[OE-core] [PATCH] openssl: Fix symlink creation
David Vincent
freesilicon at gmail.com
Fri Apr 21 07:55:25 UTC 2017
On 2017-04-20 15:04 GMT+02:00 Martin Jansa <martin.jansa at gmail.com>:
> On Thu, Apr 20, 2017 at 03:37:24PM +0300, Alexander Kanavin wrote:
>> On 04/19/2017 04:03 PM, David Vincent wrote:
>> > The problem is that I must be able to manage the configuration of a machine
>> > without physical intervention and only via package upgrades. A new
>> > configuration can be applied simply by incrementing the PR of a configuration
>> > package.
>> >
>> > But maybe this is a use case only needed by me and I should manage it in my
>> > own specific layer ?
>> >
>> > Now that I think of it, I have the same kind of problem for all machine
>> > specific configurations. For now, I just replace the PACKAGE_ARCH in my BSP
>> > layer with a machine specific one to indicate that a package contains a
>> > configuration valid only for a specific machine. Maybe, in a future release, it
>> > should be desirable to create -conf packages based on the CONFFILES variable ?
>> > I don't know if it's a good idea, but maybe I could bring that up on the
>> > architecture mailing list ?
>>
>> By all means please do so. Yocto lacks a solution for configuration
>> management, and this was discussed some time ago, although I cannot
>> anymore find where it happened. Mark, do you remember?
Yes I'll bring that up on the architecture mailing list to gather some advices.
>
> I still haven't seen any argument why not use u-a like for any other
> alternative files.
I don't really have an argument, it's just that it feels wrong to me to manage
configuration files via update-alternatives. Just like it did for
initscripts. I agree that
it works, until some corner cases reveal problems.
(see https://bugzilla.yoctoproject.org/show_bug.cgi?id=10433)
>
> All you have to do is create openssl bbappend (this part might be
> integrated into oe-core):
>
> inherit update-alternatives
> ALTERNATIVE_${PN} = "openssl-cnf"
> ALTERNATIVE_LINK_NAME[openssl-cnf] = "${sysconfdir}/ssl/openssl.cnf"
> ALTERNATIVE_PRIORITY[openssl-cnf] ?= "1"
>
> And then in your recipe which provides alternative config add similar
> fragment:
>
> inherit update-alternatives
> ALTERNATIVE_${PN} = "openssl-cnf"
> ALTERNATIVE_LINK_NAME[openssl-cnf] = "${sysconfdir}/ssl/openssl.cnf"
> ALTERNATIVE_PRIORITY[openssl-cnf] ?= "10"
>
> And that's it. We're using this for last 4 years since:
> https://github.com/openwebos/meta-webos/commit/b13980be3f28bf60582ec3f691e392db03942e21
> and it worked fine until this oe-core change was merged (and I had to
> undo it in the same bbappend).
OTOH, I could also append the install task for my target. There are
many solutions to
this problem, but I think that like it was said before, the main one
is handling properly the
configuration and provide a way to override it in BSP or distro layers.
>
> Regards,
> --
> Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
David
More information about the Openembedded-core
mailing list