openssl: append to OE-core

Instead of maintaing 98% copy of OE-core recipe without being up-to-date as good as possible, inject patches into OE-core recipe of openssl when compiling for the right platform. Signed-off-by: Jens Rehsack <sno@netbsd.org>
author: Jens Rehsack <sno@netbsd.org> 2020-05-30 21:32:58 +0200
committer: Otavio Salvador <otavio@ossystems.com.br> 2020-06-02 09:18:49 -0300
commit: b837841b323e61f18b811ad90b6a5a20123cfee5 (patch)
tree: 1bc00a0d8a42b69bbbbf5048e81187405722d0d9 /recipes-connectivity
parent: abd947e51b663c0fd12df081d090ec5f1da13afd (diff)
download: meta-freescale-b837841b323e61f18b811ad90b6a5a20123cfee5.tar.gz
6 files changed, 6 insertions, 356 deletions
diff --git a/recipes-connectivity/openssl/files/environment.d-openssl.sh b/recipes-connectivity/openssl/files/environment.d-openssl.sh
deleted file mode 100644
index b9cc24a7..00000000
--- a/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ /dev/null
@@ -1 +0,0 @@
-export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
deleted file mode 100644
index 949c7883..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
-Date: Tue, 6 Nov 2018 14:50:47 +0100
-Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
- info
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-The openssl build system generates buildinf.h containing the full
-compiler command line used to compile objects. This breaks
-reproducibility, as the compile command is baked into libcrypto, where
-it is used when running `openssl version -f`.
-Add stripped build variables for the compiler and cflags lines, and use
-those when generating buildinfo.h.
-This is based on a similar patch for older openssl versions:
-https://patchwork.openembedded.org/patch/147229/
-Upstream-Status: Inappropriate [OE specific]
-Signed-off-by: Martin Hundebøll <martin@geanix.com>
-Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
- Configurations/unix-Makefile.tmpl | 10 +++++++++-
- crypto/build.info                 |  2 +-
- 2 files changed, 10 insertions(+), 2 deletions(-)
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 16af4d2087..54c162784c 100644
--- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
-                          '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
- BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
- 
-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
-+# *_Q variables are used for one thing only: to build up buildinf.h
- CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
-               $cppflags2 =~ s|([\\"])|\\$1|g;
-               $lib_cppflags =~ s|([\\"])|\\$1|g;
-               join(' ', $lib_cppflags || (), $cppflags2 || (),
-                         $cppflags1 || ()) -}
- 
-+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
-+              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
-+              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
-+            }
-+            join(' ', @{$config{CFLAGS}}) -}
-+
-+CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
-+        join(' ', $config{CC}) -}
-+
- PERLASM_SCHEME= {- $target{perlasm_scheme} -}
- 
- # For x86 assembler: Set PROCESSOR to 386 if you want to support
-diff --git a/crypto/build.info b/crypto/build.info
-index b515b7318e..8c9cee2a09 100644
--- a/crypto/build.info
-+++ b/crypto/build.info
-@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
-         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
- 
- DEPEND[cversion.o]=buildinf.h
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
-+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
- DEPEND[buildinf.h]=../configdata.pm
- 
- GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
-- 
-2.19.1
diff --git a/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch b/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch
deleted file mode 100644
index e632bc45..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 097b9081eced6ffc13c6cbb83abf7110baeca902 Mon Sep 17 00:00:00 2001
-From: Chunrong Guo <chunrong.guo@nxp.com>
-Date: Mon, 14 Oct 2019 14:59:11 +0800
-Subject: [PATCH] skip test_symbol_presence
-Upstream-Status: Inappropriate [OE Specific]
-Signed-off-by: BJ DevOps Team <bjdevops@NXP1.onmicrosoft.com>
---
- test/recipes/01-test_symbol_presence.t | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 7f2a2d7..918a8a19 100644
--- a/test/recipes/01-test_symbol_presence.t
-+++ b/test/recipes/01-test_symbol_presence.t
-@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
- 
- setup("test_symbol_presence");
- 
-plan skip_all => "Only useful when building shared libraries"
-    if disabled("shared");
-+plan skip_all => "The case needs debug symbols then we just disable it";
- 
- my @libnames = ("crypto", "ssl");
- my $testcount = scalar @libnames;
-- 
-2.7.4
diff --git a/recipes-connectivity/openssl/openssl-qoriq/afalg.patch b/recipes-connectivity/openssl/openssl-qoriq/afalg.patch
deleted file mode 100644
index b7c0e969..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq/afalg.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
-Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-diff --git a/Configure b/Configure
-index 3baa8ce..9ef52ed 100755
--- a/Configure
-+++ b/Configure
-@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
- unless ($disabled{afalgeng}) {
-     $config{afalgeng}="";
-     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
-        my $minver = 4*10000 + 1*100 + 0;
-        if ($config{CROSS_COMPILE} eq "") {
-            my $verstr = `uname -r`;
-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
-            ($mi2) = $mi2 =~ /(\d+)/;
-            my $ver = $ma*10000 + $mi1*100 + $mi2;
-            if ($ver < $minver) {
-                disable('too-old-kernel', 'afalgeng');
-            } else {
-                push @{$config{engdirs}}, "afalg";
-            }
-        } else {
-            disable('cross-compiling', 'afalgeng');
-        }
-+        push @{$config{engdirs}}, "afalg";
-     } else {
-         disable('not-linux', 'afalgeng');
-     }
diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb
deleted file mode 100644
index d9af242d..00000000
--- a/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb
+++ /dev/null
@@ -1,219 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-DISABLE_STATIC = ""
-# "openssl" here actually means both OpenSSL and SSLeay licenses apply
-# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
-DEPENDS = "hostperl-runtime-native"
-SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1 \
-           file://run-ptest \
-           file://0001-skip-test_symbol_presence.patch \
-           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
-           file://afalg.patch \
-           file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
-           file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
-          "
-SRCREV = "36eadf1f84daa965041cce410b4ff32cbda4ef08"
-SRC_URI_append_class-nativesdk = " \
-           file://environment.d-openssl.sh \
-           "
-inherit lib_package multilib_header multilib_script ptest
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
-PROVIDES = "openssl"
-python() {
-    pkgs = d.getVar('PACKAGES').split()
-    for p in pkgs:
-        if 'openssl-qoriq' in p:
-            d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
-            d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl'))
-            d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
-}
-PACKAGECONFIG ?= ""
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
-B = "${WORKDIR}/build"
-do_configure[cleandirs] = "${B}"
-S = "${WORKDIR}/git"
-#| ./libcrypto.so: undefined reference to `getcontext'
-#| ./libcrypto.so: undefined reference to `setcontext'
-#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_append_libc-musl = " no-async"
-EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
-# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
-# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
-CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-do_configure () {
-        os=${HOST_OS}
-        case $os in
-        linux-gnueabi |\
-        linux-gnuspe |\
-        linux-musleabi |\
-        linux-muslspe |\
-        linux-musl )
-                os=linux
-                ;;
-        *)
-                ;;
-        esac
-        target="$os-${HOST_ARCH}"
-        case $target in
-        linux-arm*)
-                target=linux-armv4
-                ;;
-        linux-aarch64*)
-                target=linux-aarch64
-                ;;
-        linux-i?86 | linux-viac3)
-                target=linux-x86
-                ;;
-        linux-gnux32-x86_64 | linux-muslx32-x86_64 )
-                target=linux-x32
-                ;;
-        linux-gnu64-x86_64)
-                target=linux-x86_64
-                ;;
-        linux-mips | linux-mipsel)
-                # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
-                target="linux-mips32 ${TARGET_CC_ARCH}"
-                ;;
-        linux-gnun32-mips*)
-                target=linux-mips64
-                ;;
-        linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
-                target=linux64-mips64
-                ;;
-        linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
-                target=linux-generic32
-                ;;
-        linux-powerpc)
-                target=linux-ppc
-                ;;
-        linux-powerpc64)
-                target=linux-ppc64
-                ;;
-        linux-riscv32)
-                target=linux-generic32
-                ;;
-        linux-riscv64)
-                target=linux-generic64
-                ;;
-        linux-sparc | linux-supersparc)
-                target=linux-sparcv9
-                ;;
-        esac
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi
-        # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
-        # environment variables set by bitbake. Adjust the environment variables instead.
-        PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
-        perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
-        perl ${B}/configdata.pm --dump
-}
-do_install () {
-        oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
-        oe_multilib_header openssl/opensslconf.h
-        # Create SSL structure for packages such as ca-certificates which
-        # contain hard-coded paths to /etc/ssl. Debian does the same.
-        install -d ${D}${sysconfdir}/ssl
-        mv ${D}${libdir}/ssl-1.1/certs \
-           ${D}${libdir}/ssl-1.1/private \
-           ${D}${libdir}/ssl-1.1/openssl.cnf \
-           ${D}${sysconfdir}/ssl/
-        # Although absolute symlinks would be OK for the target, they become
-        # invalid if native or nativesdk are relocated from sstate.
-        ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
-        ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
-        ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
-}
-do_install_append_class-native () {
-        create_wrapper ${D}${bindir}/openssl \
-            OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
-            SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
-            SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-            OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-}
-do_install_append_class-nativesdk () {
-        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
-        install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-        sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-}
-PTEST_BUILD_HOST_FILES += "configdata.pm"
-PTEST_BUILD_HOST_PATTERN = "perl_version ="
-do_install_ptest () {
-        # Prune the build tree
-        rm -f ${B}/fuzz/*.* ${B}/test/*.*
-        cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
-        cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
-        # For test_shlibload
-        ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
-        ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
-        install -d ${D}${PTEST_PATH}/apps
-        ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
-        install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
-        install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
-        install -d ${D}${PTEST_PATH}/engines
-        install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
-}
-# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
-# package RRECOMMENDS on this package. This will enable the configuration
-# file to be installed for both the openssl-bin package and the libcrypto
-# package since the openssl-bin package depends on the libcrypto package.
-PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
-FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
-BBCLASSEXTEND = "native nativesdk"
-CVE_PRODUCT = "openssl:openssl"
diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend
new file mode 100644
index 00000000..182925e0
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_%.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_append := "${THISDIR}/${PN}-qoriq:"
+SRC_URI_append_qoriq = " \
+        file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
+        file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
+"
author	Jens Rehsack <sno@netbsd.org>	2020-05-30 21:32:58 +0200
committer	Otavio Salvador <otavio@ossystems.com.br>	2020-06-02 09:18:49 -0300
commit	b837841b323e61f18b811ad90b6a5a20123cfee5 (patch)
tree	1bc00a0d8a42b69bbbbf5048e81187405722d0d9 /recipes-connectivity
parent	abd947e51b663c0fd12df081d090ec5f1da13afd (diff)
download	meta-freescale-b837841b323e61f18b811ad90b6a5a20123cfee5.tar.gz

diff --git a/recipes-connectivity/openssl/files/environment.d-openssl.sh b/recipes-connectivity/openssl/files/environment.d-openssl.sh deleted file mode 100644 index b9cc24a7..00000000 --- a/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ /dev/null
@@ -1 +0,0 @@
1	export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"


diff --git a/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch deleted file mode 100644 index 949c7883..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ /dev/null
@@ -1,76 +0,0 @@
1	From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
3	Date: Tue, 6 Nov 2018 14:50:47 +0100
4	Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
5	info
6	MIME-Version: 1.0
7	Content-Type: text/plain; charset=UTF-8
8	Content-Transfer-Encoding: 8bit
9
10	The openssl build system generates buildinf.h containing the full
11	compiler command line used to compile objects. This breaks
12	reproducibility, as the compile command is baked into libcrypto, where
13	it is used when running `openssl version -f`.
14
15	Add stripped build variables for the compiler and cflags lines, and use
16	those when generating buildinfo.h.
17
18	This is based on a similar patch for older openssl versions:
19	https://patchwork.openembedded.org/patch/147229/
20
21	Upstream-Status: Inappropriate [OE specific]
22	Signed-off-by: Martin Hundebøll <martin@geanix.com>
23
24
25	Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
26
27	Signed-off-by: Kai Kang <kai.kang@windriver.com>
28	---
29	Configurations/unix-Makefile.tmpl \| 10 +++++++++-
30	crypto/build.info \| 2 +-
31	2 files changed, 10 insertions(+), 2 deletions(-)
32
33	diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
34	index 16af4d2087..54c162784c 100644
35	--- a/Configurations/unix-Makefile.tmpl
36	+++ b/Configurations/unix-Makefile.tmpl
37	@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} \|\| (),
38	'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
39	BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
40
41	-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
42	+# *_Q variables are used for one thing only: to build up buildinf.h
43	CPPFLAGS_Q={- $cppflags1 =~ s\|([\\"])\|\\$1\|g;
44	$cppflags2 =~ s\|([\\"])\|\\$1\|g;
45	$lib_cppflags =~ s\|([\\"])\|\\$1\|g;
46	join(' ', $lib_cppflags \|\| (), $cppflags2 \|\| (),
47	$cppflags1 \|\| ()) -}
48
49	+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
50	+ s\|-fdebug-prefix-map=[^ ]+\|-fdebug-prefix-map=\|g;
51	+ s\|-fmacro-prefix-map=[^ ]+\|-fmacro-prefix-map=\|g;
52	+ }
53	+ join(' ', @{$config{CFLAGS}}) -}
54	+
55	+CC_Q={- $config{CC} =~ s\|--sysroot=[^ ]+\|--sysroot=recipe-sysroot\|g;
56	+ join(' ', $config{CC}) -}
57	+
58	PERLASM_SCHEME= {- $target{perlasm_scheme} -}
59
60	# For x86 assembler: Set PROCESSOR to 386 if you want to support
61	diff --git a/crypto/build.info b/crypto/build.info
62	index b515b7318e..8c9cee2a09 100644
63	--- a/crypto/build.info
64	+++ b/crypto/build.info
65	@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
66	ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
67
68	DEPEND[cversion.o]=buildinf.h
69	-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
70	+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
71	DEPEND[buildinf.h]=../configdata.pm
72
73	GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
74	--
75	2.19.1
76


diff --git a/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch b/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch deleted file mode 100644 index e632bc45..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/0001-skip-test_symbol_presence.patch +++ /dev/null
@@ -1,29 +0,0 @@
1	From 097b9081eced6ffc13c6cbb83abf7110baeca902 Mon Sep 17 00:00:00 2001
2	From: Chunrong Guo <chunrong.guo@nxp.com>
3	Date: Mon, 14 Oct 2019 14:59:11 +0800
4	Subject: [PATCH] skip test_symbol_presence
5
6	Upstream-Status: Inappropriate [OE Specific]
7
8	Signed-off-by: BJ DevOps Team <bjdevops@NXP1.onmicrosoft.com>
9	---
10	test/recipes/01-test_symbol_presence.t \| 3 +--
11	1 file changed, 1 insertion(+), 2 deletions(-)
12
13	diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
14	index 7f2a2d7..918a8a19 100644
15	--- a/test/recipes/01-test_symbol_presence.t
16	+++ b/test/recipes/01-test_symbol_presence.t
17	@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
18
19	setup("test_symbol_presence");
20
21	-plan skip_all => "Only useful when building shared libraries"
22	- if disabled("shared");
23	+plan skip_all => "The case needs debug symbols then we just disable it";
24
25	my @libnames = ("crypto", "ssl");
26	my $testcount = scalar @libnames;
27	--
28	2.7.4
29


diff --git a/recipes-connectivity/openssl/openssl-qoriq/afalg.patch b/recipes-connectivity/openssl/openssl-qoriq/afalg.patch deleted file mode 100644 index b7c0e969..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq/afalg.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
2
3	Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
4	Signed-off-by: Ross Burton <ross.burton@intel.com>
5
6	diff --git a/Configure b/Configure
7	index 3baa8ce..9ef52ed 100755
8	--- a/Configure
9	+++ b/Configure
10	@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
11	unless ($disabled{afalgeng}) {
12	$config{afalgeng}="";
13	if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
14	- my $minver = 410000 + 1100 + 0;
15	- if ($config{CROSS_COMPILE} eq "") {
16	- my $verstr = `uname -r`;
17	- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
18	- ($mi2) = $mi2 =~ /(\d+)/;
19	- my $ver = $ma10000 + $mi1100 + $mi2;
20	- if ($ver < $minver) {
21	- disable('too-old-kernel', 'afalgeng');
22	- } else {
23	- push @{$config{engdirs}}, "afalg";
24	- }
25	- } else {
26	- disable('cross-compiling', 'afalgeng');
27	- }
28	+ push @{$config{engdirs}}, "afalg";
29	} else {
30	disable('not-linux', 'afalgeng');
31	}


diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb deleted file mode 100644 index d9af242d..00000000 --- a/recipes-connectivity/openssl/openssl-qoriq_1.1.1f.bb +++ /dev/null
@@ -1,219 +0,0 @@
1	SUMMARY = "Secure Socket Layer"
2	DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3	HOMEPAGE = "http://www.openssl.org/"
4	BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5	SECTION = "libs/network"
6
7	DISABLE_STATIC = ""
8
9	# "openssl" here actually means both OpenSSL and SSLeay licenses apply
10	# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
11	LICENSE = "openssl"
12	LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
13
14	DEPENDS = "hostperl-runtime-native"
15
16	SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1 \
17	file://run-ptest \
18	file://0001-skip-test_symbol_presence.patch \
19	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
20	file://afalg.patch \
21	file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
22	file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
23	"
24
25	SRCREV = "36eadf1f84daa965041cce410b4ff32cbda4ef08"
26
27	SRC_URI_append_class-nativesdk = " \
28	file://environment.d-openssl.sh \
29	"
30	inherit lib_package multilib_header multilib_script ptest
31	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
32
33	PROVIDES = "openssl"
34
35	python() {
36	pkgs = d.getVar('PACKAGES').split()
37	for p in pkgs:
38	if 'openssl-qoriq' in p:
39	d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
40	d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl'))
41	d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
42	}
43
44	PACKAGECONFIG ?= ""
45	PACKAGECONFIG_class-native = ""
46	PACKAGECONFIG_class-nativesdk = ""
47
48	PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
49
50	B = "${WORKDIR}/build"
51	do_configure[cleandirs] = "${B}"
52
53	S = "${WORKDIR}/git"
54
55	#\| ./libcrypto.so: undefined reference to `getcontext'
56	#\| ./libcrypto.so: undefined reference to `setcontext'
57	#\| ./libcrypto.so: undefined reference to `makecontext'
58	EXTRA_OECONF_append_libc-musl = " no-async"
59	EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
60
61	# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
62	# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
63	EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
64	EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
65
66	# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
67	CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
68	CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
69
70	do_configure () {
71	os=${HOST_OS}
72	case $os in
73	linux-gnueabi \|\
74	linux-gnuspe \|\
75	linux-musleabi \|\
76	linux-muslspe \|\
77	linux-musl )
78	os=linux
79	;;
80	*)
81	;;
82	esac
83	target="$os-${HOST_ARCH}"
84	case $target in
85	linux-arm*)
86	target=linux-armv4
87	;;
88	linux-aarch64*)
89	target=linux-aarch64
90	;;
91	linux-i?86 \| linux-viac3)
92	target=linux-x86
93	;;
94	linux-gnux32-x86_64 \| linux-muslx32-x86_64 )
95	target=linux-x32
96	;;
97	linux-gnu64-x86_64)
98	target=linux-x86_64
99	;;
100	linux-mips \| linux-mipsel)
101	# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
102	target="linux-mips32 ${TARGET_CC_ARCH}"
103	;;
104	linux-gnun32-mips*)
105	target=linux-mips64
106	;;
107	linux--mips64 \| linux-mips64 \| linux--mips64el \| linux-mips64el)
108	target=linux64-mips64
109	;;
110	linux-microblaze* \| linux-nios2* \| linux-sh3 \| linux-sh4 \| linux-arc*)
111	target=linux-generic32
112	;;
113	linux-powerpc)
114	target=linux-ppc
115	;;
116	linux-powerpc64)
117	target=linux-ppc64
118	;;
119	linux-riscv32)
120	target=linux-generic32
121	;;
122	linux-riscv64)
123	target=linux-generic64
124	;;
125	linux-sparc \| linux-supersparc)
126	target=linux-sparcv9
127	;;
128	esac
129
130	useprefix=${prefix}
131	if [ "x$useprefix" = "x" ]; then
132	useprefix=/
133	fi
134	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
135	# environment variables set by bitbake. Adjust the environment variables instead.
136	PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
137	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
138	perl ${B}/configdata.pm --dump
139	}
140
141	do_install () {
142	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
143
144	oe_multilib_header openssl/opensslconf.h
145
146	# Create SSL structure for packages such as ca-certificates which
147	# contain hard-coded paths to /etc/ssl. Debian does the same.
148	install -d ${D}${sysconfdir}/ssl
149	mv ${D}${libdir}/ssl-1.1/certs \
150	${D}${libdir}/ssl-1.1/private \
151	${D}${libdir}/ssl-1.1/openssl.cnf \
152	${D}${sysconfdir}/ssl/
153
154	# Although absolute symlinks would be OK for the target, they become
155	# invalid if native or nativesdk are relocated from sstate.
156	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
157	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
158	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
159	}
160
161	do_install_append_class-native () {
162	create_wrapper ${D}${bindir}/openssl \
163	OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
164	SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
165	SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
166	OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
167	}
168
169	do_install_append_class-nativesdk () {
170	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
171	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
172	sed 's\|/usr/lib/ssl/\|/usr/lib/ssl-1.1/\|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
173	}
174
175	PTEST_BUILD_HOST_FILES += "configdata.pm"
176	PTEST_BUILD_HOST_PATTERN = "perl_version ="
177	do_install_ptest () {
178	# Prune the build tree
179	rm -f ${B}/fuzz/. ${B}/test/.
180
181	cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
182	cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
183
184	# For test_shlibload
185	ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
186	ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
187
188	install -d ${D}${PTEST_PATH}/apps
189	ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
190	install -m644 ${S}/apps/.pem ${S}/apps/.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
191	install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
192
193	install -d ${D}${PTEST_PATH}/engines
194	install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
195	}
196
197	# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
198	# package RRECOMMENDS on this package. This will enable the configuration
199	# file to be installed for both the openssl-bin package and the libcrypto
200	# package since the openssl-bin package depends on the libcrypto package.
201
202	PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
203
204	FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
205	FILES_libssl = "${libdir}/libssl${SOLIBS}"
206	FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
207	FILES_${PN}-engines = "${libdir}/engines-1.1"
208	FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
209	FILES_${PN} =+ "${libdir}/ssl-1.1/*"
210	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
211
212	CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
213
214	RRECOMMENDS_libcrypto += "openssl-conf"
215	RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
216
217	BBCLASSEXTEND = "native nativesdk"
218
219	CVE_PRODUCT = "openssl:openssl"


diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend new file mode 100644 index 00000000..182925e0 --- /dev/null +++ b/recipes-connectivity/openssl/openssl_%.bbappend
@@ -0,0 +1,6 @@
		1	FILESEXTRAPATHS_append := "${THISDIR}/${PN}-qoriq:"
		2
		3	SRC_URI_append_qoriq = " \
		4	file://0001-eng_devcrypto-add-support-for-TLS-algorithms-offload.patch \
		5	file://0002-eng_devcrypto-add-support-for-TLS1.2-algorithms-offl.patch \
		6	"