* [PATCH v2 0/2] Ease BPF signing build requirements
@ 2025-11-20 8:47 Alan Maguire
2025-11-20 8:47 ` [PATCH v2 1/2] bpftool: Allow bpftool to build with openssl < 3 Alan Maguire
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Alan Maguire @ 2025-11-20 8:47 UTC (permalink / raw)
To: qmo
Cc: ast, daniel, andrii, kpsingh, sdf, yonghong.song, song, haoluo,
jolsa, ihor.solodrai, john.fastabend, eddyz87, bpf, Alan Maguire
This series makes it easier to build bpftool and selftests with
signing support, removing reliance on >= openssl v3 (supporting
openssl v1) to build bpftool and not requiring latest xxd to
build verification cert header in selftests.
Changes since v1 [1]:
- Updated patch 2 to add symlink test_progs_verification_cert to .gitignore,
EXTRA_CLEANFILES (AI review bot)
- Added acks to patch 1 (Song, Quentin)
[1] https://lore.kernel.org/bpf/20251114222249.30122-1-alan.maguire@oracle.com/
Alan Maguire (2):
bpftool: Allow bpftool to build with openssl < 3
selftests/bpf: Allow selftests to build with older xxd
tools/bpf/bpftool/sign.c | 6 ++++++
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/Makefile | 6 ++++--
3 files changed, 11 insertions(+), 2 deletions(-)
--
2.43.5
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] bpftool: Allow bpftool to build with openssl < 3
2025-11-20 8:47 [PATCH v2 0/2] Ease BPF signing build requirements Alan Maguire
@ 2025-11-20 8:47 ` Alan Maguire
2025-11-20 8:47 ` [PATCH v2 2/2] selftests/bpf: Allow selftests to build with older xxd Alan Maguire
2025-11-24 18:30 ` [PATCH v2 0/2] Ease BPF signing build requirements patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Alan Maguire @ 2025-11-20 8:47 UTC (permalink / raw)
To: qmo
Cc: ast, daniel, andrii, kpsingh, sdf, yonghong.song, song, haoluo,
jolsa, ihor.solodrai, john.fastabend, eddyz87, bpf, Alan Maguire
ERR_get_error_all()[1] is a openssl v3 API, so to make code
compatible with openssl v1 utilize ERR_get_err_line_data
instead. Since openssl is already a build requirement for
the kernel (minimum requirement openssl 1.0.0), this will
allow bpftool to compile where opensslv3 is not available.
Signing-related BPF selftests pass with openssl v1.
[1] https://docs.openssl.org/3.4/man3/ERR_get_error/
Fixes: 40863f4d6ef2 ("bpftool: Add support for signing BPF programs")
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
Acked-by: Song Liu <song@kernel.org>
Acked-by: Quentin Monnet <qmo@kernel.org>
---
tools/bpf/bpftool/sign.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/bpf/bpftool/sign.c b/tools/bpf/bpftool/sign.c
index b34f74d210e9..f9b742f4bb10 100644
--- a/tools/bpf/bpftool/sign.c
+++ b/tools/bpf/bpftool/sign.c
@@ -28,6 +28,12 @@
#define OPEN_SSL_ERR_BUF_LEN 256
+/* Use deprecated in 3.0 ERR_get_error_line_data for openssl < 3 */
+#if !defined(OPENSSL_VERSION_MAJOR) || (OPENSSL_VERSION_MAJOR < 3)
+#define ERR_get_error_all(file, line, func, data, flags) \
+ ERR_get_error_line_data(file, line, data, flags)
+#endif
+
static void display_openssl_errors(int l)
{
char buf[OPEN_SSL_ERR_BUF_LEN];
--
2.43.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] selftests/bpf: Allow selftests to build with older xxd
2025-11-20 8:47 [PATCH v2 0/2] Ease BPF signing build requirements Alan Maguire
2025-11-20 8:47 ` [PATCH v2 1/2] bpftool: Allow bpftool to build with openssl < 3 Alan Maguire
@ 2025-11-20 8:47 ` Alan Maguire
2025-11-24 18:30 ` [PATCH v2 0/2] Ease BPF signing build requirements patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Alan Maguire @ 2025-11-20 8:47 UTC (permalink / raw)
To: qmo
Cc: ast, daniel, andrii, kpsingh, sdf, yonghong.song, song, haoluo,
jolsa, ihor.solodrai, john.fastabend, eddyz87, bpf, Alan Maguire
Currently selftests require xxd with the "-n <name>" option
which allows the user to specify a name not derived from
the input object path. Instead of relying on this newer
feature, older xxd can be used if we link our desired name
("test_progs_verification_cert") to the input object.
Many distros ship xxd in vim-common package and do not have
the latest xxd with -n support.
Fixes: b720903e2b14d ("selftests/bpf: Enable signature verification for some lskel tests")
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/Makefile | 6 ++++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore
index be1ee7ba7ce0..ca557e5668fd 100644
--- a/tools/testing/selftests/bpf/.gitignore
+++ b/tools/testing/selftests/bpf/.gitignore
@@ -23,6 +23,7 @@ test_tcpnotify_user
test_libbpf
xdping
test_cpp
+test_progs_verification_cert
*.d
*.subskel.h
*.skel.h
diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
index 34ea23c63bd5..bac22265e7ff 100644
--- a/tools/testing/selftests/bpf/Makefile
+++ b/tools/testing/selftests/bpf/Makefile
@@ -731,7 +731,8 @@ $(VERIFICATION_CERT) $(PRIVATE_KEY): $(VERIFY_SIG_SETUP)
$(Q)$(VERIFY_SIG_SETUP) genkey $(BUILD_DIR)
$(VERIFY_SIG_HDR): $(VERIFICATION_CERT)
- $(Q)xxd -i -n test_progs_verification_cert $< > $@
+ $(Q)ln -fs $< test_progs_verification_cert && \
+ xxd -i test_progs_verification_cert > $@
# Define test_progs test runner.
TRUNNER_TESTS_DIR := prog_tests
@@ -905,7 +906,8 @@ EXTRA_CLEAN := $(SCRATCH_DIR) $(HOST_SCRATCH_DIR) \
$(addprefix $(OUTPUT)/,*.o *.d *.skel.h *.lskel.h *.subskel.h \
no_alu32 cpuv4 bpf_gcc \
liburandom_read.so) \
- $(OUTPUT)/FEATURE-DUMP.selftests
+ $(OUTPUT)/FEATURE-DUMP.selftests \
+ test_progs_verification_cert
.PHONY: docs docs-clean
--
2.43.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] Ease BPF signing build requirements
2025-11-20 8:47 [PATCH v2 0/2] Ease BPF signing build requirements Alan Maguire
2025-11-20 8:47 ` [PATCH v2 1/2] bpftool: Allow bpftool to build with openssl < 3 Alan Maguire
2025-11-20 8:47 ` [PATCH v2 2/2] selftests/bpf: Allow selftests to build with older xxd Alan Maguire
@ 2025-11-24 18:30 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-11-24 18:30 UTC (permalink / raw)
To: Alan Maguire
Cc: qmo, ast, daniel, andrii, kpsingh, sdf, yonghong.song, song,
haoluo, jolsa, ihor.solodrai, john.fastabend, eddyz87, bpf
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Thu, 20 Nov 2025 08:47:52 +0000 you wrote:
> This series makes it easier to build bpftool and selftests with
> signing support, removing reliance on >= openssl v3 (supporting
> openssl v1) to build bpftool and not requiring latest xxd to
> build verification cert header in selftests.
>
> Changes since v1 [1]:
>
> [...]
Here is the summary with links:
- [v2,1/2] bpftool: Allow bpftool to build with openssl < 3
https://git.kernel.org/bpf/bpf-next/c/90ae54b4c7ec
- [v2,2/2] selftests/bpf: Allow selftests to build with older xxd
https://git.kernel.org/bpf/bpf-next/c/ad93ba02678e
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-11-24 18:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-20 8:47 [PATCH v2 0/2] Ease BPF signing build requirements Alan Maguire
2025-11-20 8:47 ` [PATCH v2 1/2] bpftool: Allow bpftool to build with openssl < 3 Alan Maguire
2025-11-20 8:47 ` [PATCH v2 2/2] selftests/bpf: Allow selftests to build with older xxd Alan Maguire
2025-11-24 18:30 ` [PATCH v2 0/2] Ease BPF signing build requirements patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox