Date: Thu, 2 Aug 2018 22:29:59 -0400 From: Eric McCorkle <eric@metricspace.net> To: Warner Losh <imp@bsdimp.com> Cc: Brooks Davis <brooks@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: A few build system questions Message-ID: <9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8@metricspace.net> In-Reply-To: <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU%2Bb0uzfjZkpA__%2B=DjA@mail.gmail.com> References: <bedd6e76-bbe4-7690-70ed-041bbe7970f7@metricspace.net> <20180802153357.GA25687@spindle.one-eyed-alien.net> <7f143985-2ebb-210a-e314-0deebd3d9f5b@metricspace.net> <CANCZdfpACQP6gypGm_Jp1qQxMpTZT7XoUJnZPQMt7M46cgiqhQ@mail.gmail.com> <7a14aee9-8205-4fc7-a7a0-a9ed2f33751d@metricspace.net> <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU%2Bb0uzfjZkpA__%2B=DjA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us
Content-Type: multipart/mixed; boundary="jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C";
protected-headers="v1"
From: Eric McCorkle <eric@metricspace.net>
To: Warner Losh <imp@bsdimp.com>
Cc: Brooks Davis <brooks@freebsd.org>,
FreeBSD Hackers <freebsd-hackers@freebsd.org>
Message-ID: <9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8@metricspace.net>
Subject: Re: A few build system questions
References: <bedd6e76-bbe4-7690-70ed-041bbe7970f7@metricspace.net>
<20180802153357.GA25687@spindle.one-eyed-alien.net>
<7f143985-2ebb-210a-e314-0deebd3d9f5b@metricspace.net>
<CANCZdfpACQP6gypGm_Jp1qQxMpTZT7XoUJnZPQMt7M46cgiqhQ@mail.gmail.com>
<7a14aee9-8205-4fc7-a7a0-a9ed2f33751d@metricspace.net>
<CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU+b0uzfjZkpA__+=DjA@mail.gmail.com>
In-Reply-To: <CANCZdfqFJs_dTc1gXf8=5ZcC=C9HghHU+b0uzfjZkpA__+=DjA@mail.gmail.com>
--jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 08/02/2018 15:04, Warner Losh wrote:
> On Thu, Aug 2, 2018 at 11:45 AM, Eric McCorkle <eric@metricspace.net
> <mailto:eric@metricspace.net>> wrote:
>=20
> On 08/02/2018 12:56, Warner Losh wrote:
> >=20
> >=20
> > On Thu, Aug 2, 2018, 5:19 PM Eric McCorkle <eric@metricspace.net =
<mailto:eric@metricspace.net>
> > <mailto:eric@metricspace.net <mailto:eric@metricspace.net>>> wrot=
e:
> >=20
> >=C2=A0 =C2=A0 =C2=A0On 08/02/2018 11:33, Brooks Davis wrote:
> >=C2=A0 =C2=A0 =C2=A0> On Thu, Aug 02, 2018 at 11:17:06AM -0400, Er=
ic McCorkle wrote:
> >=C2=A0 =C2=A0 =C2=A0>> Hi,
> >=C2=A0 =C2=A0 =C2=A0>>
> >=C2=A0 =C2=A0 =C2=A0>> I have a few questions about how to accompl=
ish some things with the
> >=C2=A0 =C2=A0 =C2=A0>> build system.
> >=C2=A0 =C2=A0 =C2=A0>>
> >=C2=A0 =C2=A0 =C2=A0>> First, I want to create some libraries that=
exist only as static
> >=C2=A0 =C2=A0 =C2=A0>> archives, meaning no shared object (ex. lib=
something.a, but no
> >=C2=A0 =C2=A0 =C2=A0>> libsomething.so)
> >=C2=A0 =C2=A0 =C2=A0>
> >=C2=A0 =C2=A0 =C2=A0> If it's something for use by only the base s=
ystem PRIVATELIB=3D will
> >=C2=A0 =C2=A0 =C2=A0> do it (and change the name to libprivatesome=
thi.a).=C2=A0 If you want to be
> >=C2=A0 =C2=A0 =C2=A0> broadly available outside the base system, N=
O_SHARED=3D should do it
> >=C2=A0 =C2=A0 =C2=A0IIRC.
> >=20
> >=C2=A0 =C2=A0 =C2=A0If loader and kernel are able to use private l=
ibraries, then that is
> >=C2=A0 =C2=A0 =C2=A0probably better, actually.
> >=20
> >=20
> > They aren't.=C2=A0 Src/stand depends on no objects in the system =
other than
> > what is built in src/stand. What you are proposing is a non-start=
er. The
> > loader
>=20
> I think you hit "send" too soon...
>=20
> Basically what I'm trying to do at this point is two things.
>=20
> First, I want to convert some certs into C declarations and embed t=
hem
> into a static library, which can in turn be used to embed them into=
> applications.=C2=A0 This is essentially the same thing that some dr=
ivers do,
> where they embed the firmware binaries directly into the driver.
>=20
> This is easy.
For future reference, this seems to be more or less what I'm after:
for f in /etc/trust/root/certs/*.pub.pem; do echo -n "static const char
`basename ${f%%.*}`_data[] =3D {"; openssl x509 -outform DER -in
/etc/trust/root/certs/local.pub.pem | hexdump -v -e '1/1 "0x%02x,"';
echo "};"; done
> Second, and a (somewhat) separate thing, I'm trying to see if I can=
get
> a PoC of extracting the specific primitives out of OpenSSL and usin=
g
> them in place of the current software crypto implementations in ker=
nel
> and loader.=C2=A0 (objcopy ought to be able to do this to a static =
library in
> theory)
>=20
> Such a strategy won't fly for various reasons. Userland, the loader and=
> the kernel are all compiled with different options. You'll need to
> recompile for each and not do objcopy tricks because the current build
> model doesn't allow for that.
>=20
Yeah, I'd say that shipwrecks any hopes I'd had there :(
--jddM8aLdOHpkNQ0PjYirQ4Eah0klwzG4C--
--JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQPGL/SuSPN3pRzpwUI38IpFsHCbAUCW2O+JwAKCRAI38IpFsHC
bMKeAP4y0OfomjWNy73Iaw0nDynjYLXVAjpNbdW5ABg54NNe5QEA6JYeTppaHyUg
gv2OZFlq3KM7r8J6g9XG+vF9AxkXJgE=
=vx61
-----END PGP SIGNATURE-----
--JqaR5W3ewElEK0x1BT6GZzF4B12xrh8Us--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9c3f08be-2a76-a726-16b2-c1e6a1aa4aa8>