From acbf3e2e7ed9a4be4a7157eeca9c96bde312f890 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 26 Jul 2025 14:10:47 -0700 Subject: [PATCH] openwsman: Fix reprodubility issue due to abs paths dlopen is being served libssl.so with build time absolute path of its location in target sysroot this is being detected as reproducibility issue but its also a runtime issue where dlopen will fail due to non-existent path Backport a gcc-15 build fix as well Drop do_configure tweak its no longer needed Signed-off-by: Khem Raj --- .../0001-Fix-to-build-with-GCC-15.patch | 25 +++++++++ ...Avoid-using-absolute-paths-in-dlopen.patch | 54 +++++++++++++++++++ .../openwsman/openwsman_2.8.1.bb | 9 ++-- 3 files changed, 82 insertions(+), 6 deletions(-) create mode 100644 meta-oe/recipes-extended/openwsman/openwsman/0001-Fix-to-build-with-GCC-15.patch create mode 100644 meta-oe/recipes-extended/openwsman/openwsman/0001-cmake-Avoid-using-absolute-paths-in-dlopen.patch diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-Fix-to-build-with-GCC-15.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-Fix-to-build-with-GCC-15.patch new file mode 100644 index 0000000000..32e055c300 --- /dev/null +++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-Fix-to-build-with-GCC-15.patch @@ -0,0 +1,25 @@ +From f1b4ef78719146d84f16e86bf77de027e608eb17 Mon Sep 17 00:00:00 2001 +From: Vitezslav Crhonek +Date: Mon, 3 Feb 2025 11:30:15 +0100 +Subject: [PATCH] Fix to build with GCC 15. + +Upstream-Status: Backport [https://github.com/Openwsman/openwsman/pull/209] +Signed-off-by: Vitezslav Crhonek +Signed-off-by: Khem Raj +--- + src/plugins/swig/src/target_ruby.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/plugins/swig/src/target_ruby.c b/src/plugins/swig/src/target_ruby.c +index bbce398..e17bb44 100644 +--- a/src/plugins/swig/src/target_ruby.c ++++ b/src/plugins/swig/src/target_ruby.c +@@ -49,7 +49,7 @@ + */ + + static VALUE +-load_module() ++load_module(VALUE) + { + ruby_script(PLUGIN_FILE); + return rb_require(PLUGIN_FILE); diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-cmake-Avoid-using-absolute-paths-in-dlopen.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-cmake-Avoid-using-absolute-paths-in-dlopen.patch new file mode 100644 index 0000000000..a9e98ef392 --- /dev/null +++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-cmake-Avoid-using-absolute-paths-in-dlopen.patch @@ -0,0 +1,54 @@ +From 03d3f19c00f959bb77464dfa90bcb197eb71b27a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 25 Jul 2025 20:41:05 -0700 +Subject: [PATCH] cmake: Avoid using absolute paths in dlopen() + +This encodes absolutes paths currently, via LIB_SSL +which is detected in cmake and then passed to compiler +via a define in src/server/CMakeLists.txt#L19 + +ADD_DEFINITIONS(-DSSL_LIB="${SSL_LIB}") + +This define is then used by a dlopen() call in +src/server/shttpd/shttpd.c#L1514 + +if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { + +This ends up emitting absolute path into openwsmand +binary + +It breaks reproducible builds, especially in cross-build +e.g. yocto, where build time install dir will never be same as +runtime install dir, this absolute path will be +non-existent on targets and this call will fail. + +Removing path element and leaving libssl.so which will/can be +in /usr/lib on targets + +This approach makes your binary more portable +since it doesn't hardcode absolute paths. + +Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/213] +Signed-off-by: Khem Raj +--- + src/server/CMakeLists.txt | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt +index 79702787..39568504 100644 +--- a/src/server/CMakeLists.txt ++++ b/src/server/CMakeLists.txt +@@ -16,7 +16,12 @@ SET(openwsmand_SOURCES ${openwsmand_SOURCES} gss.c wsmand.c) + IF(USE_OPENSSL) + SET(SSL_LIB ${OPENSSL_SSL_LIBRARY}) + MESSAGE(STATUS "SSL_LIB is at >${SSL_LIB}<") +-ADD_DEFINITIONS(-DSSL_LIB="${SSL_LIB}") ++ ++# Extract just the filename from the full path ++get_filename_component(SSL_LIB_NAME ${SSL_LIB} NAME) ++MESSAGE(STATUS "SSL_LIB filename is >${SSL_LIB_NAME}<") ++ ++ADD_DEFINITIONS(-DSSL_LIB="${SSL_LIB_NAME}") + ENDIF(USE_OPENSSL) + + ADD_DEFINITIONS(-DDELIM_CHARS=", " ) diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.8.1.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.8.1.bb index 5abe06d07b..9078f571e6 100644 --- a/meta-oe/recipes-extended/openwsman/openwsman_2.8.1.bb +++ b/meta-oe/recipes-extended/openwsman/openwsman_2.8.1.bb @@ -20,6 +20,8 @@ SRCREV = "20efbccaf804a5a27a914eb8802b806416c03ece" SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https;tag=v${PV} \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ + file://0001-Fix-to-build-with-GCC-15.patch \ + file://0001-cmake-Avoid-using-absolute-paths-in-dlopen.patch \ " LICENSE = "BSD-3-Clause" @@ -29,21 +31,16 @@ inherit systemd cmake pkgconfig python3native perlnative SYSTEMD_SERVICE:${PN} = "openwsmand.service" SYSTEMD_AUTO_ENABLE = "disable" - EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \ -DBUILD_LIBCIM=NO \ -DBUILD_PERL=YES \ -DBUILD_PYTHON3=YES \ -DBUILD_PYTHON=NO \ -DCMAKE_INSTALL_PREFIX=${prefix} \ + -DPACKAGE_ARCHITECTURE='${HOST_ARCH}' \ -DLIB=${baselib} \ " -do_configure:prepend() { - export STAGING_INCDIR=${STAGING_INCDIR} - export STAGING_LIBDIR=${STAGING_LIBDIR} -} - do_install:append() { install -d ${D}/${sysconfdir}/init.d install -m 755 ${B}/etc/init/openwsmand.sh ${D}/${sysconfdir}/init.d/openwsmand