Workaround --exclude-libs not available on clang for OS X

Question

I need to create a wrapper library which needs to use a different version of OpenSSL (BoringSSL), for reasons provided at "Wrapper Shared Objects" at [1].

The problem is that --exclude-libs is not available with clang for OS X, thus the symbols get exported which I must avoid.

What options do I have to workaround this, e.g. stripping symbols after the library has been built?

[1] https://wiki.openssl.org/index.php/Android

That was my first idea, too. Problem is not clang itself, but ld, and there is no alternative on OS X (at least bot anymore, I found an outdated project). — benjist, Mar 04 '20 at 23:51
@benjist There is LLVM `lld`, although I'm not sure it supports the option you want. — rubenvb, Mar 05 '20 at 15:31
Is your wrapper library a dynamic framework? Perhaps you could do post-build executable processing as in my answer here https://stackoverflow.com/questions/60497896/self-modifying-code-on-darwin-10-15-resulting-in-malformed-mach-o-image/60505259#60505259 (so esssentially remove the relevant `LC_LOAD_DYLIB`) and add a custom one. Assuming the API is identical that is. — Kamil.S, Mar 06 '20 at 12:02
Did you find an an answer to your problem? I'm also struggling with lot of static libraries and hiding symbols on those often requires source modifications. Statically stripping symbols from static libraries would work but I couldn't find how to. — ceztko, Apr 08 '20 at 15:09

Stuart Berg · Answer 1 · 2022-02-13T03:17:43.223

1

The macOS ld linker allows you to hide symbols from a specific static library, via -hidden-l instead of -l. Here's a quote from man ld on Mac:

     -hidden-lx  This is the same as the -lx for locating a static library,
                 but treats all global symbols from the static library as if
                 they are visibility hidden.  Useful when building a dynamic
                 library that uses a static library but does not want to
                 export anything from that static library.

So, don't use -lssl in your linker flags. Use -hidden-lssl.

edited Feb 13 '22 at 03:17

answered Dec 20 '21 at 17:12

Stuart Berg

17,026
12
67
99

This switch is quite recent, XCode 12 or 13. – ceztko Feb 24 '22 at 09:06

Michael Domino · Answer 2 · 2020-03-05T15:49:43.103

-1

I also use a different version of OpenSSL in my project. I build and link in static libraries with no reference to installed dylibs. This is completely independent of any other OpenSSL implementations that may be present on the machine. Will that strategy work for you? I guess I am wondering why you have to wrap a static library in a dynamic library? Why not just link the static library directly into the executable that will use it?

edited Mar 05 '20 at 15:49

answered Mar 05 '20 at 15:23

Michael Domino

409
2
9

I have to link to the systems OpenSSL as well. Thus this won't work unfortunately. – benjist Mar 05 '20 at 18:57

Workaround --exclude-libs not available on clang for OS X

2 Answers2