android-libboringssl: add new recipe for BoringSSL shared libraries

Add a recipe shipping the BoringSSL shared libraries required by
android-tools-adbd. BoringSSL is the TLS/crypto library used by adbd
for ADB authentication.

The libraries are installed under ${libdir}/android/ to avoid conflicting
with the system libcrypto/libssl in the sysroot. A SOVERSION=0 patch is
applied so Yocto's standard .so / .so.0 packaging split works correctly.
An ld.so.conf.d drop-in registers ${libdir}/android so binaries can find
the libraries at runtime.

This recipe is tightly coupled to android-tools: update it together when
upgrading android-tools to a new version.

AI-Generated: Uses GitHub Copilot (Claude Sonnet 4.6)

Signed-off-by: Mihajlo Marinkovic <mmarinkovic@snap.com>
Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Etienne Cordonnier
2026-06-12 17:33:38 +02:00
committed by Khem Raj
parent 9cda6e09a4
commit 50f8744b0a
4 changed files with 155 additions and 0 deletions
@@ -0,0 +1,62 @@
From 03a13ef3ea786286d9317562647e9856c1b71736 Mon Sep 17 00:00:00 2001
From: Etienne Cordonnier <ecordonnier@snap.com>
Date: Thu, 11 Jun 2026 00:00:00 +0000
Subject: [PATCH] cmake: add SOVERSION 0 to crypto and ssl shared libraries
BoringSSL's CMakeLists.txt does not set SOVERSION, so the built shared
libraries have no SONAME embedded and cmake names them libcrypto.so /
libssl.so without any version suffix. This causes two problems in a
Yocto build:
1. The Yocto QA check "dev-so" rejects unversioned .so symlinks in
non-dev packages, but those symlinks are required at runtime because
the DT_NEEDED entry in binaries that link against BoringSSL refers to
the bare libcrypto.so name.
2. Standard Yocto FILES patterns split libraries by suffix: .so.* goes
into the runtime package and .so symlinks go into -dev. Without a
SOVERSION these patterns do not apply correctly.
Setting SOVERSION to 0 causes cmake to:
- build libcrypto.so.0 as the real ELF with SONAME=libcrypto.so.0
- create libcrypto.so as a development symlink
Binaries linked with -l:libcrypto.so.0 (as android-tools does) will
record DT_NEEDED=libcrypto.so.0 and resolve correctly at runtime.
Upstream-Status: Inappropriate [OE-specific packaging requirement]
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
---
crypto/CMakeLists.txt | 2 ++
ssl/CMakeLists.txt | 2 ++
2 files changed, 4 insertions(+)
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index cdb5ddc..fca86cc 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -327,6 +327,8 @@ endif()
set_target_properties(crypto PROPERTIES LINKER_LANGUAGE C)
+set_target_properties(crypto PROPERTIES SOVERSION 0)
+
if(WIN32)
target_link_libraries(crypto ws2_32)
endif()
diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
index d8d997e..e49b350 100644
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -46,6 +46,8 @@ install_if_enabled(TARGETS ssl EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAU
set_property(TARGET ssl PROPERTY EXPORT_NAME SSL)
target_link_libraries(ssl crypto)
+set_target_properties(ssl PROPERTIES SOVERSION 0)
+
add_executable(
ssl_test
--
2.43.0
@@ -0,0 +1,22 @@
#!/bin/sh
if [ "$1" = "run" ] && [ "$2" = "util/embed_test_data.go" ]; then
echo 'extern const int boringssl_dummy_crypto_test_data = 0;'
exit 0
fi
if [ "$1" = "run" ] && [ "$2" = "err_data_generate.go" ]; then
cat <<'EOF'
#include <stddef.h>
#include <stdint.h>
const uint32_t kOpenSSLReasonValues[] = {0};
const size_t kOpenSSLReasonValuesLen = 0;
const char kOpenSSLReasonStringData[] = "";
EOF
exit 0
fi
if [ "$1" = "version" ]; then
echo 'go version go0.0.0 yocto/stub'
exit 0
fi
echo "Unexpected Go invocation: $*" >&2
exit 1
@@ -0,0 +1 @@
int boringssl_dummy_gtest_translation_unit = 0;
@@ -0,0 +1,70 @@
DESCRIPTION = "BoringSSL shared libraries for android-tools"
SECTION = "libs"
# This recipe is tightly coupled to android-tools: when upgrading android-tools,
# update this recipe to the BoringSSL version shipped in the corresponding Debian
# android-platform-tools source package.
# BoringSSL is a fork of OpenSSL; new files carry ISC license, OpenSSL license
# covers the forked parts.
LICENSE = "OpenSSL & ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=2ca501bc96ce9ed0814e2c592c3f9593"
SRC_URI = " \
https://deb.debian.org/debian/pool/main/a/android-platform-external-boringssl/android-platform-external-boringssl_${PV}.orig.tar.xz \
file://boringssl-go-stub \
file://boringssl-gtest-stub.cc \
file://0001-cmake-add-SOVERSION-0-to-crypto-and-ssl-shared-libra.patch \
"
SRC_URI[md5sum] = "83d24d2f3136ba6a486b5464369b91b4"
SRC_URI[sha256sum] = "f9223e8c15ad5d9e3f1cd50861f4c272658864661e2332bea5d60952aa0930cd"
# The Debian orig tarball unpacks to android-platform-external-boringssl-${PV}/
# with the actual source under a src/ subdirectory.
S = "${UNPACKDIR}/android-platform-external-boringssl-${PV}/src"
inherit cmake
CFLAGS:append = " -Wno-discarded-qualifiers"
OECMAKE_TARGET_COMPILE = "crypto ssl"
EXTRA_OECMAKE = " \
-DBUILD_SHARED_LIBS=ON \
-DBUILD_TESTING=OFF \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DGO_EXECUTABLE=${WORKDIR}/hosttools/go \
"
do_configure:prepend() {
install -d ${WORKDIR}/hosttools
install -m 0755 ${UNPACKDIR}/boringssl-go-stub ${WORKDIR}/hosttools/go
# BoringSSL builds its own minimal gtest from third_party/googletest; provide
# an empty stub .cc. We only build the crypto and ssl targets so the test
# source files are never compiled, but cmake still needs gtest-all.cc to
# exist to create the boringssl_gtest target.
if [ ! -f ${S}/third_party/googletest/src/gtest-all.cc ]; then
install -d ${S}/third_party/googletest/src
install -m 0644 ${UNPACKDIR}/boringssl-gtest-stub.cc \
${S}/third_party/googletest/src/gtest-all.cc
fi
}
do_install() {
# Install headers under a boringssl/ subdirectory to avoid shadowing the
# system OpenSSL headers in the sysroot.
install -d ${D}${includedir}/boringssl
cp -a ${S}/include/openssl ${D}${includedir}/boringssl/
# Install shared libraries under ${libdir}/android/ to avoid conflicting
# with the system libssl/libcrypto in the sysroot.
install -d ${D}${libdir}/android
install -m 0755 ${B}/crypto/libcrypto.so.0 ${D}${libdir}/android/libcrypto.so.0
ln -sf libcrypto.so.0 ${D}${libdir}/android/libcrypto.so
install -m 0755 ${B}/ssl/libssl.so.0 ${D}${libdir}/android/libssl.so.0
ln -sf libssl.so.0 ${D}${libdir}/android/libssl.so
}
FILES:${PN}-dev = "${includedir}/boringssl ${libdir}/android/libcrypto.so ${libdir}/android/libssl.so"
FILES:${PN} = "${libdir}/android/libcrypto.so.0 ${libdir}/android/libssl.so.0"
BBCLASSEXTEND = "native"