A few build system questions

Fri Aug 3 02:30:07 UTC 2018

On 08/02/2018 15:04, Warner Losh wrote:
> On Thu, Aug 2, 2018 at 11:45 AM, Eric McCorkle <eric at metricspace.net
> <mailto:eric at metricspace.net>> wrote:
> 
>     On 08/02/2018 12:56, Warner Losh wrote:
>     > 
>     > 
>     > On Thu, Aug 2, 2018, 5:19 PM Eric McCorkle <eric at metricspace.net <mailto:eric at metricspace.net>
>     > <mailto:eric at metricspace.net <mailto:eric at metricspace.net>>> wrote:
>     > 
>     >     On 08/02/2018 11:33, Brooks Davis wrote:
>     >     > On Thu, Aug 02, 2018 at 11:17:06AM -0400, Eric McCorkle wrote:
>     >     >> Hi,
>     >     >>
>     >     >> I have a few questions about how to accomplish some things with the
>     >     >> build system.
>     >     >>
>     >     >> First, I want to create some libraries that exist only as static
>     >     >> archives, meaning no shared object (ex. libsomething.a, but no
>     >     >> libsomething.so)
>     >     >
>     >     > If it's something for use by only the base system PRIVATELIB= will
>     >     > do it (and change the name to libprivatesomethi.a).  If you want to be
>     >     > broadly available outside the base system, NO_SHARED= should do it
>     >     IIRC.
>     > 
>     >     If loader and kernel are able to use private libraries, then that is
>     >     probably better, actually.
>     > 
>     > 
>     > They aren't.  Src/stand depends on no objects in the system other than
>     > what is built in src/stand. What you are proposing is a non-starter. The
>     > loader
> 
>     I think you hit "send" too soon...
> 
>     Basically what I'm trying to do at this point is two things.
> 
>     First, I want to convert some certs into C declarations and embed them
>     into a static library, which can in turn be used to embed them into
>     applications.  This is essentially the same thing that some drivers do,
>     where they embed the firmware binaries directly into the driver.
> 
> This is easy.

For future reference, this seems to be more or less what I'm after:

for f in /etc/trust/root/certs/*.pub.pem; do echo -n "static const char
`basename ${f%%.*}`_data[] = {"; openssl x509 -outform DER -in
/etc/trust/root/certs/local.pub.pem |  hexdump -v -e '1/1 "0x%02x,"';
echo "};"; done

>     Second, and a (somewhat) separate thing, I'm trying to see if I can get
>     a PoC of extracting the specific primitives out of OpenSSL and using
>     them in place of the current software crypto implementations in kernel
>     and loader.  (objcopy ought to be able to do this to a static library in
>     theory)
> 
> Such a strategy won't fly for various reasons. Userland, the loader and
> the kernel are all compiled with different options. You'll need to
> recompile for each and not do objcopy tricks because the current build
> model doesn't allow for that.
> 

Yeah, I'd say that shipwrecks any hopes I'd had there :(

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20180802/3adcc572/attachment.sig>