[PATCH] mkimage: ecdsa: resolve duplicate symbol error on macOS
Tom Rini
trini at konsulko.com
Sun Nov 17 18:51:09 CET 2024
On Sun, Nov 17, 2024 at 05:57:04PM +0100, Nick Hainke wrote:
> When building `mkimage` with LibreSSL version 3.7.3 or higher on macOS,
> CI tests in OpenWrt encounter linker errors caused by duplicate symbols.
> Specifically, the `_ecdsa_verify` and `_ecdsa_sign` symbols appear in both
> `ecdsa-libcrypto.o` and `libcrypto.a`, leading to errors such as:
>
> ```
> duplicate symbol '_ecdsa_verify' in:
> openwrt/build_dir/host/u-boot-2024.01/tools/generated/lib/ecdsa/ecdsa-libcrypto.o
> openwrt/staging_dir/host/lib/libcrypto.a[249](libcrypto_la-ecdsa.o)
> duplicate symbol '_ecdsa_sign' in:
> openwrt/build_dir/host/u-boot-2024.01/tools/generated/lib/ecdsa/ecdsa-libcrypto.o
> openwrt/staging_dir/host/lib/libcrypto.a[249](libcrypto_la-ecdsa.o)
> ld: 2 duplicate symbols
> ```
>
> The changes in this commit that address this issue were originally written
> by another developer, Linhui Liu, who decided not to send them upstream,
> instead submitting a downstream patch as a PR for OpenWrt.
>
> Given the sensitive nature of cryptographic code, I sought feedback from
> the project maintainers to ensure correctness and encourage the author to
> submit the fix upstream.
>
> Because no action was taken and the original author has been absent for
> several months, the OpenWrt project worked around the issue by holding
> back LibreSSL at a version below 3.7.3. However, we now aim to bump
> LibreSSL to a newer version, making it necessary to apply and upstream
> this fix.
>
> Link: https://github.com/openwrt/openwrt/pull/12799
> Link: https://github.com/openwrt/openwrt/pull/16901
>
> Signed-off-by: Nick Hainke <vincent at systemli.org>
> Cc: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> Cc: Matthias Pritschet <matthias.pritschet at itk-engineering.de>
> Cc: Simon Glass <sjg at chromium.org>
Can we get a bit more build log context please? I'm confused since the
LibreSSL API isn't "ecdsa_sign" and we shouldn't conflict with some
internal function there? A "make V=1 tools-only_config tools-only" build
from the failing environment would be very helpful. Thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20241117/cf497084/attachment.sig>
More information about the U-Boot
mailing list