Date: Thu, 2 Aug 2018 22:29:59 -0400 From: Eric McCorkle <eric@metricspace.net> To: Warner Losh <imp@bsdimp.com> Cc: Brooks Davis <brooks@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: A few build system questions Message-ID: <9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8@metricspace.net> In-Reply-To: <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU%2Bb0uzfjZkpA__%2B=DjA@mail.gmail.com> References: <bedd6e76-bbe4-7690-70ed-041bbe7970f7@metricspace.net> <20180802153357.GA25687@spindle.one-eyed-alien.net> <7f143985-2ebb-210a-e314-0deebd3d9f5b@metricspace.net> <CANCZdfpACQP6gypGm_Jp1qQxMpTZT7XoUJnZPQMt7M46cgiqhQ@mail.gmail.com> <7a14aee9-8205-4fc7-a7a0-a9ed2f33751d@metricspace.net> <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU%2Bb0uzfjZkpA__%2B=DjA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us Content-Type: multipart/mixed; boundary="jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C"; protected-headers="v1" From: Eric McCorkle <eric@metricspace.net> To: Warner Losh <imp@bsdimp.com> Cc: Brooks Davis <brooks@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Message-ID: <9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8@metricspace.net> Subject: Re: A few build system questions References: <bedd6e76-bbe4-7690-70ed-041bbe7970f7@metricspace.net> <20180802153357.GA25687@spindle.one-eyed-alien.net> <7f143985-2ebb-210a-e314-0deebd3d9f5b@metricspace.net> <CANCZdfpACQP6gypGm_Jp1qQxMpTZT7XoUJnZPQMt7M46cgiqhQ@mail.gmail.com> <7a14aee9-8205-4fc7-a7a0-a9ed2f33751d@metricspace.net> <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU+b0uzfjZkpA__+=DjA@mail.gmail.com> In-Reply-To: <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU+b0uzfjZkpA__+=DjA@mail.gmail.com> --jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 08/02/2018 15:04, Warner Losh wrote: > On Thu, Aug 2, 2018 at 11:45 AM, Eric McCorkle <eric@metricspace.net > <mailto:eric@metricspace.net>> wrote: >=20 > On 08/02/2018 12:56, Warner Losh wrote: > >=20 > >=20 > > On Thu, Aug 2, 2018, 5:19 PM Eric McCorkle <eric@metricspace.net = <mailto:eric@metricspace.net> > > <mailto:eric@metricspace.net <mailto:eric@metricspace.net>>> wrot= e: > >=20 > >=C2=A0 =C2=A0 =C2=A0On 08/02/2018 11:33, Brooks Davis wrote: > >=C2=A0 =C2=A0 =C2=A0> On Thu, Aug 02, 2018 at 11:17:06AM -0400, Er= ic McCorkle wrote: > >=C2=A0 =C2=A0 =C2=A0>> Hi, > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>> I have a few questions about how to accompl= ish some things with the > >=C2=A0 =C2=A0 =C2=A0>> build system. > >=C2=A0 =C2=A0 =C2=A0>> > >=C2=A0 =C2=A0 =C2=A0>> First, I want to create some libraries that= exist only as static > >=C2=A0 =C2=A0 =C2=A0>> archives, meaning no shared object (ex. lib= something.a, but no > >=C2=A0 =C2=A0 =C2=A0>> libsomething.so) > >=C2=A0 =C2=A0 =C2=A0> > >=C2=A0 =C2=A0 =C2=A0> If it's something for use by only the base s= ystem PRIVATELIB=3D will > >=C2=A0 =C2=A0 =C2=A0> do it (and change the name to libprivatesome= thi.a).=C2=A0 If you want to be > >=C2=A0 =C2=A0 =C2=A0> broadly available outside the base system, N= O_SHARED=3D should do it > >=C2=A0 =C2=A0 =C2=A0IIRC. > >=20 > >=C2=A0 =C2=A0 =C2=A0If loader and kernel are able to use private l= ibraries, then that is > >=C2=A0 =C2=A0 =C2=A0probably better, actually. > >=20 > >=20 > > They aren't.=C2=A0 Src/stand depends on no objects in the system = other than > > what is built in src/stand. What you are proposing is a non-start= er. The > > loader >=20 > I think you hit "send" too soon... >=20 > Basically what I'm trying to do at this point is two things. >=20 > First, I want to convert some certs into C declarations and embed t= hem > into a static library, which can in turn be used to embed them into= > applications.=C2=A0 This is essentially the same thing that some dr= ivers do, > where they embed the firmware binaries directly into the driver. >=20 > This is easy. For future reference, this seems to be more or less what I'm after: for f in /etc/trust/root/certs/*.pub.pem; do echo -n "static const char `basename ${f%%.*}`_data[] =3D {"; openssl x509 -outform DER -in /etc/trust/root/certs/local.pub.pem | hexdump -v -e '1/1 "0x%02x,"'; echo "};"; done > Second, and a (somewhat) separate thing, I'm trying to see if I can= get > a PoC of extracting the specific primitives out of OpenSSL and usin= g > them in place of the current software crypto implementations in ker= nel > and loader.=C2=A0 (objcopy ought to be able to do this to a static = library in > theory) >=20 > Such a strategy won't fly for various reasons. Userland, the loader and= > the kernel are all compiled with different options. You'll need to > recompile for each and not do objcopy tricks because the current build > model doesn't allow for that. >=20 Yeah, I'd say that shipwrecks any hopes I'd had there :( --jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C-- --JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQPGL/SuSPN3pRzpwUI38IpFsHCbAUCW2O+JwAKCRAI38IpFsHC bMKeAP4y0OfomjWNy73Iaw0nDynjYLXVAjpNbdW5ABg54NNe5QEA6JYeTppaHyUg gv2OZFlq3KM7r8J6g9XG+vF9AxkXJgE= =vx61 -----END PGP SIGNATURE----- --JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8>