diff --git a/Makefile b/Makefile index 6d9166166..65ba72205 100644 --- a/Makefile +++ b/Makefile @@ -310,14 +310,7 @@ deb: dist cp -R contrib/debian /tmp/aziot-identity-service-$(PACKAGE_VERSION)/ sed -i -e 's/@version@/$(PACKAGE_VERSION)/g; s/@release@/$(PACKAGE_RELEASE)/g' /tmp/aziot-identity-service-$(PACKAGE_VERSION)/debian/changelog - # Build package - # Note: This builds the `default` target before the normal Debian packaging (instead - # of as part of it) to workaround linker errors on Ubuntu 22.04 when building - # aziot-key-openssl-engine-shared. The extra flags to dpkg-buildpackage are to - # circumvent the default clean and to ignore build artifacts that will already exist. - cd /tmp/aziot-identity-service-$(PACKAGE_VERSION) && \ - make RELEASE=1 V=1 ARCH=$(ARCH) && \ - dpkg-buildpackage -us -uc $(DPKG_ARCH_FLAGS) -nc -tc -F -I=vendor -I=target --source-option=--extend-diff-ignore="target|vendor|third-party|keys\.generated\.rs" + cd /tmp/aziot-identity-service-$(PACKAGE_VERSION) && dpkg-buildpackage -us -uc $(DPKG_ARCH_FLAGS) # rpm # diff --git a/ci/install-build-deps.sh b/ci/install-build-deps.sh index ce822a4c1..296916c94 100755 --- a/ci/install-build-deps.sh +++ b/ci/install-build-deps.sh @@ -16,7 +16,7 @@ case "$OS:$ARCH" in yum install -y centos-release-scl epel-release yum install -y \ - autoconf autoconf-archive automake clang curl devtoolset-9-gcc devtoolset-9-gcc-c++ \ + autoconf autoconf-archive automake curl devtoolset-9-gcc devtoolset-9-gcc-c++ \ git jq libcurl-devel libtool llvm-toolset-7-clang llvm-toolset-7-llvm-devel \ make openssl openssl-devel pkgconfig diff --git a/key/aziot-key-openssl-engine-shared/build/engine.c b/key/aziot-key-openssl-engine-shared/build/engine.c index 84240f0fa..47ced7bef 100644 --- a/key/aziot-key-openssl-engine-shared/build/engine.c +++ b/key/aziot-key-openssl-engine-shared/build/engine.c @@ -14,12 +14,19 @@ int aziot_key_openssl_engine_shared_bind(ENGINE* e, const char* id); * So the bind_engine and v_check functions generated by these two macros will not actually be exported by the final cdylib. It's not possible * to provide a custom version script via `cargo:rustc-cdylib-link-arg` because it conflicts with the one generated by rustc. * - * So we have to use the other way mentioned by `ld`'s docs, `__asm__(".symver")` + * So we have to use the other way mentioned by `ld`'s docs[1], `__asm__(".symver")`. We also need to add `__attribute__((used))` since otherwise + * the versioned symbol is optimized out by LTO. * * Unfortunately this trick means this crate cannot be compiled for tests since the linker will see duplicate symbols, so every invocation of - * `cargo test --all` or `cargo clippy --tests --all` has to also exclude this crate with `--exclude`. + * `cargo test --all` or `cargo clippy --tests --all` has to also exclude this crate with `--exclude`. When all of our platforms provide + * GNU as >= 2.35 and/or Clang >= 13, we can lift this restriction by appending `,remove` to the `.symver` directive arguments[2]. + * + * [1]: https://sourceware.org/binutils/docs/ld/VERSION.html + * [2]: https://maskray.me/blog/2020-11-26-all-about-symbol-versioning */ +__attribute__((used)) IMPLEMENT_DYNAMIC_BIND_FN(aziot_key_openssl_engine_shared_bind); __asm__(".symver bind_engine,bind_engine@@"); +__attribute__((used)) IMPLEMENT_DYNAMIC_CHECK_FN(); __asm__(".symver v_check,v_check@@"); diff --git a/key/aziot-key-openssl-engine-shared/build/main.rs b/key/aziot-key-openssl-engine-shared/build/main.rs index b6463cd66..79507ba04 100644 --- a/key/aziot-key-openssl-engine-shared/build/main.rs +++ b/key/aziot-key-openssl-engine-shared/build/main.rs @@ -4,7 +4,7 @@ #![warn(clippy::all, clippy::pedantic)] fn main() { - println!("cargo:rerun-if-changed=build/engine.c"); + println!("cargo:rerun-if-changed=build/"); openssl_build::define_version_number_cfg(); @@ -13,13 +13,7 @@ fn main() { // Since we are going to use the generated archive in a shared // library, we need +whole-archive to be set. See: // https://github.com/rust-lang/rust/blob/1.61.0/RELEASES.md#compatibility-notes - .cargo_metadata(false) + .link_lib_modifier("+whole-archive") .file("build/engine.c") .compile("aziot_key_openssl_shared_engine_wrapper"); - - println!("cargo:rustc-link-lib=static:+whole-archive=aziot_key_openssl_shared_engine_wrapper"); - println!( - "cargo:rustc-link-search=native={}", - std::env::var("OUT_DIR").unwrap() - ); }