[oe-commits] [openembedded-core] 23/40: rpm: switch to openssl from nss
git at git.openembedded.org
git at git.openembedded.org
Thu Jan 16 22:34:10 UTC 2020
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master
in repository openembedded-core.
commit 8c35a01dc771bf48f74129daa58d365100d18081
Author: Alexander Kanavin <alex.kanavin at gmail.com>
AuthorDate: Tue Jan 14 14:59:48 2020 +0100
rpm: switch to openssl from nss
nss is a problematic library in many ways, but openssl
seems to work just fine.
rpm was the only user of nss in oe-core, which opens
the possibility of moving it out.
Add a backported patch to enable builds with latest openssl.
Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
...tial-support-for-unused-MD2-and-RIPEMD160.patch | 81 ++++++++++++++++++++++
meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 5 +-
2 files changed, 84 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch
new file mode 100644
index 0000000..734e38b
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch
@@ -0,0 +1,81 @@
+From 2d53d1e308a5bd15a16cc289fa7e1f264ea706be Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai at redhat.com>
+Date: Tue, 26 Jun 2018 10:46:14 +0300
+Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests
+
+Inspired by #453, adding configure-checks for unused digests algorithms
+seems nonsensical, at no point in rpm history have these algorithms been
+used for anything in rpm so there's not even backward compatibility to
+care about. So the question becomes why do we appear to have (some)
+support for those unused algorithms? So lets don't, problem solved...
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0]
+Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
+---
+ rpmio/digest_beecrypt.c | 7 -------
+ rpmio/digest_nss.c | 2 --
+ rpmio/digest_openssl.c | 6 ------
+ 3 files changed, 15 deletions(-)
+
+diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c
+index 597027e25..653a39491 100644
+--- a/rpmio/digest_beecrypt.c
++++ b/rpmio/digest_beecrypt.c
+@@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
+ ctx->Digest = (void *) sha512Digest;
+ break;
+ #endif
+- case PGPHASHALGO_RIPEMD160:
+- case PGPHASHALGO_MD2:
+- case PGPHASHALGO_TIGER192:
+- case PGPHASHALGO_HAVAL_5_160:
+ default:
+ free(ctx);
+ return NULL;
+@@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si
+ case PGPHASHALGO_SHA1:
+ prefix = "3021300906052b0e03021a05000414";
+ break;
+- case PGPHASHALGO_MD2:
+- prefix = "3020300c06082a864886f70d020205000410";
+- break;
+ case PGPHASHALGO_SHA256:
+ prefix = "3031300d060960864801650304020105000420";
+ break;
+diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
+index e11920e3e..b3d2b5595 100644
+--- a/rpmio/digest_nss.c
++++ b/rpmio/digest_nss.c
+@@ -117,7 +117,6 @@ static HASH_HashType getHashType(int hashalgo)
+ {
+ switch (hashalgo) {
+ case PGPHASHALGO_MD5: return HASH_AlgMD5;
+- case PGPHASHALGO_MD2: return HASH_AlgMD2;
+ case PGPHASHALGO_SHA1: return HASH_AlgSHA1;
+ #ifdef SHA224_LENGTH
+ case PGPHASHALGO_SHA224: return HASH_AlgSHA224;
+@@ -217,7 +216,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo)
+ {
+ switch (hashalgo) {
+ case PGPHASHALGO_MD5: return SEC_OID_MD5;
+- case PGPHASHALGO_MD2: return SEC_OID_MD2;
+ case PGPHASHALGO_SHA1: return SEC_OID_SHA1;
+ #ifdef SHA224_LENGTH
+ case PGPHASHALGO_SHA224: return SEC_OID_SHA224;
+diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
+index 18e52a724..0ae48dd1d 100644
+--- a/rpmio/digest_openssl.c
++++ b/rpmio/digest_openssl.c
+@@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo)
+ case PGPHASHALGO_SHA1:
+ return EVP_sha1();
+
+- case PGPHASHALGO_RIPEMD160:
+- return EVP_ripemd160();
+-
+- case PGPHASHALGO_MD2:
+- return EVP_md2();
+-
+ case PGPHASHALGO_SHA256:
+ return EVP_sha256();
+
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
index c37330e..339bd7b 100644
--- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
@@ -42,6 +42,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \
file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \
file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \
+ file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \
"
PE = "1"
@@ -49,7 +50,7 @@ SRCREV = "4a9440006398646583f0d9ae1837dad2875013aa"
S = "${WORKDIR}/git"
-DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3"
+DEPENDS = "openssl libarchive db file popt xz bzip2 dbus elfutils python3"
DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
inherit autotools gettext pkgconfig python3native
@@ -58,7 +59,7 @@ export PYTHON_ABI
# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
-EXTRA_OECONF_append = " --without-lua --enable-python"
+EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=openssl"
EXTRA_OECONF_append_libc-musl = " --disable-nls"
# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list