mirror of
https://abf.rosa.ru/djam/libressl.git
synced 2025-02-23 16:12:53 +00:00
RPATH is not needed, remove it, simplify dependency generation
This commit is contained in:
Mikhail Novosyolov
parent
445ac1df85
commit
179f31e464
1 changed files with 28 additions and 72 deletions
100
libressl.spec
100
libressl.spec
|
|
@ -23,37 +23,24 @@
|
|||
%{?!_compress:%define _compress /bin/true}
|
||||
%{?!_extension:%define _extension .xz}
|
||||
|
||||
# Fallback to the old external dependency generator
|
||||
# http://lists.rosalab.ru/pipermail/rosa-devel/2013-April/004702.html
|
||||
# http://lists.rosalab.ru/pipermail/rosa-devel/2013-April/004703.html
|
||||
# because there is no way to filter by filepath in the internal one
|
||||
# TODO: avoid using external dep. gen.
|
||||
%define _use_internal_dependency_generator 0
|
||||
# Those libraries in /opt are not available without RPATH or ld.so.conf
|
||||
%define _exclude_files_from_autoprov %{_libdir}
|
||||
# We rename e.g. libtls.pc to libressl-tls.pc, make sure that we do not
|
||||
# get odd provides and break the repository if forgot to rename something
|
||||
#define __noautoprov '.*openssl.*|pkgconfig\\(lib.*'
|
||||
%define _provides_exceptions '.*openssl.*|pkgconfig(lib.*'
|
||||
# libressl-devel must not require devel(libxxx)
|
||||
# because it has those devels inside himself
|
||||
%define _requires_exceptions 'devel(lib.*'
|
||||
# Ideas behind this dependency generation crap are the following:
|
||||
%define __noautoprov '.*openssl.*|pkgconfig\((libtls|libcrypro|libssl)\)'
|
||||
# Ideas behind this package are the following:
|
||||
# - libressl-devel must provide pkgconfig(libressl*)
|
||||
# - libressl-devel must not provide pkgconfig(openssl),
|
||||
# pkgconfig(libtls), pkgconfig(libcrypto), pkgconfig(libssl)
|
||||
# to prevent conflicts with OpenSSL
|
||||
# - libressl must not depend from separate library packages with
|
||||
# libtls.so.*, libcrypto.so.*, libssl.so.*, instead it has
|
||||
# copies of those libraries in /opt/libressl/lib/ and has RPATH
|
||||
# - packages netcat-openbsd and ocspcheck are intended to be
|
||||
# installable without installing libressl package with a lot of
|
||||
# odd stuff; so libtls.so.*, libcrypto.so.* and libssl.so.* are
|
||||
# packaged into separate packages, RPATHs are removed and nc
|
||||
# and ocspcheck must depend from separate libs packages and will
|
||||
# use /usr/lib(64)/lib*.so.* instead of /opt/libressl/lib/*.so.*
|
||||
# - there are no per-library devel packages, only one libressl-devel.
|
||||
# // mikhailnov, 30.11.2019
|
||||
# - packages netcat-openbsd, ocspcheck, libressl are intended to
|
||||
# comply with FHS, so libtls.so.*, libcrypto.so.* and libssl.so.*
|
||||
# are packaged into separate packages, RPATHs are removed and
|
||||
# /usr/bin/* must depend from separate libs packages and will
|
||||
# use /usr/lib(64)/lib*.so.*
|
||||
# - there are no per-library devel packages, only one libressl-devel
|
||||
# with symlinks /opt/libressl/lib/*.so -> /usr/lib(64)/*.so.*
|
||||
# - not FHS-compilant /opt is used only for devel package to allow
|
||||
# coinstallability with OpenSSL devel packages
|
||||
# // mikhailnov, 03.12.2019
|
||||
|
||||
%define libcrypto_sover 45
|
||||
%define libssl_sover 47
|
||||
|
|
@ -92,11 +79,7 @@ BuildRequires: chrpath
|
|||
# This LibreSSL uses /etc/pki/tls from system OpenSSL
|
||||
# but most functions will work without its files
|
||||
Suggests: openssl
|
||||
# Prevent dependencies from lib*_libressl* subpackages for the main package
|
||||
# because it may freely use /opt/libressl/lib/*.so.*
|
||||
# but put "Autoreq: 1" in other subpackages which may be installed without
|
||||
# libressl main package being installed and will use /usr/lib(64)/.*so.*
|
||||
Autoreq: 0
|
||||
Autoreq: 1
|
||||
|
||||
%description
|
||||
LibreSSL utils and libs coexisting with OpenSSL.
|
||||
|
|
@ -162,13 +145,8 @@ Autoreq: 1
|
|||
|
||||
%description devel
|
||||
LibreSSL devel package. Devel libraries are in %{_libdir},
|
||||
but the same runtime libraries exist in
|
||||
%{_libdir}
|
||||
and
|
||||
%{_olibdir}.
|
||||
After linking, binaries will load libs from %{_olibdir}.
|
||||
When using pkg-config, RPATH is set to %{_libdir},
|
||||
remove RPATH/RUNPATH manually if needed.
|
||||
runtime librararies are in %{_olibdir},
|
||||
pkg-config sets -I%{_libdir} in CFLAGS.
|
||||
|
||||
%files devel
|
||||
%doc ChangeLog COPYING
|
||||
|
|
@ -245,9 +223,6 @@ patch -p1 < 1.patch
|
|||
# Use the same %%_openssl dir with OpenSSL, but separate the config
|
||||
# (note that we patch libressl, X509_CONF_FILE is not upstream)
|
||||
export CFLAGS="$CFLAGS -DX509_CONF_FILE='\"%{_openssldir}/libressl.cnf\"'"
|
||||
# TODO: why by default without this runpath is not set on libcrypto.so*,
|
||||
# but is set on libtls.so* and libssl.so*?
|
||||
export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}"
|
||||
autoreconf -if #patch2
|
||||
# static libs are required for tests target in Makefile
|
||||
%configure2_5x \
|
||||
|
|
@ -318,16 +293,6 @@ mv -v %{buildroot}%{_obindir}/openssl %{buildroot}%{_obindir}/libressl
|
|||
# Remove static libs
|
||||
( cd %{buildroot}%{_libdir} ; rm -fv *.la *.a )
|
||||
|
||||
# Build scripts set RUNPATH, it is needed because /usr/bin/* are linked with
|
||||
# /opt/libressl/lib/*.so.*, make sure that RUNPATH exists
|
||||
for i in $(find %{buildroot}%{_bindir} %{buildroot}%{_libdir} -type f -executable) ; do
|
||||
rpath="$(readelf -a "$i" | grep '(RUNPATH)' | head -n 1 | awk '{print $NF}' | tr -d '[]')"
|
||||
if [ "$rpath" != '%{_libdir}' ]; then
|
||||
echo "Empty or incorrect RPATH on ${i}!"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
mkdir -p %{buildroot}/%{_olibdir}/pkgconfig
|
||||
mv -v %{buildroot}/%{_libdir}/pkgconfig/*.pc %{buildroot}/%{_olibdir}/pkgconfig
|
||||
for i in share %{_lib}
|
||||
|
|
@ -348,15 +313,6 @@ do
|
|||
-e 's,^libdir=.+,libdir=${exec_prefix}/lib,' \
|
||||
-e 's,^includedir=.+,includedir=${prefix}/include,' \
|
||||
"$f"
|
||||
# TODO: is rpath in *.pc really needed?
|
||||
if ! grep '^Libs:' "$f"
|
||||
then
|
||||
echo 'Libs: -Wl,-rpath=${libdir}' >> "$f"
|
||||
else
|
||||
# https://unix.stackexchange.com/a/328656
|
||||
sed -i -e '/^Libs:/s/$/ -Wl,-rpath=${libdir}/' "$f"
|
||||
grep '^Libs:' "$f" | grep -q rpath || exit 1
|
||||
fi
|
||||
mv -v "$f" "libressl-${f}"
|
||||
# Requires: libxx -> Requires: libressl-libxx
|
||||
sed -i \
|
||||
|
|
@ -377,7 +333,10 @@ mv -v %{buildroot}/%{_libdir}/{libcrypto,libtls,libssl}.so.* %{buildroot}/%{_oli
|
|||
for i in %{buildroot}/%{_olibdir}/{libcrypto,libtls,libssl}.so.*
|
||||
do
|
||||
filename="$(basename "$i")"
|
||||
ln -s "%{_olibdir}/${filename}" "$filename"
|
||||
# /opt/libressl/lib
|
||||
# /usr/lib64/
|
||||
# Relative symlink is required to use *.so in tests...
|
||||
ln -s ../../../"%{_olibdir}/${filename}" "$filename"
|
||||
done
|
||||
)
|
||||
if [ "$(find %{buildroot}/%{_libdir}/ -iname '*.so.*' -type f | wc -l)" -gt 0 ]; then
|
||||
|
|
@ -398,7 +357,6 @@ _pcf(){
|
|||
nflags="$(echo "$oflags" | sed -e 's,%{_prefix},%{buildroot}%{_prefix},g')"
|
||||
}
|
||||
libressl="%{buildroot}/%{_obindir}/libressl"
|
||||
rflags="-Wl,-rpath=%{buildroot}%{_libdir},-rpath=%{buildroot}%{_olibdir}"
|
||||
# These tests caught a lot of mistakes during first builds
|
||||
export PKG_CONFIG_PATH=%{buildroot}/%{_olibdir}/pkgconfig
|
||||
export LD_LIBRARY_PATH=%{buildroot}/%{_olibdir}
|
||||
|
|
@ -407,33 +365,31 @@ $libressl version -d | awk '{print $NF}' | tr -d '""' | grep -q '^%{_openssldir}
|
|||
# (test 2) Check that path to config file is correct
|
||||
# and also check that pkg-config libressl points to libressl, not openssl
|
||||
_pcf pkg-config --libs --cflags libressl
|
||||
%__cc -o test2 %{SOURCE22} $nflags $rflags
|
||||
%__cc -o test2 %{SOURCE22} $nflags
|
||||
ldd ./test2
|
||||
[ "$(./test2)" = "%{_openssldir}/libressl.cnf" ] || exit 1
|
||||
# Check that our pkgconfig hacks somehow work
|
||||
# (test 3) There is no /opt/libressl/ at build time
|
||||
_pcf pkg-config --libs --cflags libressl-libcrypto
|
||||
%__cc -o test3 %{SOURCE20} $nflags $rflags
|
||||
%__cc -o test3 %{SOURCE20} $nflags
|
||||
ldd ./test3
|
||||
ldd ./test3 | grep -E '%{_prefix}.*/libcrypto\.so\.%{libcrypto_sover}'
|
||||
ldd ./test3 | grep 'libcrypto\.so\.%{libcrypto_sover}'
|
||||
./test3 | grep Hello
|
||||
# (test 4) Check that OpenSSL and LibreSSL devel parts coexist correctly
|
||||
# (build with libcrypto from OpenSSL)
|
||||
_pcf pkg-config --libs --cflags libcrypto
|
||||
%__cc -o test4 %{SOURCE20} $nflags $rflags
|
||||
%__cc -o test4 %{SOURCE20} $nflags
|
||||
ldd ./test4
|
||||
ldd ./test4 | grep -v 'libcrypto\.so\.%{libcrypto_sover}'
|
||||
ldd ./test4 | grep -v '%{_prefix}'
|
||||
ldd ./test4 | grep -v '/libcrypto\.so\.%{libcrypto_sover}'
|
||||
./test4 | grep Hello
|
||||
# (test 5) Check that flags from all *.pc are valid
|
||||
# libtls is overlinking here, but check linking
|
||||
_pcf pkg-config --libs --cflags libressl libressl-libssl libressl-libtls libressl-libcrypto
|
||||
echo "$nflags" | grep -q rpath
|
||||
%__сс -o test5 %{SOURCE25} $nflags $rflags -lpthread -lz -ldl
|
||||
%__сс -o test5 %{SOURCE25} $nflags -lpthread -lz -ldl
|
||||
ldd ./test5
|
||||
ldd ./test3 | grep -E '%{_prefix}.*/libcrypto\.so\.%{libcrypto_sover}'
|
||||
ldd ./test3 | grep -E '%{_prefix}.*/libssl\.so\.%{libssl_sover}'
|
||||
ldd ./test3 | grep -E '%{_prefix}.*/libtls\.so\.%{libtls_sover}'
|
||||
ldd ./test3 | grep '/libcrypto\.so\.%{libcrypto_sover}'
|
||||
ldd ./test3 | grep '/libssl\.so\.%{libssl_sover}'
|
||||
ldd ./test3 | grep '/libtls\.so\.%{libtls_sover}'
|
||||
./test5 --threads 2
|
||||
# (test 6) Check that gost12sum (from OpenSSL gost-engine) and LibreSSL give the same result
|
||||
# This also simply checks that checksums by GOST do work
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue