git: aef16fc30bb2 - main - build: remove certctl requirement for host OpenSSL libs on macOS

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Tue, 19 Aug 2025 04:28:06 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=aef16fc30bb2298e65a5fcc0c503d343e428c1b2

commit aef16fc30bb2298e65a5fcc0c503d343e428c1b2
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-08-16 18:34:30 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-08-19 04:27:59 +0000

    build: remove certctl requirement for host OpenSSL libs on macOS
    
    Some platforms, like macOS, do not expose headers for the system's
    libcrypto for public consumption.  libcrypto is relatively heavy and
    needs to know, e.g., the host system's endianness, so we scope the build
    down to macOS where OpenSSL headers are known to not be present and we
    can be reasonably certain that most of the systems today that would be
    cross-building are little endian.
    
    We still don't bother if building WITHOUT_OPENSSL since the end result
    is expected to be used by OpenSSL, but perhaps we could revisit that
    independently in case one, e.g., brings their own implementation.
    
    Reported by:    jrtc27
    Reviewed by:    jrtc27, ngie
    Fixes:  c340ef28fd38 ("certctl: Reimplement in C")
    Differential Revision:  https://reviews.freebsd.org/D51935
---
 Makefile.inc1                        |  9 ++++++++-
 secure/lib/libcrypto/Makefile        |  5 ++++-
 secure/lib/libcrypto/Makefile.common |  2 +-
 share/mk/bsd.endian.mk               | 13 ++++++++++---
 tools/build/Makefile                 |  1 +
 5 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/Makefile.inc1 b/Makefile.inc1
index 3f35dafc6441..861d368af838 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -2709,8 +2709,14 @@ _basic_bootstrap_tools+=sbin/md5
 _basic_bootstrap_tools+=usr.sbin/tzsetup
 .endif
 
-# certctl is needed as an install tool
+# certctl is needed as an install tool.  libcrypto is rather heavy, so we'll
+# build that alongside it only for platforms that don't expose headers for
+# OpenSSL, like macOS.
 .if ${MK_CAROOT} != "no" && ${MK_OPENSSL} != "no"
+.if ${.MAKE.OS} == "Darwin"
+_bootstrap_libcrypto=secure/lib/libcrypto
+${_bt}-usr.sbin/certctl: ${_bt}-secure/lib/libcrypto
+.endif
 _certctl=usr.sbin/certctl
 .endif
 
@@ -2777,6 +2783,7 @@ bootstrap-tools: ${_bt}-links .PHONY
     ${_strfile} \
     usr.bin/dtc \
     ${_cat} \
+    ${_bootstrap_libcrypto} \
     ${_certctl} \
     ${_kbdcontrol} \
     ${_elftoolchain_libs} \
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index e7e491124241..7e2350fb33ea 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -1,7 +1,10 @@
 SHLIBDIR?=	/lib
-.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS)
+.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS) && !defined(BOOTSTRAPPING)
 SUBDIR=		engines modules
 .endif
+.ifdef BOOTSTRAPPING
+CFLAGS+=	-DOPENSSL_NO_SCTP
+.endif
 
 .include <bsd.own.mk>
 .include <src.opts.mk>
diff --git a/secure/lib/libcrypto/Makefile.common b/secure/lib/libcrypto/Makefile.common
index afcc2a48660c..ad48e2b434cf 100644
--- a/secure/lib/libcrypto/Makefile.common
+++ b/secure/lib/libcrypto/Makefile.common
@@ -6,7 +6,7 @@ CFLAGS+=	-DL_ENDIAN
 CFLAGS+=	-DB_ENDIAN
 .endif
 
-.ifndef WITHOUT_AUTO_ASM
+.if !defined(WITHOUT_AUTO_ASM) && !defined(BOOTSTRAPPING)
 .if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
     ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
 ASM_${MACHINE_CPUARCH}=
diff --git a/share/mk/bsd.endian.mk b/share/mk/bsd.endian.mk
index ba662ffc7439..24da57954b5a 100644
--- a/share/mk/bsd.endian.mk
+++ b/share/mk/bsd.endian.mk
@@ -20,10 +20,17 @@ LOCALEDEF_ENDIAN= -b
 #
 # During bootstrapping on !FreeBSD OSes, we need to define some value.  Short of
 # having an exhaustive list for all variants of Linux and MacOS we simply do not
-# set TARGET_ENDIANNESS and poison the other variables. They should be unused
-# during the bootstrap phases (apart from one place that's adequately protected
-# in bsd.compiler.mk) where we're building the bootstrap tools.
+# set TARGET_ENDIANNESS (on Linux) and poison the other variables. They should
+# be unused during the bootstrap phases (apart from one place that's adequately
+# protected in bsd.compiler.mk) where we're building the bootstrap tools.
 #
+.if ${.MAKE.OS} == "Darwin"
+# We do assume the endianness on macOS because Apple's modern hardware is all
+# little-endian.  This might need revisited in the far future, but for the time
+# being Apple Silicon's reign of terror continues.  We only set this one up
+# because libcrypto is now built in bootstrap.
+TARGET_ENDIANNESS= 1234
+.endif
 CAP_MKDB_ENDIAN= -B	# Poisoned value, invalid flags for both cap_mkdb
 LOCALEDEF_ENDIAN= -B	# and localedef.
 .endif
diff --git a/tools/build/Makefile b/tools/build/Makefile
index 83f589ce3864..3c4e07e3cfc2 100644
--- a/tools/build/Makefile
+++ b/tools/build/Makefile
@@ -495,6 +495,7 @@ INSTALLDIR_LIST= \
 	bin \
 	lib/geom \
 	usr/include/casper \
+	usr/include/openssl \
 	usr/include/private/ucl \
 	usr/include/private/zstd \
 	usr/lib \