From 677d9937f2d1641bc508dad0f752eb698d1ac36e Mon Sep 17 00:00:00 2001 From: Mikko Rapeli Date: Tue, 30 Jul 2024 13:24:57 +0300 Subject: [PATCH] optee-os: remove absolute paths Change optee-os build scripts to not use absolute build time paths in generated header files and scripts. Two patches are backports from master/4.3. Signed-off-by: Mikko Rapeli Signed-off-by: Jon Mason --- ...not-use-full-path-to-generate-guard-.patch | 45 ++++++++++++++++ ....mk-remove-absolute-build-time-paths.patch | 53 +++++++++++++++++++ .../recipes-security/optee/optee-os_4.2.0.bb | 4 +- 3 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch create mode 100644 meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch diff --git a/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch b/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch new file mode 100644 index 00000000..29719b45 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os/0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch @@ -0,0 +1,45 @@ +From c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Thu, 6 Jun 2024 11:42:46 +0200 +Subject: [PATCH] checkconf.mk: do not use full path to generate guard symbol + in conf.h + +The combination of building with -g3 (which emits definitions of all +defined preprocessor macros to the debug info) and using a full path +to define the name of this preprocessor guard means that the output is +not binary reproducible across different build hosts. For example, in +my Yocto build, the string + + __home_ravi_yocto_tmp_glibc_work_stm32mp135fdk_oe_linux_gnueabi_optee_os_stm32mp_3_19_0_stm32mp_r1_1_build_stm32mp135f_dk_include_generated_conf_h_ + +appears in several build artifacts. Another developer or buildbot +would not build in some /home/ravi/... directory. + +In order to increase binary reproducibility, only use the path sans +the $(out-dir)/ prefix of the conf.h file. + +Reviewed-by: Jens Wiklander +Signed-off-by: Rasmus Villemoes +--- + mk/checkconf.mk | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Upstream-Status: Backport [c8a2a6529dc3ff609281ef4fe5c5bc949c805b5c] + +diff --git a/mk/checkconf.mk b/mk/checkconf.mk +index 449b1c2b8..bb08d6b15 100644 +--- a/mk/checkconf.mk ++++ b/mk/checkconf.mk +@@ -17,7 +17,8 @@ define check-conf-h + cnf='$(strip $(foreach var, \ + $(call cfg-vars-by-prefix,$1), \ + $(call cfg-make-define,$(var))))'; \ +- guard="_`echo $@ | tr -- -/.+ _`_"; \ ++ guardpath="$(patsubst $(out-dir)/%,%,$@)" \ ++ guard="_`echo "$${guardpath}" | tr -- -/.+ _`_"; \ + mkdir -p $(dir $@); \ + echo "#ifndef $${guard}" >$@.tmp; \ + echo "#define $${guard}" >>$@.tmp; \ +-- +2.34.1 + diff --git a/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch b/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch new file mode 100644 index 00000000..63fb63a2 --- /dev/null +++ b/meta-arm/recipes-security/optee/optee-os/0001-mk-compile.mk-remove-absolute-build-time-paths.patch @@ -0,0 +1,53 @@ +From 29b84ae5b277b85cd7244acde077694e6643fcde Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli +Date: Thu, 18 Jul 2024 07:54:18 +0000 +Subject: [PATCH] mk/compile.mk: remove absolute build time paths + +Some generated files get a __FILE_ID__ which include absolute +build time paths. Remove the paths and use plain file name. +Fixes yocto QA check. + +Problem/bug: + +$ strings ../image/lib/firmware/tee.elf | grep mikko +__FILE_ID__ +_home_mikko_build_core_ta_pub_key_c +__FILE_ID__ +_home_mikko_build_core_ldelf_hex_c +__FILE_ID__ +_home_mikko_build_core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c + +With this patch: + +$ strings ../image/lib/firmware/tee.elf | grep mikko +$ strings ../image/lib/firmware/tee.elf | grep FILE_ID | egrep \ +"core_ta_pub_key_c|core_ldelf_hex_c|core_early_ta_fd02c9da_306c_4" +__FILE_ID__ core_ta_pub_key_c +__FILE_ID__ core_ldelf_hex_c +__FILE_ID__ core_early_ta_fd02c9da_306c_48c7_a49c_bbd827ae86ee_c + +Reviewed-by: Jens Wiklander +Acked-by: Jerome Forissier +Signed-off-by: Mikko Rapeli +--- + mk/compile.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Upstream-Status: Backport + +diff --git a/mk/compile.mk b/mk/compile.mk +index b3d807ba4..338535bf3 100644 +--- a/mk/compile.mk ++++ b/mk/compile.mk +@@ -120,7 +120,7 @@ comp-cppflags-$2 = $$(filter-out $$(CPPFLAGS_REMOVE) $$(cppflags-remove) \ + $$(addprefix -I,$$(incdirs-$2)) \ + $$(cppflags$$(comp-sm-$2)) \ + $$(cppflags-lib$$(comp-lib-$2)) $$(cppflags-$2)) \ +- -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$1))) ++ -D__FILE_ID__=$$(subst -,_,$$(subst /,_,$$(subst .,_,$$(patsubst $$(out-dir)/%,%,$1)))) + + comp-flags-$2 += -MD -MF $$(comp-dep-$2) -MT $$@ + comp-flags-$2 += $$(comp-cppflags-$2) +-- +2.34.1 + diff --git a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb b/meta-arm/recipes-security/optee/optee-os_4.2.0.bb index 8ae219f4..cee024af 100644 --- a/meta-arm/recipes-security/optee/optee-os_4.2.0.bb +++ b/meta-arm/recipes-security/optee/optee-os_4.2.0.bb @@ -7,4 +7,6 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRCREV = "12d7c4ee4642d2d761e39fbcf21a06fb77141dea" SRC_URI += " \ file://0003-optee-enable-clang-support.patch \ - " + file://0001-checkconf.mk-do-not-use-full-path-to-generate-guard-.patch \ + file://0001-mk-compile.mk-remove-absolute-build-time-paths.patch \ +"