1. Patchew
  2. linux
  3. View series

[PATCH bpf-next v2] bpftool: Resolve libcrypto link flags via pkg-config

hadrien Patte posted 1 patch 1 month, 1 week ago 
tools/bpf/bpftool/Makefile | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
[PATCH bpf-next v2] bpftool: Resolve libcrypto link flags via pkg-config
Posted by hadrien Patte 1 month, 1 week ago 
From: Hadrien Patte <hadrien.patte@protonmail.com>

When building bpftool with EXTRA_LDFLAGS=-static on Ubuntu 26.04
(OpenSSL 3.5.5), the link fails because libcrypto.a references
libjitterentropy symbols, which are not on the link line:

  LINK     bpftool
  /usr/bin/ld: libcrypto.a(libdefault-lib-seed_src_jitter.o):
    in function `ossl_prov_acquire_entropy_from_jitter':
    (.text+0x11c): undefined reference to `jent_entropy_collector_alloc'
    (.text+0x130): undefined reference to `jent_read_entropy'
    (.text+0x13c): undefined reference to `jent_entropy_collector_free'
  /usr/bin/ld: libcrypto.a(libdefault-lib-seed_src_jitter.o):
    in function `jitter_instantiate':
    (.text+0x61c): undefined reference to `jent_entropy_init_ex'
  collect2: error: ld returned 1 exit status

The set of transitive dependencies pulled in by libcrypto.a varies
across distributions and OpenSSL builds (cf. commit 08a749184322
("bpftool: Fix dependencies for static build"), which addressed a
similar libz ordering issue), so hard-coding them in the Makefile is
fragile.

Resolve libcrypto's link flags via pkg-config, which knows about
these transitive deps. Pass --static when the user requested a static
build via EXTRA_LDFLAGS=-static so pkg-config emits the static link
line (e.g. "-lcrypto -l:libjitterentropy.a -lz -lzstd -ldl -pthread"
on Ubuntu 26.04).

Resolve libcrypto separately for the target binary (built with
$(CC)) and the bootstrap host tool (built with $(HOSTCC)), using
$(PKG_CONFIG) and $(HOSTPKG_CONFIG) respectively, so cross-compile
setups pick up the correct architecture-specific dependencies. This
follows the pattern already established in
tools/bpf/resolve_btfids/Makefile.

pkg-config remains optional: if the tool is not available, fall back
to plain -lcrypto, mirroring the up-front probe pattern used by
libbpf's standalone Makefile. This preserves the previous build
behavior for environments where pkg-config is not installed.

Signed-off-by: Hadrien Patte <hadrien.patte@protonmail.com>
---

Notes:
    Changes since v1:
     - Probe for pkg-config availability up front and fall back to plain -lcrypto
       when it isn't installed, mirroring the optional pkg-config pattern in
       libbpf/src/Makefile. This preserves the previous build behavior for
       environments without pkg-config.
     - Use $(PKG_CONFIG) and $(HOSTPKG_CONFIG) (with $(CROSS_COMPILE)pkg-config
       defaults) instead of invoking pkg-config directly, so cross-compile builds
       query the correct sysroot.
     - Resolve libcrypto separately for the target (CRYPTO_LIBS, used by LIBS) and
       the bootstrap host tool (CRYPTO_LIBS_BOOTSTRAP, used by LIBS_BOOTSTRAP);
       the bootstrap binary is built with $(HOSTCC) and may need different deps
       than the target binary in cross-compile setups.
     - Use $(filter -static,...) instead of $(findstring -static,...) so flags
       like -static-libasan or library paths containing 'static' don't cause
       false positives.
     - Link to v1: https://lore.kernel.org/bpf/20260501175829.9833-1-hadrien.patte@protonmail.com/

 tools/bpf/bpftool/Makefile | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile
index 0febf60e1b64..455508d4f654 100644
--- a/tools/bpf/bpftool/Makefile
+++ b/tools/bpf/bpftool/Makefile
@@ -103,7 +103,35 @@ SKIP_LLVM ?=
 SKIP_LIBBFD ?=
 SKIP_CRYPTO ?=
 ifneq ($(SKIP_CRYPTO),1)
-  CRYPTO_LIBS := -lcrypto
+  PKG_CONFIG ?= $(CROSS_COMPILE)pkg-config
+  HOSTPKG_CONFIG ?= pkg-config
+
+  ifeq ($(shell command -v $(PKG_CONFIG) 2>/dev/null),)
+    NO_PKG_CONFIG := 1
+  endif
+  ifeq ($(shell command -v $(HOSTPKG_CONFIG) 2>/dev/null),)
+    NO_HOSTPKG_CONFIG := 1
+  endif
+
+  # Resolve libcrypto link flags via pkg-config when available, so transitive
+  # dependencies (e.g. libjitterentropy on distros where libcrypto.a
+  # references it) are included for static builds. Pass --static when the
+  # user requested a static build via EXTRA_LDFLAGS=-static.
+  ifneq ($(filter -static,$(EXTRA_LDFLAGS)),)
+    PKG_CONFIG_LIBCRYPTO := --libs --static libcrypto
+  else
+    PKG_CONFIG_LIBCRYPTO := --libs libcrypto
+  endif
+
+  ifndef NO_PKG_CONFIG
+    CRYPTO_LIBS := $(shell $(PKG_CONFIG) $(PKG_CONFIG_LIBCRYPTO) 2>/dev/null)
+  endif
+  CRYPTO_LIBS := $(if $(CRYPTO_LIBS),$(CRYPTO_LIBS),-lcrypto)
+
+  ifndef NO_HOSTPKG_CONFIG
+    CRYPTO_LIBS_BOOTSTRAP := $(shell $(HOSTPKG_CONFIG) $(PKG_CONFIG_LIBCRYPTO) 2>/dev/null)
+  endif
+  CRYPTO_LIBS_BOOTSTRAP := $(if $(CRYPTO_LIBS_BOOTSTRAP),$(CRYPTO_LIBS_BOOTSTRAP),-lcrypto)
 endif
 
 FEATURE_TESTS := clang-bpf-co-re
@@ -140,7 +168,7 @@ endif
 endif
 
 LIBS = $(LIBBPF) -lelf $(CRYPTO_LIBS) -lz
-LIBS_BOOTSTRAP = $(LIBBPF_BOOTSTRAP) -lelf $(CRYPTO_LIBS) -lz
+LIBS_BOOTSTRAP = $(LIBBPF_BOOTSTRAP) -lelf $(CRYPTO_LIBS_BOOTSTRAP) -lz
 
 ifeq ($(feature-libelf-zstd),1)
 LIBS += -lzstd
-- 
2.54.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.