[OE-core] [PATCH] openssh: build support openssl 1.1

Hongxu Jia hongxu.jia at windriver.com
Tue Sep 11 15:18:00 UTC 2018 

On 2018年09月11日 18:39, Alexander Kanavin wrote:
> I'm afraid I have changed my mind, and I have to say no to this. It is
> *not*  a backport, it is a very large patch that nobody understands, it
> will need to be rebased every time there is new openssh out, we cannot
> rely on Fedora doing this, as they apply this patch on top of their
> other patches. Meanwhile, upstream pull request has been stalled for a
> very long time and just isn't going anywhere.
>
> I would suggest you make openssh depend on libressl and find out why
> it is working everywhere except arm64 - that's the only reason we
> haven't done it yet.

Use openssh depends on libressl could not fix the issue, which also 
conflicts
with openssl in the meta-selinux example (they provides the same 
headers/libraries)

The root cause is since rename libssl (1.0) -> libssl10, and drop 
PRFERRED_VERSION,
there are multiple recipes provide ssl (openssl, openssl10, libressl) 
with different name

BTW, even though openssh depends `openssl10',  the `openssl' is installed
to rootfs. It breaks DEPEND/RDEPENDS principle

[local.conf]
IMAGE_INSTALL_append = " openssh"
[local.conf]

$ bitbake core-image-minimal

[log.do_rootfs]
   Installing       : openssl-1.1.1~pre9-r0.core2_64
[log.do_rootfs]

The recipe depends on openssl10, but openssl10 will not be installed.

Here are my suggestions

1: Replace dependence openssl10  -> openssl, such as this fix, and drop 
recipe openssl10 finally;
     1 (openssh) in oe-core, 3 (umip, ipsec-tools, mailx) in oe, 3 
(openssl-tpm-engine,
     tpm-tools, trousers) in meta-secure-core

Or 2: Unify openssl,openssl10 and libressl to provide one ssl,
         we could add PROVIDER = 'virtual/ssl' to above recipe, any recipe
         depends on `openssl' will be replced with `virtual/ssl', the recipe
        depends on `openssl10' will not be changed.

        Set PREFERRED_PROVIDER_virtual//ssl = "openssl | openssl10 | 
libressl" in conf

Or 3: Revert previously patch, rename recipe openssl10 -> openssl 1.0, 
and set
       PREFERRED_VERSION


//Hongxu

>
> Alex


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20180911/8bda08bd/attachment-0002.html>

More information about the Openembedded-core mailing list