A few build system questions
Eric McCorkle
eric at metricspace.net
Fri Aug 3 02:30:07 UTC 2018
On 08/02/2018 15:04, Warner Losh wrote:
> On Thu, Aug 2, 2018 at 11:45 AM, Eric McCorkle <eric at metricspace.net
> <mailto:eric at metricspace.net>> wrote:
>
> On 08/02/2018 12:56, Warner Losh wrote:
> >
> >
> > On Thu, Aug 2, 2018, 5:19 PM Eric McCorkle <eric at metricspace.net <mailto:eric at metricspace.net>
> > <mailto:eric at metricspace.net <mailto:eric at metricspace.net>>> wrote:
> >
> > On 08/02/2018 11:33, Brooks Davis wrote:
> > > On Thu, Aug 02, 2018 at 11:17:06AM -0400, Eric McCorkle wrote:
> > >> Hi,
> > >>
> > >> I have a few questions about how to accomplish some things with the
> > >> build system.
> > >>
> > >> First, I want to create some libraries that exist only as static
> > >> archives, meaning no shared object (ex. libsomething.a, but no
> > >> libsomething.so)
> > >
> > > If it's something for use by only the base system PRIVATELIB= will
> > > do it (and change the name to libprivatesomethi.a). If you want to be
> > > broadly available outside the base system, NO_SHARED= should do it
> > IIRC.
> >
> > If loader and kernel are able to use private libraries, then that is
> > probably better, actually.
> >
> >
> > They aren't. Src/stand depends on no objects in the system other than
> > what is built in src/stand. What you are proposing is a non-starter. The
> > loader
>
> I think you hit "send" too soon...
>
> Basically what I'm trying to do at this point is two things.
>
> First, I want to convert some certs into C declarations and embed them
> into a static library, which can in turn be used to embed them into
> applications. This is essentially the same thing that some drivers do,
> where they embed the firmware binaries directly into the driver.
>
> This is easy.
For future reference, this seems to be more or less what I'm after:
for f in /etc/trust/root/certs/*.pub.pem; do echo -n "static const char
`basename ${f%%.*}`_data[] = {"; openssl x509 -outform DER -in
/etc/trust/root/certs/local.pub.pem | hexdump -v -e '1/1 "0x%02x,"';
echo "};"; done
> Second, and a (somewhat) separate thing, I'm trying to see if I can get
> a PoC of extracting the specific primitives out of OpenSSL and using
> them in place of the current software crypto implementations in kernel
> and loader. (objcopy ought to be able to do this to a static library in
> theory)
>
> Such a strategy won't fly for various reasons. Userland, the loader and
> the kernel are all compiled with different options. You'll need to
> recompile for each and not do objcopy tricks because the current build
> model doesn't allow for that.
>
Yeah, I'd say that shipwrecks any hopes I'd had there :(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20180802/3adcc572/attachment.sig>
More information about the freebsd-hackers
mailing list