diff mbox series

[1/9] make-mod-scripts: force static linking and make dependencies explicit

Message ID 2634b1693aace6d17e9bddb4596a67585d38fcfe.1685558432.git.bruce.ashfield@gmail.com
State New
Headers show
Series [1/9] make-mod-scripts: force static linking and make dependencies explicit | expand

Commit Message

Bruce Ashfield May 31, 2023, 6:48 p.m. UTC 
From: Bruce Ashfield <bruce.ashfield@gmail.com>

When the scripts are prepared from the kernel soure, there are some
executables that can also be created (depending on kernel
configuration). sign-file and objtool are two examples which are
commonly created.

Due to the way that the kernel source is staged, and build artifacts
are stored for reuse and performance we can end up in a scenario where
the build artifacts based executable is linked against shared
libraries in the recipe native sysroot (ssl or crypto).

We could manipulate rpath, install the libraries to build-artifacts
and arrange to have available when the host tools are used or even
created a full native package from the tools generated out of scripts.

Those approaches have drawbacks in complexity, relocatability and/or
synchronization issues with the kernel source.

The chosen approach here is to force static linking on the tools,
which allows them to be placed into build artifacts without any
references to the recipe native sysroot.

kernel's newer than 5.15+ allow us to add the -static parameter
to pkg-config, but older kernels do not have that flexiblity. As
a result, we have two approaches to ensure that the libraries
needed for static linking are detected (one via pkg-config and
the other via host ldflags). In the future we can drop the ldflags
approach (when the oldest supported kernels are > 5.15).

There are also some potentially missing dependencies when tools
like sign-file are built, so we add them explicitly to the recipe
and avoid any races or implicit dependencies.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../make-mod-scripts/make-mod-scripts_1.0.bb  | 30 +++++++++++++++++--
 1 file changed, 27 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
index 28e0807d1d..1c972f0d44 100644
--- a/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
+++ b/meta/recipes-kernel/make-mod-scripts/make-mod-scripts_1.0.bb
@@ -10,25 +10,49 @@  PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 S = "${WORKDIR}"
 
-do_configure[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot"
+# zlib is required when module signing is enabled
+do_configure[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot zlib-native:do_populate_sysroot"
 do_compile[depends] += "virtual/kernel:do_compile_kernelmodules"
 
 DEV_PKG_DEPENDENCY = ""
 
 DEPENDS += "bc-native bison-native"
 DEPENDS += "gmp-native"
+# required for module signing support
+DEPENDS += "elfutils-native"
 
-EXTRA_OEMAKE = " HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}""
-EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS}" CROSS_COMPILE=${TARGET_PREFIX}"
+# we are statically building the support tools, since the output of the build is
+# stored in STAGING_KERNEL_BUILDDIR. We do not want any dynamic references to
+# libraries that are only present in the recipe native sysroot
+EXTRA_OEMAKE = " HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS} -static" HOSTCPP="${BUILD_CPP}""
+EXTRA_OEMAKE += " HOSTCXX="${BUILD_CXX} ${BUILD_CXXFLAGS} ${BUILD_LDFLAGS} -static" CROSS_COMPILE=${TARGET_PREFIX}"
 
 # Build some host tools under work-shared.  CC, LD, and AR are probably
 # not used, but this is the historical way of invoking "make scripts".
 #
 do_configure() {
+	# setup native pkg-config variables, HOSTPKG_CONFIG is available in newer kernels
+	# but we keep these to support older kernels that may not have the variable to
+	# abstract calls to pkg-config
+	export PKG_CONFIG_DIR="${STAGING_DIR_NATIVE}${libdir_native}/pkgconfig"
+	export PKG_CONFIG_PATH="$PKG_CONFIG_DIR:${STAGING_DATADIR_NATIVE}/pkgconfig"
+	export PKG_CONFIG_LIBDIR="$PKG_CONFIG_DIR"
+	export PKG_CONFIG_SYSROOT_DIR=""
+
+	# override CRYPTO_LIBS to support older kernels without HOSTPKG_CONFIG
+	CRYPTO_LIBS="$(pkg-config --static --libs libcrypto 2>/dev/null || echo -lcrypto)"
+
+	# for pre-5.15 kernels
+	LIBELF_LIBS=$(pkg-config --static libelf --libs 2>/dev/null || echo -lelf)
+	export LIBELF_LIBS="$LIBELF_LIBS -lz"
+	export HOSTLDFLAGS="-lz"
+
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
 	for t in prepare scripts_basic scripts; do
 		oe_runmake CC="${KERNEL_CC}" LD="${KERNEL_LD}" \
 		AR="${KERNEL_AR}" OBJCOPY="${KERNEL_OBJCOPY}" \
+		HOSTPKG_CONFIG="pkg-config --static" \
+		CRYPTO_LIBS="${CRYPTO_LIBS}" \
 		-C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} $t
 	done
 }