[gnome-continuous-yocto/gnomeostree-3.28-rocko: 208/218] openssl_1.0.2n: improve reproducibility

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 208/218] openssl_1.0.2n: improve reproducibility
Date: Mon, 21 May 2018 08:52:44 +0000 (UTC)
commit cf2f4bd8cf10a71a6bd290df18b75b91cdd77384
Author: Juro Bystricky <juro bystricky intel com>
Date:   Sat Mar 10 11:27:29 2018 -0800

    openssl_1.0.2n: improve reproducibility
    
    Improve reproducible build of:
    
    openssl-staticdev
    openssl-dbg
    libcrypto
    
    There are two main causes that prevent reproducible build, both related to
    the generated file "buildinf.h":
    
    1. "buildinf.h" contains build host CFLAGS, containing various build
       host references.  We need to pass sanitized CFLAGS to the script
       generating this file ("mkbuildinf.pl". )
    
    2. We also need to modify the script "mkbuildinf.pl" itsel in order to
       generate a build timestamp based on SOURCE_DATE_EPOCH, if present in
       the environment.
    
    (From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7)
    
    (From OE-Core rev: 5a7cf3296715ac6543a171984fd09168bf73d1af)
    
    Signed-off-by: Juro Bystricky <juro bystricky intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
    Signed-off-by: Armin Kuster <akuster808 gmail com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../openssl-1.0.2n/reproducible-cflags.patch       |   20 +++++++++++++++++++
 .../openssl-1.0.2n/reproducible-mkbuildinf.patch   |   21 ++++++++++++++++++++
 meta/recipes-connectivity/openssl/openssl10.inc    |    3 ++
 .../recipes-connectivity/openssl/openssl_1.0.2n.bb |    5 ++++
 4 files changed, 49 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch 
b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
new file mode 100644
index 0000000..2803cb0
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-cflags.patch
@@ -0,0 +1,20 @@
+Allow passing custom c-flags to mkbuildinf.pl in order to pass
+flags without any build host references
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Juro Bystricky <juro bystricky intel com>
+
+--- Makefile   2018-03-06 14:50:18.342138147 -0800
++++ Makefile   2018-03-06 15:24:04.794239071 -0800
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -55,7 +55,7 @@
+ all: shared
+ 
+ buildinf.h: ../Makefile
+-      $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++      $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
+ 
+ x86cpuid.s:   x86cpuid.pl perlasm/x86asm.pl
+       $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch 
b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
new file mode 100644
index 0000000..b556731
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2n/reproducible-mkbuildinf.patch
@@ -0,0 +1,21 @@
+If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
+Also make sure to use UTC time.
+
+Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
+
+Signed-off-by: Juro Bystricky <juro bystricky intel com>
+
+--- mkbuildinf.pl      2018-03-06 14:20:09.438048058 -0800
++++ mkbuildinf.pl      2018-03-06 14:19:20.722045632 -0800
+--- a/util/mkbuildinf.pl
++++ b/util/mkbuildinf.pl
+@@ -3,7 +3,8 @@
+ my ($cflags, $platform) = @ARGV;
+ 
+ $cflags = "compiler: $cflags";
+-$date = localtime();
++my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
++
+ print <<"END_OUTPUT";
+ #ifndef MK1MF_BUILD
+     /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
index 23f97d7..9335b0b 100644
--- a/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/meta/recipes-connectivity/openssl/openssl10.inc
@@ -156,6 +156,9 @@ do_configure () {
 
 do_compile_prepend_class-target () {
     sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+    oe_runmake depend
+       cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 
's|${DEBUG_PREFIX_MAP}||g'`
+       oe_runmake CC_INFO="${cc_sanitized}"
 }
 
 do_compile () {
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
index 32444c6..f07289d 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2n.bb
@@ -43,6 +43,11 @@ SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
            file://0001-Fix-build-with-clang-using-external-assembler.patch \
            file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
            "
+
+SRC_URI_append_class-target = "\
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
 SRC_URI[md5sum] = "13bdc1b1d1ff39b6fd42a255e74676a4"
 SRC_URI[sha256sum] = "370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe"
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]