[OE-core] [PATCH] openssl: fix hardcoded paths in native for openssl 1.1

Andre McCurdy armccurdy at gmail.com
Tue Aug 21 00:47:28 UTC 2018 

Relying on hardcoded built-in paths causes openssl-native to not be
relocateable from sstate.

Solution for openssl 1.1, based on the existing solution from
openssl 1.0:

  http://git.openembedded.org/openembedded-core/commit/?id=771d3123331fbfab1eb9ce47e3013eabcb2248f5

Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
---
 ...SLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch | 39 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0i.bb | 10 ++++++
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch b/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch
new file mode 100644
index 0000000..67d06fc
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch
@@ -0,0 +1,39 @@
+From 26e98beb8a987cdc69699aaffc5599926fb1b293 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy at gmail.com>
+Date: Fri, 17 Aug 2018 20:33:44 -0700
+Subject: [PATCH] allow OPENSSLDIR and ENGINESDIR CFLAGS to be controlled
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
+---
+ Configurations/unix-Makefile.tmpl | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 034d93e..2310d12 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -156,6 +156,10 @@ LIBDIR={- #
+ ENGINESDIR={- use File::Spec::Functions;
+               catdir($prefix,$libdir,"engines-$sover") -}
+ 
++# Intermediate variables so the values defined via CFLAGS can be controlled.
++OE_DOPENSSLDIR=$(OPENSSLDIR)
++OE_DENGINESDIR=$(ENGINESDIR)
++
+ # Convenience variable for those who want to set the rpath in shared
+ # libraries and applications
+ LIBRPATH=$(INSTALLTOP)/$(LIBDIR)
+@@ -174,7 +178,7 @@ HTMLSUFFIX=html
+ 
+ CROSS_COMPILE= {- $config{cross_compile_prefix} -}
+ CC= $(CROSS_COMPILE){- $target{cc} -}
+-CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
++CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OE_DOPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(OE_DENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
+ CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
+ LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -}
+ PLIB_LDFLAGS= {- $target{plib_lflags} -}
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
index 507f8f8..d2f2624 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0i.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+           file://0001-allow-OPENSSLDIR-and-ENGINESDIR-CFLAGS-to-be-control.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
@@ -30,6 +31,9 @@ inherit lib_package multilib_header ptest relative_symlinks
 #| ./libcrypto.so: undefined reference to `makecontext'
 EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC"
 
+EXTRA_OEMAKE_append_class-native = " OE_DOPENSSLDIR='/not/builtin' OE_DENGINESDIR='/not/builtin'"
+EXTRA_OEMAKE_append_class-nativesdk = " OE_DOPENSSLDIR='/not/builtin' OE_DENGINESDIR='/not/builtin'"
+
 do_configure () {
 	os=${HOST_OS}
 	case $os in
@@ -116,6 +120,12 @@ do_install () {
 }
 
 do_install_append_class-native () {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
+	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+
 	# Install a custom version of c_rehash that can handle sysroots properly.
 	# This version is used for example when installing ca-certificates during
 	# image creation.
-- 
1.9.1

More information about the Openembedded-core mailing list