forked from pool/openssl-1_1
Accepting request 930969 from home:gbelinassi
- Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled. Userspace Livepatching allows your application to be updated without restarting. For a library to be livepatchable, it has to be compiled with special flags (-fpatchable-functions-entry=X,Y). To aid the development of livepatches, ipa-clones are also generated in the build process and packed into a livepatch tarball. This tarball is meant to be used by developers during their workflow: these files contains log of changes that gcc did in the compiled code that may change code layout, which must be accounted when developing a livepatch. For instance, livepatching a function which is inlined requires livepatching every function that calls it. Tools that use such files already exists in kernel-livepatching and we aim porting them to userspace livepatching as well. OBS-URL: https://build.opensuse.org/request/show/930969 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=99
This commit is contained in:
parent
031c49bd14
commit
81ba30e4f7
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
|
||||
|
||||
- Add support for livepatches (jsc#SLE-20049).
|
||||
- Generate ipa-clones tarball artifact when livepatching is enabled.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 2 11:34:56 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
|
||||
|
||||
|
@ -16,6 +16,26 @@
|
||||
#
|
||||
|
||||
|
||||
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
|
||||
# Enable livepatching support for SLE15-SP4 onwards. It requires
|
||||
# compiler support introduced there.
|
||||
%define livepatchable 1
|
||||
|
||||
# Set variables for livepatching.
|
||||
%define _other %{_topdir}/OTHER
|
||||
%define tar_basename %{_rname}-livepatch-%{version}-%{release}
|
||||
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
|
||||
%define clones_dest_dir %{tar_basename}/%{_arch}
|
||||
%else
|
||||
# Unsupported operating system.
|
||||
%define livepatchable 0
|
||||
%endif
|
||||
|
||||
%ifnarch x86_64
|
||||
# Unsupported architectures must have livepatch disabled.
|
||||
%define livepatchable 0
|
||||
%endif
|
||||
|
||||
%define ssletcdir %{_sysconfdir}/ssl
|
||||
%define maj_min 1.1
|
||||
%define _rname openssl
|
||||
@ -198,6 +218,9 @@ export MACHINE=armv6l
|
||||
--libdir=%{_lib} \
|
||||
--openssldir=%{ssletcdir} \
|
||||
%{optflags} \
|
||||
%if %{livepatchable}
|
||||
-fpatchable-function-entry=16,14 -fdump-ipa-clones \
|
||||
%endif
|
||||
-Wa,--noexecstack \
|
||||
-Wl,-z,relro,-z,now \
|
||||
-fno-common \
|
||||
@ -228,6 +251,32 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build
|
||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
|
||||
|
||||
%install
|
||||
%if %{livepatchable}
|
||||
|
||||
# Ipa-clones are files generated by gcc which logs changes made across
|
||||
# functions, and we need to know such changes to build livepatches
|
||||
# correctly. These files are intended to be used by the livepatch
|
||||
# developers and may be retrieved by using `osc getbinaries`.
|
||||
#
|
||||
# Create list of ipa-clones.
|
||||
find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list
|
||||
|
||||
# Create ipa-clones destination folder and move clones there.
|
||||
mkdir -p ipa-clones/%{clones_dest_dir}
|
||||
while read f; do
|
||||
_dest=ipa-clones/%{clones_dest_dir}/$f
|
||||
mkdir -p ${_dest%/*}
|
||||
cp $f $_dest
|
||||
done < ipa-clones.list
|
||||
|
||||
# Create tar package with the clone files.
|
||||
tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename}
|
||||
|
||||
# Copy tar package to the OTHERS folder
|
||||
cp %{tar_package_name} %{_other}
|
||||
|
||||
%endif # livepatchable
|
||||
|
||||
%make_install %{?_smp_mflags}
|
||||
# kill static libs
|
||||
rm -f %{buildroot}%{_libdir}/lib*.a
|
||||
|
Loading…
Reference in New Issue
Block a user