000..de63f38c9c --- /dev/null +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-go-stub @@ -0,0 +1,22 @@ +#!/bin/sh +if [ "$1" = "run" ] && [ "$2" = "util/embed_test_data.go" ]; then + echo 'extern const int boringssl_dummy_crypto_test_data = 0;' + exit 0 +fi +if [ "$1" = "run" ] && [ "$2" = "err_data_generate.go" ]; then + cat <<'EOF' +#include <stddef.h> +#include <stdint.h> + +const uint32_t kOpenSSLReasonValues[] = {0}; +const size_t kOpenSSLReasonValuesLen = 0; +const char kOpenSSLReasonStringData[] = ""; +EOF + exit 0 +fi +if [ "$1" = "version" ]; then + echo 'go version go0.0.0 yocto/stub' + exit 0 +fi +echo "Unexpected Go invocation: $*" >&2 +exit 1 diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc new file mode 100644 index 0000000000..7477536281 --- /dev/null +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl/boringssl-gtest-stub.cc @@ -0,0 +1 @@ +int boringssl_dummy_gtest_translation_unit = 0; diff --git a/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb new file mode 100644 index 0000000000..fccf6e0dff --- /dev/null +++ b/meta-oe/recipes-devtools/android-libboringssl/android-libboringssl_14.0.0+r45.bb @@ -0,0 +1,70 @@ +DESCRIPTION = "BoringSSL shared libraries for android-tools" +SECTION = "libs" +# This recipe is tightly coupled to android-tools: when upgrading android-tools, +# update this recipe to the BoringSSL version shipped in the corresponding Debian +# android-platform-tools source package. +# BoringSSL is a fork of OpenSSL; new files carry ISC license, OpenSSL license +# covers the forked parts. +LICENSE = "OpenSSL & ISC" +LIC_FILES_CHKSUM = "file://LICENSE;md5=2ca501bc96ce9ed0814e2c592c3f9593" + +SRC_URI = " \ + https://deb.debian.org/debian/pool/main/a/android-platform-external-boringssl/android-platform-external-boringssl_${PV}.orig.tar.xz \ + file://boringssl-go-stub \ + file://boringssl-gtest-stub.cc \ + file://0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch \ +" +SRC_URI[md5sum] = "83d24d2f3136ba6a486b5464369b91b4" +SRC_URI[sha256sum] = "f9223e8c15ad5d9e3f1cd50861f4c272658864661e2332bea5d60952aa0930cd" + +# The Debian orig tarball unpacks to android-platform-external-boringssl-${PV}/ +# with the actual source under a src/ subdirectory. +S = "${UNPACKDIR}/android-platform-external-boringssl-${PV}/src" + +inherit cmake + +CFLAGS:append = " -Wno-discarded-qualifiers" + +OECMAKE_TARGET_COMPILE = "crypto ssl" + +EXTRA_OECMAKE = " \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_TESTING=OFF \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DGO_EXECUTABLE=${WORKDIR}/hosttools/go \ +" + +do_configure:prepend() { + install -d ${WORKDIR}/hosttools + install -m 0755 ${UNPACKDIR}/boringssl-go-stub ${WORKDIR}/hosttools/go + + # BoringSSL builds its own minimal gtest from third_party/googletest; provide + # an empty stub .cc. We only build the crypto and ssl targets so the test + # source files are never compiled, but cmake still needs gtest-all.cc to + # exist to create the boringssl_gtest target. + if [ ! -f ${S}/third_party/googletest/src/gtest-all.cc ]; then + install -d ${S}/third_party/googletest/src + install -m 0644 ${UNPACKDIR}/boringssl-gtest-stub.cc \ + ${S}/third_party/googletest/src/gtest-all.cc + fi +} +do_install() { + # Install headers under a boringssl/ subdirectory to avoid shadowing the + # system OpenSSL headers in the sysroot. + install -d ${D}${includedir}/boringssl + cp -a ${S}/include/openssl ${D}${includedir}/boringssl/ + + # Install shared libraries under ${libdir}/android/ to avoid conflicting + # with the system libssl/libcrypto in the sysroot. + install -d ${D}${libdir}/android + install -m 0755 ${B}/crypto/libcrypto.so.0 ${D}${libdir}/android/libcrypto.so.0 + ln -sf libcrypto.so.0 ${D}${libdir}/android/libcrypto.so + install -m 0755 ${B}/ssl/libssl.so.0 ${D}${libdir}/android/libssl.so.0 + ln -sf libssl.so.0 ${D}${libdir}/android/libssl.so + +} + +FILES:${PN}-dev = "${includedir}/boringssl ${libdir}/android/libcrypto.so ${libdir}/android/libssl.so" +FILES:${PN} = "${libdir}/android/libcrypto.so.0 ${libdir}/android/libssl.so.0" + +BBCLASSEXTEND = "native"