[OE-core] [PATCH v2] feat(openssl-1.1): rework packaging
Andrej Valek
andrej.valek at siemens.com
Fri Jun 8 07:48:57 UTC 2018
Hi again,
after more testing, I think creating ${sysconfdir}/ssl links is highly
recommended. ca-certificate updating script (+ many other tools) has
hard-coded path to /etc/ssl. Debian has multiple links in /usr/lib/ssl/
to /etc/ssl/.
So I think, my previous patch is correct.
Now I am going to test your openssl-1.1.1 branch.
BR,
Andrej
On 06/08/18 08:33, Andrej Valek wrote:
> Hi Alex,
>
> On 06/07/18 15:13, Alexander Kanavin wrote:
>> On 06/07/2018 10:32 AM, Andrej Valek wrote:
>>> -do_install_append_class-native () {
>>> # Install a custom version of c_rehash that can handle sysroots properly.
>>> # This version is used for example when installing ca-certificates during
>>> # image creation.
>>> install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
>>> sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
>>
>> Why is this merged into the main do_install()? Please explain.
> c_rehash was not working on target exactly as on native. (Same perl
> erros). So I have copied this stuff from 1.0.2, it is working on both
> platforms as well.
>>
>>> + # Create SSL structure
>>> + install -d ${D}${sysconfdir}/ssl/
>>> + mv ${D}${libdir}/ssl-1.1/openssl.cnf \
>>> + ${D}${libdir}/ssl-1.1/certs \
>>> + ${D}${libdir}/ssl-1.1/private \
>>> + \
>>> + ${D}${sysconfdir}/ssl/
>>> + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
>>> + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
>>> + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
>>
>> Please explain this change as well. Resend the patch with the
>> explanations included in the commit log or (better), the recipe itself.
> During splitting to packages I have compared files with 1.0.2 and I
> wanted to have same file structure. Anyway Debian is using this location
> without modification and You don't like it, so I will revert it.
>
> But note that bash-completion has the /etc path for openssl.cnf as
> default search path... .
>>
>> I would like to keep the new openssl recipe short and simple, and so
>> anything that adds lines and complication should be well justified. :)
>>
>> Alex
>>
>
> BR,
> Andrej
>
More information about the Openembedded-core
mailing list