[OE-core] [RFC][PATCH 3/5] openssl: update to 1.1.1

Andre McCurdy armccurdy at gmail.com
Tue Apr 10 21:20:57 UTC 2018


On Tue, Apr 10, 2018 at 5:07 AM, Alexander Kanavin
<alexander.kanavin at linux.intel.com> wrote:
> At the moment 1.1.1 is in pre-release stage, however the final release
> should be available within a few weeks. The major selling point is that
> it supports the new TLS 1.3 specification. At the moment it is not clear
> whether this also will be a long term support version of openssl;
> we can make the decision to merge this version once that is made clear
> by upstream. More information:
>
> https://www.openssl.org/policies/releasestrat.html
>
> Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
> ---
>  ...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 ----------------------
>  .../{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb}   | 21 +++++------
>  2 files changed, 10 insertions(+), 54 deletions(-)
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
>  rename meta/recipes-connectivity/openssl/{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb} (83%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> similarity index 83%
> rename from meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> index 94b75eb92a8..859362f7afe 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> @@ -10,13 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
>
>  BBCLASSEXTEND = "native nativesdk"
>
> -SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
> -SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
> +SRC_URI[md5sum] = "07c3f6831fb6dfe975795ef7bbbee9fc"
> +SRC_URI[sha256sum] = "df2d5fcc2a878525611c75b9e9116fbcfbce8d9b96419a16eda5fb11ecc428f6"
>
>  SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>             file://run-ptest \
>             file://openssl-c_rehash.sh \
> -           file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
>             "
>
>  S = "${WORKDIR}/openssl-${PV}"
> @@ -114,20 +113,20 @@ do_configure () {
>          if [ "x$useprefix" = "x" ]; then
>                  useprefix=/
>          fi
> -       libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
> -       perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
> +        # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
> +        # environment variables set by bitbake. Adjust the environment variables instead.
> +       perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
>  }
>
> -#| engines/afalg/e_afalg.c: In function 'eventfd':
> -#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
> -#|      return syscall(__NR_eventfd, n);
> -#|                     ^~~~~~~~~~~~
> -EXTRA_OECONF_aarch64 += "no-afalgeng"
> +# This prevents openssl from using getrandom() which is not available on older glibc versions
> +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
> +EXTRA_OECONF_class-native += "--with-rand-seed=devrandom"
> +EXTRA_OECONF_class-nativesdk += "--with-rand-seed=devrandom"

Better to avoid += with an over-ride since it doesn't do what most new
users etc expect. Better to use _append instead (or just the over-ride
on it's own, if over-riding the original value is what you intended to
do).

>  #| ./libcrypto.so: undefined reference to `getcontext'
>  #| ./libcrypto.so: undefined reference to `setcontext'
>  #| ./libcrypto.so: undefined reference to `makecontext'
> -EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
> +CPPFLAGS_libc-musl += "-DOPENSSL_NO_ASYNC"

Same comment here.

>  do_install () {
>          oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
> --



More information about the Openembedded-core mailing list