LTO is enabled by default for .deb packages starting in Ubuntu
21.04^1, causing build failures on Ubuntu 22.04. Previously, we
hacked around this by compiling outside of the dpkg-buildpackage
environment^2. However, this hack stopped working when the cc crate
began emitting rerun-if-env-changed in version 1.0.74^3. Hence,
would need to set emit_rerun_if_env_changed(false) for all cc::Build
instances in aziot-key-openssl-engine-shared and its dependency graph
to restore our hack for cc > 1.0.73. This is not remotely practical.
LTO is incompatible with __asm__(".symver ..") because it uses the
linker-script-provided exported symbols to determine what is safe to
optimize out, and the linker script is naturally unaware of
manually-exported symbols. We can work around this by adding
__attribute__((used)) to the functions we want to keep in the final
object.
Another option would be to use GCC's
__attribute__((symver("..@")))[^4] directive, but this relies on too
new of a toolchain version (GCC 10).
Addendum 1: The fundamental reason for why LTO is a problem for
aziot-key-openssl-engine-shared in the first place is that this crate
uses what is, in effect, a "symbol stub" to hook Rust code into
OpenSSL's engine macros. First, build/engine.c declares the engine
function signature and uses OpenSSL's macros to expand the dynamic
engine binding. This file is then compiled (but not linked) into an
object that will become the dynamic library's public interface. The way
this is accomplished is by linking the whole object into the cdylib
(as opposed to only linking referenced functions). LTO requires us to
go one step further by preventing the linker from optimizing out symbols
not declared as globally-exported in rustc's linker script, which does
not know of the symbol declaration in the stub object. There is an open
RFC request for allowing re-export of C symbols from cdylib crates:
https://github.com/rust-lang/rfcs/issues/2771.
Addendum 2: When our supported platforms start shipping with GNU as >=
2.35 and/or Clang 13, we may want to add ,remove to the .symver
directive arguments to lift the restriction that
aziot-key-openssl-engine-shared cannot be included in tests^5.
[^4]: ..@ instead of ..@@ since we do not define a version
node name, meaning ..@@ leads to symbol duplication.
LTO is enabled by default for .deb packages starting in Ubuntu 21.04^1, causing build failures on Ubuntu 22.04. Previously, we hacked around this by compiling outside of the
dpkg-buildpackageenvironment^2. However, this hack stopped working when thecccrate began emittingrerun-if-env-changedin version1.0.74^3. Hence, would need to setemit_rerun_if_env_changed(false)for allcc::Buildinstances inaziot-key-openssl-engine-sharedand its dependency graph to restore our hack forcc > 1.0.73. This is not remotely practical.LTO is incompatible with
__asm__(".symver ..")because it uses the linker-script-provided exported symbols to determine what is safe to optimize out, and the linker script is naturally unaware of manually-exported symbols. We can work around this by adding__attribute__((used))to the functions we want to keep in the final object.Another option would be to use GCC's
__attribute__((symver("..@")))[^4] directive, but this relies on too new of a toolchain version (GCC 10).Addendum 1: The fundamental reason for why LTO is a problem for
aziot-key-openssl-engine-sharedin the first place is that this crate uses what is, in effect, a "symbol stub" to hook Rust code into OpenSSL's engine macros. First,build/engine.cdeclares the engine function signature and uses OpenSSL's macros to expand the dynamic engine binding. This file is then compiled (but not linked) into an object that will become the dynamic library's public interface. The way this is accomplished is by linking the whole object into thecdylib(as opposed to only linking referenced functions). LTO requires us to go one step further by preventing the linker from optimizing out symbols not declared as globally-exported inrustc's linker script, which does not know of the symbol declaration in the stub object. There is an open RFC request for allowing re-export of C symbols fromcdylibcrates: https://github.com/rust-lang/rfcs/issues/2771.Addendum 2: When our supported platforms start shipping with GNU as >= 2.35 and/or Clang 13, we may want to add
,removeto the.symverdirective arguments to lift the restriction thataziot-key-openssl-engine-sharedcannot be included in tests^5.[^4]:
..@instead of..@@since we do not define a version node name, meaning..@@leads to symbol duplication.