From patchwork Fri Apr 21 03:38:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?WWFuZyBYdSAo5b6Q5omsKQ==?=
 <yang.xu@mediatek.com>
X-Patchwork-Id: 22811
Return-Path: <yang.xu@mediatek.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6FD75C77B73
	for <webhook@archiver.kernel.org>; Fri, 21 Apr 2023 03:38:39 +0000 (UTC)
Received: from mailgw01.mediatek.com (mailgw01.mediatek.com [60.244.123.138])
 by mx.groups.io with SMTP id smtpd.web10.3995.1682048316433920320
 for <openembedded-core@lists.openembedded.org>;
 Thu, 20 Apr 2023 20:38:36 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@mediatek.com header.s=dk header.b=MWxFCP2+;
 spf=pass (domain: mediatek.com, ip: 60.244.123.138,
 mailfrom: yang.xu@mediatek.com)
X-UUID: fc158954dff511eda9a90f0bb45854f4-20230421
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=mediatek.com; s=dk;
	h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:CC:To:From;
 bh=Zf+QV9JKRU2C1QHS4DwxlsjqXFGA9GNU0Fb/gVVcJsk=;
	b=MWxFCP2+eVnX9e+jDy5HpB9HQs2Z2fJTc0AA1cZ1Qk/cAGZqKhwdu83JbWTRSQEDtHts0ynydG8lK2uWTqvlccLUQtuyMiDn612/hFAfK6SJyu+r/M/aw6uHUKMggVZ7STo748DdPNZWGpBp10qRdGKyNc7YNdZDqYK0ntAJQCE=;
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.22,REQID:597a5c78-004f-43f4-a946-91511053f8a0,IP:0,U
	RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION:
	release,TS:0
X-CID-META: VersionHash:120426c,CLOUDID:f754c684-cd9c-45f5-8134-710979e3df0e,B
	ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U
	RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0
X-CID-BVR: 0
X-CID-BAS: 0,_,0,_
X-UUID: fc158954dff511eda9a90f0bb45854f4-20230421
Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by
 mailgw01.mediatek.com
	(envelope-from <yang.xu@mediatek.com>)
	(Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256)
	with ESMTP id 1199143871; Fri, 21 Apr 2023 11:38:30 +0800
Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by
 mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.25; Fri, 21 Apr 2023 11:38:29 +0800
Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by
 mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
 15.2.1118.25 via Frontend Transport; Fri, 21 Apr 2023 11:38:29 +0800
From: <yang.xu@mediatek.com>
To: <openembedded-core@lists.openembedded.org>
CC: <alex.kanavin@gmail.com>, Yang Xu <yang.xu@mediatek.com>
Subject: [PATCH v3] openssl: set package level PERL5LIB
Date: Fri, 21 Apr 2023 03:38:01 +0000
Message-ID: <20230421033801.28653-1-yang.xu@mediatek.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-MTK: N
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 21 Apr 2023 03:38:39 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/180264

From: Yang Xu <yang.xu@mediatek.com>

Build openssl with shared state cache may meet problem under below conditions:
1. sstate cache generated by another user on same machine
2. inappropriate PERL5LIB setting
3. openssl build from scratch but perl using cache

When build openssl from scratch with perl using cache, it will be aborted at do_configure stage,
error message is like "Can't locate Text/Template.pm at /home/A/[build path]/[perl module path]/Text/Template.pm : Permission Denied".

The simplified environment and scenarios is:
1) User A, his home directory is /home/A, generate one sstate cache under /home/A.
2) This sstate cache moved to /home/Public, act as shared sstate cache
3) User B, his home directory is /home/B, using sstate cache in /home/Public and build yocto.
4) User B has no permission to access /home/A.

Some information about perl behavior:
1. perl will hardcode buildtime path in @INC in binary (module search directories)
2. when "use MODULE", perl will search @INC from begin to end until it found MODULE.
3. when perl search module through directories in @INC
     3.1 if [directory]/MODULE.pm is not exist, search in next directory in @INC.
     3.2 if [directory]/MODULE.pm has no permission to access, perl will ABORT.

While build openssl from from scratch with perl using cache, @INC directory order is:
1.<PERL5LIB>
2.<default module path in ${WORKDIR}/recipe-sysroot-native>
3.<hardcode module path in binary, which include /home/A/XXX/YYY>
4.<module found by FindBin, module Text-Template can be found by it>

Without appropriate PERL5LIB setting, perl can't find Text/Template.pm in
<PERL5LIB>, and it also can't find it in <default module path>.

Then perl search Text/Template.pm in <hardcode module path in binary>,
*if /home/A is not existed, perl will search in <module found by FindBin> and found Text/Template.pm finally. (OK case)
*if /home/A is existed but has no permission access, perl will ABORT immediately. (NG case)

So this patch does some fixup for NG case:
1) set appropriate PERL5LIB to make perl can found Text/Tempalte.pm at highest priority folder <PERL5LIB>.
2) add other perl module directories needed by openssl build in PERL5LIB
3) set PERL5LIB as package environment variable

Signed-off-by: Yang Xu <yang.xu@mediatek.com>
---
 meta/recipes-connectivity/openssl/openssl_3.1.0.bb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
index b319c66044..613451f265 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
@@ -54,6 +54,10 @@ CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/bu
 # The default is to trust upstream choices.
 DEPRECATED_CRYPTO_FLAGS ?= ""
 
+# Set package level PERL5LIB
+PERL5LIB = "${S}/external/perl/Text-Template-1.56/lib/:${S}/crypto/perlasm"
+export PERL5LIB
+
 do_configure () {
 	# When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
 	# the issue really clear that perl isn't functional due to symbol mismatch issues.
@@ -138,7 +142,7 @@ do_configure () {
 	fi
 	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
 	# environment variables set by bitbake. Adjust the environment variables instead.
-	HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+	HASHBANGPERL="/usr/bin/env perl" PERL=perl \
 	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
 	perl ${B}/configdata.pm --dump
 }