Commit be7a0ac
statically link build tools for boringssl (#43589)
When building Envoy with BoringSSL FIPS support using container-based
builds, the ninja binary built during the BoringSSL FIPS compilation
process fails to execute with the error:
./ninja: error while loading shared libraries: libc++.so.1: cannot open
shared object file: No such file or directory
This occurs because the ninja binary is dynamically linked against
libc++, which is not available in the container's runtime environment.
This change modifies the LDFLAGS in fips_build.bzl to statically link
the C++ standard library (libc++ or libstdc++) and libgcc into the build
tools, eliminating the runtime dependency.
The fix applies to both the BUILD_COMMAND and NINJA_BUILD_COMMAND
sections, and handles both libc++ and libstdc++ configurations.
Risk Level: Low
The change only affects the linking of build-time tools (ninja) used
during BoringSSL FIPS compilation. It does not affect the final Envoy
binary or its runtime behavior.
Testing:
Tested with container-based FIPS builds using --config=boringssl-fips:
- Verified ninja binary executes successfully during BoringSSL FIPS
build
- Confirmed resulting Envoy binary shows BoringSSL-FIPS in version
output
Signed-off-by: Aaron Donovan <amdonov@gmail.com>
Signed-off-by: Ryan Northey <ryan@synca.io>1 parent 437f806 commit be7a0ac
1 file changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
82 | | - | |
| 82 | + | |
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
| |||
0 commit comments