From a95b3ad60252f636dea9edca8d83fed34d5a67a7 Mon Sep 17 00:00:00 2001
From: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Date: Wed, 16 Dec 2020 14:26:17 +0100
Subject: [PATCH] trustfence-cst: build CST using libcrypto from SDK

CST was being built linking to the openssl libcrypto library from the host.
When the openssl version in the host didn't match the version in the SDK,
the SDK build failed like this:

Error:
 Problem 1: package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
  - conflicting requests
  - nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
 Problem 2: package nativesdk-packagegroup-qt5-toolchain-host-1.0-r0.0.x86_64_nativesdk requires nativesdk-packagegroup-sdk-host, but none of the providers can be installed
  - package nativesdk-packagegroup-sdk-host-1.0-r12.0.x86_64_nativesdk requires nativesdk-trustfence-cst, but none of the providers can be installed
  - conflicting requests
  - nothing provides libcrypto.so.1.0.0()(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.0)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk
  - nothing provides libcrypto.so.1.0.0(OPENSSL_1.0.1)(64bit) needed by nativesdk-trustfence-cst-3.3.1-r0.0.x86_64_nativesdk

Fix that by adding the native dependencies include and lib folders to
the CST build. Also add openssl-native as a dependency for the SDK build,
otherwise it wont link to the SDK libcrypto library.

Additionally, to allow running CST in a host machine where the openssl version
does not match the version in the SDK, libcrypto library is statically linked.

https://jira.digi.com/browse/DEL-7346

Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
---
 .../trustfence-cst/trustfence-cst.inc         |  7 ++++-
 ...7-Makefile-statically-link-libcrypto.patch | 27 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0007-Makefile-statically-link-libcrypto.patch

diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
index dae46cd48..e7e038103 100644
--- a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst.inc
@@ -10,7 +10,9 @@ DEPENDS = "openssl byacc flex"
 # Explicitly add byacc-native as a dependency when building the package for the
 # SDK, otherwise, it won't get installed in the sysroot, causing a compilation
 # error.
-DEPENDS_append_class-nativesdk = " byacc-native"
+# Explicitly add openssl-native for the SDK build to correctly link to the
+# openssl libraries in the native dependencies folder.
+DEPENDS_append_class-nativesdk = " byacc-native openssl-native"
 
 SRC_URI = " \
     ${@oe.utils.conditional('TRUSTFENCE_SIGN', '1', 'file://cst-${PV}.tgz', '', d)} \
@@ -20,6 +22,7 @@ SRC_URI = " \
     file://0004-hab4_pki_tree.sh-usa-a-random-password-for-the-defau.patch \
     file://0005-ahab_pki_tree.sh-automate-script.patch \
     file://0006-ahab_pki_tree.sh-use-a-random-password-for-the-defau.patch \
+    file://0007-Makefile-statically-link-libcrypto.patch \
 "
 
 # Usually local files (with file:// protocol) are not checked for
@@ -36,6 +39,8 @@ python() {
 S = "${WORKDIR}/cst-${PV}/"
 
 do_compile() {
+	export LDLIBPATH=-L${WORKDIR}/recipe-sysroot-native/usr/lib
+	export COPTIONS=-I${WORKDIR}/recipe-sysroot-native/usr/include
 	cd ${S}/code/cst
 	oe_runmake OSTYPE=linux64 clean
 	oe_runmake OSTYPE=linux64 rel_bin
diff --git a/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0007-Makefile-statically-link-libcrypto.patch b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0007-Makefile-statically-link-libcrypto.patch
new file mode 100644
index 000000000..8cdde4006
--- /dev/null
+++ b/meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst/0007-Makefile-statically-link-libcrypto.patch
@@ -0,0 +1,27 @@
+From: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
+Date: Tue, 15 Dec 2020 17:01:45 +0100
+Subject: [PATCH] Makefile: statically link libcrypto
+
+Statically link libcrypto so the host machine does not require to have
+installed the same openssl version that was used to build the binaries.
+
+This requires dynamically linking the libpthread and libdl libraries.
+
+Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
+---
+ code/cst/code/build/make/gcc.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/code/cst/code/build/make/gcc.mk b/code/cst/code/build/make/gcc.mk
+index 0394f5a..cc57f6b 100755
+--- a/code/cst/code/build/make/gcc.mk
++++ b/code/cst/code/build/make/gcc.mk
+@@ -28,7 +28,7 @@ COPTIONS += -std=c99 -D_POSIX_C_SOURCE=200809L -Wall -Werror -pedantic -fPIC -g
+ #==============================================================================
+ LDOPTIONS += -g
+ 
+-LDLIBS := -lcrypto
++LDLIBS := -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lpthread -ldl
+ 
+ # Archiver flags
+ #==============================================================================