treewide: add openssl
openssl is required for building the linux kernel.
Change-Id: Ic855e767b167b1ac3f3172e47e0f42e4f2f35252
Reviewed-on: https://review.monogon.dev/c/monogon/+/4255
Tested-by: Jenkins CI
Reviewed-by: Jan Schär <jan@monogon.tech>
diff --git a/MODULE.bazel b/MODULE.bazel
index 7291e04..18ffee5 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -55,6 +55,16 @@
version = RULES_RUST_VERSION,
)
+bazel_dep(name = "openssl")
+single_version_override(
+ module_name = "openssl",
+ patch_strip = 1,
+ patches = [
+ "//third_party/openssl/patches:force-gnuas.patch",
+ ],
+ version = "3.3.1.bcr.1",
+)
+
bazel_dep(name = "rules_rust_protobuf", version = RULES_RUST_VERSION)
bazel_dep(name = "rules_rust_mdbook", version = RULES_RUST_VERSION)
bazel_dep(name = "libuuid")
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
index d426c59..fa4d6ba 100644
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
@@ -82,6 +82,8 @@
"https://bcr.bazel.build/modules/libuuid/2.39.3.bcr.1/source.json": "07f9b555a5e4d5e3443bc85e01d43e6644ef88183b2473c606fa26aeb132b982",
"https://bcr.bazel.build/modules/nlohmann_json/3.6.1/MODULE.bazel": "6f7b417dcc794d9add9e556673ad25cb3ba835224290f4f848f8e2db1e1fca74",
"https://bcr.bazel.build/modules/nlohmann_json/3.6.1/source.json": "f448c6e8963fdfa7eb831457df83ad63d3d6355018f6574fb017e8169deb43a9",
+ "https://bcr.bazel.build/modules/openssl/3.3.1.bcr.1/MODULE.bazel": "49c0c07e8fb87b480bccb842cfee1b32617f11dac590f732573c69058699a3d1",
+ "https://bcr.bazel.build/modules/openssl/3.3.1.bcr.1/source.json": "0c0872e048bbea052a9c541fb47019481a19201ba5555a71d762ad591bf94e1f",
"https://bcr.bazel.build/modules/package_metadata/0.0.2/MODULE.bazel": "fb8d25550742674d63d7b250063d4580ca530499f045d70748b1b142081ebb92",
"https://bcr.bazel.build/modules/package_metadata/0.0.2/source.json": "e53a759a72488d2c0576f57491ef2da0cf4aab05ac0997314012495935531b73",
"https://bcr.bazel.build/modules/pcre2/10.46-DEV/MODULE.bazel": "c3c40175cd5e383f02bcfb2d484560461c5ef11e5d52bfc09c7398486c2cbaa6",
diff --git a/third_party/BUILD.bazel b/third_party/BUILD.bazel
index 2146c53..6a10cab 100644
--- a/third_party/BUILD.bazel
+++ b/third_party/BUILD.bazel
@@ -1,12 +1,14 @@
+load("//build/cc_static_library_with_headers:def.bzl", "cc_static_library_with_headers")
load("//osbase/build/fwprune:def.bzl", "fsspec_linux_firmware")
load("//osbase/build/mkucode:def.bzl", "cpio_ucode")
+package(default_visibility = ["//visibility:public"])
+
fsspec_linux_firmware(
name = "firmware",
firmware_files = ["@linux-firmware//:all_files"],
kernel = "//third_party/linux",
metadata = "@linux-firmware//:metadata",
- visibility = ["//visibility:public"],
)
cpio_ucode(
@@ -15,5 +17,14 @@
"@linux-firmware//:amd_ucode": "AuthenticAMD",
"@intel_ucode//:fam6h": "GenuineIntel",
},
- visibility = ["//visibility:public"],
+)
+
+cc_static_library_with_headers(
+ name = "openssl_ssl",
+ dep = "@openssl//:ssl",
+)
+
+cc_static_library_with_headers(
+ name = "openssl_crypto",
+ dep = "@openssl//:crypto",
)
diff --git a/third_party/openssl/patches/BUILD.bazel b/third_party/openssl/patches/BUILD.bazel
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/third_party/openssl/patches/BUILD.bazel
diff --git a/third_party/openssl/patches/force-gnuas.patch b/third_party/openssl/patches/force-gnuas.patch
new file mode 100644
index 0000000..5a81cee
--- /dev/null
+++ b/third_party/openssl/patches/force-gnuas.patch
@@ -0,0 +1,13 @@
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -119,8 +119,9 @@
+ =~ /nvc .*/)
+ {
+ $gnuas=1;
+ }
++$gnuas=1;
+
+ my $cet_property;
+ if ($flavour =~ /elf/) {
+ # Always generate .note.gnu.property section for ELF outputs to