[OE-core] [PATCH] openssl_1.0.2n: improve reproducibility
Bystricky, Juro
juro.bystricky at intel.com
Sun Jul 22 16:46:13 UTC 2018
No, not on purpose, the word "prepend" should be taken out.
Although running "make" the second time does no harm (should do nothing, in fact) it needs to be fixed,
I'll send in a fix.
Thanks
Juro
________________________________________
From: Andre McCurdy [armccurdy at gmail.com]
Sent: Friday, July 20, 2018 2:08 PM
To: Bystricky, Juro
Cc: OE Core mailing list; Juro Bystricky
Subject: Re: [OE-core] [PATCH] openssl_1.0.2n: improve reproducibility
On Sat, Mar 10, 2018 at 11:27 AM, Juro Bystricky
<juro.bystricky at intel.com> wrote:
> Improve reproducible build of:
>
> openssl-staticdev
> openssl-dbg
> libcrypto
>
> There are two main causes that prevent reproducible build, both related to
> the generated file "buildinf.h":
>
> 1. "buildinf.h" contains build host CFLAGS, containing various build
> host references. We need to pass sanitized CFLAGS to the script
> generating this file ("mkbuildinf.pl". )
>
> 2. We also need to modify the script "mkbuildinf.pl" itsel in order to
> generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
> the environment.
>
> Signed-off-by: Juro Bystricky <juro.bystricky at intel.com>
> ---
> .../openssl-1.0.2n/reproducible-cflags.patch | 20 ++++++++++++++++++++
> .../openssl-1.0.2n/reproducible-mkbuildinf.patch | 21 +++++++++++++++++++++
> meta/recipes-connectivity/openssl/openssl10.inc | 3 +++
> meta/recipes-connectivity/openssl/openssl_1.0.2n.bb | 5 +++++
> 4 files changed, 49 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
> index 02a0e16..0598195 100644
> --- a/meta/recipes-connectivity/openssl/openssl10.inc
> +++ b/meta/recipes-connectivity/openssl/openssl10.inc
> @@ -162,6 +162,9 @@ do_configure () {
>
> do_compile_prepend_class-target () {
> sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
> + oe_runmake depend
> + cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
> + oe_runmake CC_INFO="${cc_sanitized}"
Here calls to "oe_runmake depend" and "oe_runmake" are made from the
target specific do_compile_prepend(), but the original calls (without
sanitised CC_INFO) are then run again from do_compile(), ie:
do_compile() {
sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
oe_runmake depend
cc_sanitized=`echo ...`
oe_runmake CC_INFO="${cc_sanitized}"
oe_runmake depend
oe_runmake
}
Is the intention really to run "oe_runmake depend" and "oe_runmake" twice?
> }
>
> do_compile () {
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> index 32444c6..f07289d 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
> @@ -43,6 +43,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
> file://0001-Fix-build-with-clang-using-external-assembler.patch \
> file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
> "
> +
> +SRC_URI_append_class-target = "\
> + file://reproducible-cflags.patch \
> + file://reproducible-mkbuildinf.patch \
> + "
> SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4"
> SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe"
>
More information about the Openembedded-core
mailing list