diff --git a/openssl-1_1.changes b/openssl-1_1.changes index e34a591..be68827 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,8 +1,23 @@ +------------------------------------------------------------------- +Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi + +- Add support for livepatches (jsc#SLE-20049). +- Generate ipa-clones tarball artifact when livepatching is enabled. + ------------------------------------------------------------------- Tue Nov 2 11:34:56 UTC 2021 - Andreas Schneider - Add missing libopenssl1_1-hmac 32bit package +------------------------------------------------------------------- +Mon Nov 1 08:51:22 UTC 2021 - Dan Čermák + +- Drop openssl-no-date.patch + + Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in + https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231 + thereby making this patch obsolete as builds *should* still be reproducible. + ------------------------------------------------------------------- Tue Aug 24 19:32:25 UTC 2021 - Pedro Monreal diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 1cfac33..b47fd3a 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -16,6 +16,26 @@ # +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename %{_rname}-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + %define ssletcdir %{_sysconfdir}/ssl %define maj_min 1.1 %define _rname openssl @@ -42,7 +62,6 @@ Patch2: openssl-truststore.patch Patch3: openssl-pkgconfig.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch5: openssl-ppc64-config.patch -Patch6: openssl-no-date.patch # PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129 Patch8: 0001-s390x-assembly-pack-perlasm-support.patch Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch @@ -199,6 +218,9 @@ export MACHINE=armv6l --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ %{optflags} \ +%if %{livepatchable} + -fpatchable-function-entry=16,14 -fdump-ipa-clones \ +%endif -Wa,--noexecstack \ -Wl,-z,relro,-z,now \ -fno-common \ @@ -229,6 +251,32 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers %install +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + %make_install %{?_smp_mflags} # kill static libs rm -f %{buildroot}%{_libdir}/lib*.a diff --git a/openssl-no-date.patch b/openssl-no-date.patch deleted file mode 100644 index c910674..0000000 --- a/openssl-no-date.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openssl-1.1.1-pre1/util/mkbuildinf.pl -=================================================================== ---- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl 2018-02-13 16:31:28.011389734 +0100 -+++ openssl-1.1.1-pre1/util/mkbuildinf.pl 2018-02-13 16:31:51.539764582 +0100 -@@ -28,7 +28,7 @@ print <<"END_OUTPUT"; - */ - - #define PLATFORM "platform: $platform" --#define DATE "built on: $date" -+#define DATE "" - - /* - * Generate compiler_flags as an array of individual characters. This is a