diff options
| author | Juro Bystricky <juro.bystricky@intel.com> | 2018-03-10 11:27:29 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-03-15 06:27:18 -0700 |
| commit | 459f177c9e8f888e93663e1fddb16bb499ee9a0b (patch) | |
| tree | 83c9d365ecb5d7f9352255cfb82d25993ca88b76 /meta | |
| parent | 58b5f8a221a4f56909234a39fbce886c1e723aa5 (diff) | |
| download | poky-459f177c9e8f888e93663e1fddb16bb499ee9a0b.tar.gz | |
openssl_1.0.2n: improve reproducibility
Improve reproducible build of:
openssl-staticdev
openssl-dbg
libcrypto
There are two main causes that prevent reproducible build, both related to
the generated file "buildinf.h":
1. "buildinf.h" contains build host CFLAGS, containing various build
host references. We need to pass sanitized CFLAGS to the script
generating this file ("mkbuildinf.pl". )
2. We also need to modify the script "mkbuildinf.pl" itsel in order to
generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
the environment.
(From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
4 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch new file mode 100644 index 0000000000..2803cb0393 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch | |||
| @@ -0,0 +1,20 @@ | |||
| 1 | Allow passing custom c-flags to mkbuildinf.pl in order to pass | ||
| 2 | flags without any build host references | ||
| 3 | |||
| 4 | Upstream-Status: Inappropriate [OE specific] | ||
| 5 | |||
| 6 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
| 7 | |||
| 8 | --- Makefile 2018-03-06 14:50:18.342138147 -0800 | ||
| 9 | +++ Makefile 2018-03-06 15:24:04.794239071 -0800 | ||
| 10 | --- a/crypto/Makefile | ||
| 11 | +++ b/crypto/Makefile | ||
| 12 | @@ -55,7 +55,7 @@ | ||
| 13 | all: shared | ||
| 14 | |||
| 15 | buildinf.h: ../Makefile | ||
| 16 | - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h | ||
| 17 | + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h | ||
| 18 | |||
| 19 | x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl | ||
| 20 | $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ | ||
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch new file mode 100644 index 0000000000..b556731219 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | If SOURCE_DATE_EPOCH is present in the environment, use it as build date. | ||
| 2 | Also make sure to use UTC time. | ||
| 3 | |||
| 4 | Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ] | ||
| 5 | |||
| 6 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
| 7 | |||
| 8 | --- mkbuildinf.pl 2018-03-06 14:20:09.438048058 -0800 | ||
| 9 | +++ mkbuildinf.pl 2018-03-06 14:19:20.722045632 -0800 | ||
| 10 | --- a/util/mkbuildinf.pl | ||
| 11 | +++ b/util/mkbuildinf.pl | ||
| 12 | @@ -3,7 +3,8 @@ | ||
| 13 | my ($cflags, $platform) = @ARGV; | ||
| 14 | |||
| 15 | $cflags = "compiler: $cflags"; | ||
| 16 | -$date = localtime(); | ||
| 17 | +my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC"; | ||
| 18 | + | ||
| 19 | print <<"END_OUTPUT"; | ||
| 20 | #ifndef MK1MF_BUILD | ||
| 21 | /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ | ||
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc index 02a0e16e97..0598195965 100644 --- a/meta/recipes-connectivity/openssl/openssl10.inc +++ b/meta/recipes-connectivity/openssl/openssl10.inc | |||
| @@ -162,6 +162,9 @@ do_configure () { | |||
| 162 | 162 | ||
| 163 | do_compile_prepend_class-target () { | 163 | do_compile_prepend_class-target () { |
| 164 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile | 164 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile |
| 165 | oe_runmake depend | ||
| 166 | cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'` | ||
| 167 | oe_runmake CC_INFO="${cc_sanitized}" | ||
| 165 | } | 168 | } |
| 166 | 169 | ||
| 167 | do_compile () { | 170 | do_compile () { |
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb index 75e44bae9f..ae851067f9 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb | |||
| @@ -42,6 +42,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \ | |||
| 42 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ | 42 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ |
| 43 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ | 43 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ |
| 44 | " | 44 | " |
| 45 | |||
| 46 | SRC_URI_append_class-target = "\ | ||
| 47 | file://reproducible-cflags.patch \ | ||
| 48 | file://reproducible-mkbuildinf.patch \ | ||
| 49 | " | ||
| 45 | SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" | 50 | SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4" |
| 46 | SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" | 51 | SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe" |
| 47 | 52 | ||