diff options
| author | Juro Bystricky <juro.bystricky@intel.com> | 2018-03-10 11:27:29 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-03-26 15:07:12 +0100 |
| commit | cf2f4bd8cf10a71a6bd290df18b75b91cdd77384 (patch) | |
| tree | 60fc9cb38eb09e06c608e2f3e87cf289383e1ba9 /meta | |
| parent | 9e5d96c2abe4e2210355ab9e9b9efce0a9f91228 (diff) | |
| download | poky-cf2f4bd8cf10a71a6bd290df18b75b91cdd77384.tar.gz | |
openssl_1.0.2n: improve reproducibility
Improve reproducible build of:
openssl-staticdev
openssl-dbg
libcrypto
There are two main causes that prevent reproducible build, both related to
the generated file "buildinf.h":
1. "buildinf.h" contains build host CFLAGS, containing various build
host references. We need to pass sanitized CFLAGS to the script
generating this file ("mkbuildinf.pl". )
2. We also need to modify the script "mkbuildinf.pl" itsel in order to
generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
the environment.
(From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7)
(From OE-Core rev: 5a7cf3296715ac6543a171984fd09168bf73d1af)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
4 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch new file mode 100644 index 0000000000..2803cb0393 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch | |||
| @@ -0,0 +1,20 @@ | |||
| 1 | Allow passing custom c-flags to mkbuildinf.pl in order to pass | ||
| 2 | flags without any build host references | ||
| 3 | |||
| 4 | Upstream-Status: Inappropriate [OE specific] | ||
| 5 | |||
| 6 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
| 7 | |||
| 8 | --- Makefile 2018-03-06 14:50:18.342138147 -0800 | ||
| 9 | +++ Makefile 2018-03-06 15:24:04.794239071 -0800 | ||
| 10 | --- a/crypto/Makefile | ||
| 11 | +++ b/crypto/Makefile | ||
| 12 | @@ -55,7 +55,7 @@ | ||
| 13 | all: shared | ||
| 14 | |||
| 15 | buildinf.h: ../Makefile | ||
| 16 | - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h | ||
| 17 | + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h | ||
| 18 | |||
| 19 | x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl | ||
| 20 | $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ | ||
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch new file mode 100644 index 0000000000..b556731219 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | If SOURCE_DATE_EPOCH is present in the environment, use it as build date. | ||
| 2 | Also make sure to use UTC time. | ||
| 3 | |||
| 4 | Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ] | ||
| 5 | |||
| 6 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
| 7 | |||
| 8 | --- mkbuildinf.pl 2018-03-06 14:20:09.438048058 -0800 | ||
| 9 | +++ mkbuildinf.pl 2018-03-06 14:19:20.722045632 -0800 | ||
| 10 | --- a/util/mkbuildinf.pl | ||
| 11 | +++ b/util/mkbuildinf.pl | ||
| 12 | @@ -3,7 +3,8 @@ | ||
| 13 | my ($cflags, $platform) = @ARGV; | ||
| 14 | |||
| 15 | $cflags = "compiler: $cflags"; | ||
| 16 | -$date = localtime(); | ||
| 17 | +my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC"; | ||
| 18 | + | ||
| 19 | print <<"END_OUTPUT"; | ||
| 20 | #ifndef MK1MF_BUILD | ||
| 21 | /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ | ||
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc index 23f97d76b3..9335b0b8bd 100644 --- a/meta/recipes-connectivity/openssl/openssl10.inc +++ b/meta/recipes-connectivity/openssl/openssl10.inc | |||
| @@ -156,6 +156,9 @@ do_configure () { | |||
| 156 | 156 | ||
| 157 | do_compile_prepend_class-target () { | 157 | do_compile_prepend_class-target () { |
| 158 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile | 158 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile |
| 159 | oe_runmake depend | ||
| 160 | cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'` | ||
| 161 | oe_runmake CC_INFO="${cc_sanitized}" | ||
| 159 | } | 162 | } |
| 160 | 163 | ||
| 161 | do_compile () { | 164 | do_compile () { |
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb index 32444c6092..f07289dbc6 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb | |||
| @@ -43,6 +43,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ | |||
| 43 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ | 43 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ |
| 44 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ | 44 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ |
| 45 | " | 45 | " |
| 46 | |||
| 47 | SRC_URI_append_class-target = "\ | ||
| 48 | file://reproducible-cflags.patch \ | ||
| 49 | file://reproducible-mkbuildinf.patch \ | ||
| 50 | " | ||
| 46 | SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" | 51 | SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" |
| 47 | SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" | 52 | SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" |
| 48 | 53 | ||