[OE-core] [PATCH] openssh: build support openssl 1.1

Andre McCurdy armccurdy at gmail.com
Thu Sep 13 01:13:56 UTC 2018 

On Wed, Sep 12, 2018 at 3:30 AM, Alexander Kanavin
<alex.kanavin at gmail.com> wrote:
> 2018-09-12 11:59 GMT+02:00 Hongxu Jia <hongxu.jia at windriver.com>:
>> It's a long term target, we should try to push upstream to accept
>> openssl 1.1, such as split one patch to multiple sub patches step
>> by step, make it more reviewable,  not only openssh, ideally any
>> recipe depends on 1.0 should be turned to 1.1
>
> The pull request has been open for two years now:
> https://github.com/openssh/openssh-portable/pull/48
>
> I don't think you'll get far with the pushing the upstream. They are
> happy using libressl on *BSD, and don't particularly care about Linux
> or openssl.
>
>> Currently, use openssl10 as the standalone recipe to provide openssl,
>> everything works well in oe-core + oe.
>
> openssl10 upstream support ends at the end of 2019. We can no longer
> afford to do nothing about the situation.
>
>> As I mention before, there is still a issue at run time image. Even though
>> openssh depends on `openssl10',  but the `openssl' is installed at do_rootfs
>>
>> It breaks DEPEND/RDEPENDS principle
>>
>> [local.conf]
>> IMAGE_INSTALL_append = " openssh"
>> [local.conf]
>>
>> $ bitbake core-image-minimal
>>
>> [log.do_rootfs]
>>   Installing       : openssl-1.1.1~pre9-r0.core2_64
>> [log.do_rootfs]
>>
>> The recipe depends on openssl10, but openssl10 will not be installed.
>
> There is a library package split, so you should be seeing libcrypto10
> or libssl10 installed as well. Can you provide the full log please?

It's deliberate that including openssl10 in an image will at least
cause openssl 1.1 to built as the openssl10 libcrypto depends on
openssl10-conf and that's now provided by the openssl-conf package
from openssl 1.1

So the expected outcome of adding openssh to a minimal image would be
for the image to include libcrypto10 and libssl10 from openssl10 and
openssl-conf from openssl 1.1. Is that what you see?

(As a potential cleanup, we should perhaps remove openssl10-conf and
have libcrypto10 RDEPEND directly on openssl-conf, to make it a little
clearer that we expect to use the openssl 1.1 config for all versions
of the openssl libs).

>> BTW, Is pre9 1.1.1 openssl a stable release?
>
> Final 1.1.1 has been released yesterday, so I'll send a patch in a moment.
>
> Alex
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list