The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=aef16fc30bb2298e65a5fcc0c503d343e428c1b2
commit aef16fc30bb2298e65a5fcc0c503d343e428c1b2
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-08-16 18:34:30 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-08-19 04:27:59 +0000
build: remove certctl requirement for host OpenSSL libs on macOS
Some platforms, like macOS, do not expose headers for the system's
libcrypto for public consumption. libcrypto is relatively heavy and
needs to know, e.g., the host system's endianness, so we scope the build
down to macOS where OpenSSL headers are known to not be present and we
can be reasonably certain that most of the systems today that would be
cross-building are little endian.
We still don't bother if building WITHOUT_OPENSSL since the end result
is expected to be used by OpenSSL, but perhaps we could revisit that
independently in case one, e.g., brings their own implementation.
Reported by: jrtc27
Reviewed by: jrtc27, ngie
Fixes: c340ef28fd38 ("certctl: Reimplement in C")
Differential Revision: https://reviews.freebsd.org/D51935
---
Makefile.inc1 | 9 ++++++++-
secure/lib/libcrypto/Makefile | 5 ++++-
secure/lib/libcrypto/Makefile.common | 2 +-
share/mk/bsd.endian.mk | 13 ++++++++++---
tools/build/Makefile | 1 +
5 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/Makefile.inc1 b/Makefile.inc1
index 3f35dafc6441..861d368af838 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -2709,8 +2709,14 @@ _basic_bootstrap_tools+=sbin/md5
_basic_bootstrap_tools+=usr.sbin/tzsetup
.endif
-# certctl is needed as an install tool
+# certctl is needed as an install tool. libcrypto is rather heavy, so we'll
+# build that alongside it only for platforms that don't expose headers for
+# OpenSSL, like macOS.
.if ${MK_CAROOT} != "no" && ${MK_OPENSSL} != "no"
+.if ${.MAKE.OS} == "Darwin"
+_bootstrap_libcrypto=secure/lib/libcrypto
+${_bt}-usr.sbin/certctl: ${_bt}-secure/lib/libcrypto
+.endif
_certctl=usr.sbin/certctl
.endif
@@ -2777,6 +2783,7 @@ bootstrap-tools: ${_bt}-links .PHONY
${_strfile} \
usr.bin/dtc \
${_cat} \
+ ${_bootstrap_libcrypto} \
${_certctl} \
${_kbdcontrol} \
${_elftoolchain_libs} \
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index e7e491124241..7e2350fb33ea 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -1,7 +1,10 @@
SHLIBDIR?= /lib
-.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS)
+.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS) && !defined(BOOTSTRAPPING)
SUBDIR= engines modules
.endif
+.ifdef BOOTSTRAPPING
+CFLAGS+= -DOPENSSL_NO_SCTP
+.endif
.include <bsd.own.mk>
.include <src.opts.mk>
diff --git a/secure/lib/libcrypto/Makefile.common
b/secure/lib/libcrypto/Makefile.common
index afcc2a48660c..ad48e2b434cf 100644
--- a/secure/lib/libcrypto/Makefile.common
+++ b/secure/lib/libcrypto/Makefile.common
@@ -6,7 +6,7 @@ CFLAGS+= -DL_ENDIAN
CFLAGS+= -DB_ENDIAN
.endif
-.ifndef WITHOUT_AUTO_ASM
+.if !defined(WITHOUT_AUTO_ASM) && !defined(BOOTSTRAPPING)
.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
ASM_${MACHINE_CPUARCH}=
diff --git a/share/mk/bsd.endian.mk b/share/mk/bsd.endian.mk
index ba662ffc7439..24da57954b5a 100644
--- a/share/mk/bsd.endian.mk
+++ b/share/mk/bsd.endian.mk
@@ -20,10 +20,17 @@ LOCALEDEF_ENDIAN= -b
#
# During bootstrapping on !FreeBSD OSes, we need to define some value. Short
of
# having an exhaustive list for all variants of Linux and MacOS we simply do
not
-# set TARGET_ENDIANNESS and poison the other variables. They should be unused
-# during the bootstrap phases (apart from one place that's adequately protected
-# in bsd.compiler.mk) where we're building the bootstrap tools.
+# set TARGET_ENDIANNESS (on Linux) and poison the other variables. They should
+# be unused during the bootstrap phases (apart from one place that's adequately
+# protected in bsd.compiler.mk) where we're building the bootstrap tools.
#
+.if ${.MAKE.OS} == "Darwin"
+# We do assume the endianness on macOS because Apple's modern hardware is all
+# little-endian. This might need revisited in the far future, but for the time
+# being Apple Silicon's reign of terror continues. We only set this one up
+# because libcrypto is now built in bootstrap.
+TARGET_ENDIANNESS= 1234
+.endif
CAP_MKDB_ENDIAN= -B # Poisoned value, invalid flags for both cap_mkdb
LOCALEDEF_ENDIAN= -B # and localedef.
.endif
diff --git a/tools/build/Makefile b/tools/build/Makefile
index 83f589ce3864..3c4e07e3cfc2 100644
--- a/tools/build/Makefile
+++ b/tools/build/Makefile
@@ -495,6 +495,7 @@ INSTALLDIR_LIST= \
bin \
lib/geom \
usr/include/casper \
+ usr/include/openssl \
usr/include/private/ucl \
usr/include/private/zstd \
usr/lib \
