[OE-core] [PATCH v2] feat(openssl-1.1): rework packaging

Andrej Valek andrej.valek at siemens.com
Fri Jun 8 07:48:57 UTC 2018 

Hi again,

after more testing, I think creating ${sysconfdir}/ssl links is highly
recommended. ca-certificate updating script (+ many other tools) has
hard-coded path to /etc/ssl. Debian has multiple links in /usr/lib/ssl/
to /etc/ssl/.

So I think, my previous patch is correct.

Now I am going to test your openssl-1.1.1 branch.

BR,
Andrej

On 06/08/18 08:33, Andrej Valek wrote:
> Hi Alex,
> 
> On 06/07/18 15:13, Alexander Kanavin wrote:
>> On 06/07/2018 10:32 AM, Andrej Valek wrote:
>>> -do_install_append_class-native () {
>>>           # Install a custom version of c_rehash that can handle sysroots properly.
>>>           # This version is used for example when installing ca-certificates during
>>>           # image creation.
>>>           install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
>>>           sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
>>
>> Why is this merged into the main do_install()? Please explain.
> c_rehash was not working on target exactly as on native. (Same perl
> erros). So I have copied this stuff from 1.0.2, it is working on both
> platforms as well.
>>
>>> +        # Create SSL structure
>>> +        install -d ${D}${sysconfdir}/ssl/
>>> +        mv ${D}${libdir}/ssl-1.1/openssl.cnf \
>>> +           ${D}${libdir}/ssl-1.1/certs \
>>> +           ${D}${libdir}/ssl-1.1/private \
>>> +           \
>>> +           ${D}${sysconfdir}/ssl/
>>> +        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
>>> +        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
>>> +        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
>>
>> Please explain this change as well. Resend the patch with the 
>> explanations included in the commit log or (better), the recipe itself.
> During splitting to packages I have compared files with 1.0.2 and I
> wanted to have same file structure. Anyway Debian is using this location
> without modification and You don't like it, so I will revert it.
> 
> But note that bash-completion has the /etc path for openssl.cnf as
> default search path... .
>>
>> I would like to keep the new openssl recipe short and simple, and so 
>> anything that adds lines and complication should be well justified. :)
>>
>> Alex
>>
> 
> BR,
> Andrej
>

More information about the Openembedded-core mailing list