[OE-core] [PATCH] openssl_1.0.2n: improve reproducibility
Andre McCurdy
armccurdy at gmail.com
Fri Jul 20 21:08:55 UTC 2018
On Sat, Mar 10, 2018 at 11:27 AM, Juro Bystricky
<juro.bystricky at intel.com> wrote:
> Improve reproducible build of:
>
> openssl-staticdev
> openssl-dbg
> libcrypto
>
> There are two main causes that prevent reproducible build, both related to
> the generated file "buildinf.h":
>
> 1. "buildinf.h" contains build host CFLAGS, containing various build
> host references. We need to pass sanitized CFLAGS to the script
> generating this file ("mkbuildinf.pl". )
>
> 2. We also need to modify the script "mkbuildinf.pl" itsel in order to
> generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
> the environment.
>
> Signed-off-by: Juro Bystricky <juro.bystricky at intel.com>
> ---
> .../openssl-1.0.2n/reproducible-cflags.patch | 20 ++++++++++++++++++++
> .../openssl-1.0.2n/reproducible-mkbuildinf.patch | 21 +++++++++++++++++++++
> meta/recipes-connectivity/openssl/openssl10.inc | 3 +++
> meta/recipes-connectivity/openssl/openssl_1.0.2n.bb | 5 +++++
> 4 files changed, 49 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
> index 02a0e16..0598195 100644
> --- a/meta/recipes-connectivity/openssl/openssl10.inc
> +++ b/meta/recipes-connectivity/openssl/openssl10.inc
> @@ -162,6 +162,9 @@ do_configure () {
>
> do_compile_prepend_class-target () {
> sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
> + oe_runmake depend
> + cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
> + oe_runmake CC_INFO="${cc_sanitized}"
Here calls to "oe_runmake depend" and "oe_runmake" are made from the
target specific do_compile_prepend(), but the original calls (without
sanitised CC_INFO) are then run again from do_compile(), ie:
do_compile() {
sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
oe_runmake depend
cc_sanitized=`echo ...`
oe_runmake CC_INFO="${cc_sanitized}"
oe_runmake depend
oe_runmake
}
Is the intention really to run "oe_runmake depend" and "oe_runmake" twice?
> }
>
> do_compile () {
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> index 32444c6..f07289d 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> @@ -43,6 +43,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
> file://0001-Fix-build-with-clang-using-external-assembler.patch \
> file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
> "
> +
> +SRC_URI_append_class-target = "\
> + file://reproducible-cflags.patch \
> + file://reproducible-mkbuildinf.patch \
> + "
> SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4"
> SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe"
>
More information about the Openembedded-core
mailing list