[OE-core] [PATCH v2] openssl: Use the c_rehash shell re-implementation for target
Alexander Kanavin
alex.kanavin at gmail.com
Mon Mar 18 14:53:28 UTC 2019
Apologies, but I still have to veto this. The concerns I expressed previously still stand.
The best course of action would be to work with the OpenSSL upstream to replace the utility with either C or shell version.
Alex
> On 18 Mar 2019, at 14.36, Otavio Salvador <otavio at ossystems.com.br> wrote:
>
> We had a c_rehash shell re-implementation being used for the native
> package and there is no reason to not use it as well for the
> target. This allows it to be available without the need of perl being
> installed.
>
> This partially reverts OE-Core:d2b1a889ef (openssl: move c_rehash pkg
> to avoid perl dep) but still allows the removal of perl
> dependency.
>
> The respective re-implementation was already in use here at OE-Core by
> the OpenSSL 1.0 recipe (since 2016) and were removed from the target
> recipe during the upgrade to the 1.1 release. So it now aligns the
> native and target recipes.
>
> ,----
> | Author: Otavio Salvador <otavio at ossystems.com.br>
> | Date: Mon May 23 17:45:25 2016 -0300
> |
> | openssl: Add Shell-Script based c_rehash utility
> |
> | The PLD Linux distribution has ported the c_rehash[1] utility from
> | Perl to Shell-Script, allowing it to be shipped by default.
> |
> | 1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761
> |
> | The OpenSSL upstream intends[2] to convert the utility for C
> | however did not yet finished the conversion.
> |
> | 2. https://rt.openssl.org/Ticket/Display.html?id=2324
> |
> | This patch adds this script and thus removed the Perl requirement
> | for it.
> |
> | Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
> | Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> `----
>
> Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
> ---
>
> Changes in v2:
> - updated commit log
>
> .../openssl/openssl_1.1.1a.bb | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> index 4a626a4fcd..a6f920e15b 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> @@ -128,7 +128,13 @@ do_install () {
>
> oe_multilib_header openssl/opensslconf.h
>
> - # Create SSL structure for packages such as ca-certificates which
> + # Install a custom version of c_rehash that can handle sysroots properly.
> + # This version is used for example when installing ca-certificates during
> + # image creation.
> + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> +
> + # Create SSL structure for packages such as ca-certificates which
> # contain hard-coded paths to /etc/ssl. Debian does the same.
> install -d ${D}${sysconfdir}/ssl
> mv ${D}${libdir}/ssl-1.1/certs \
> @@ -149,12 +155,6 @@ do_install_append_class-native () {
> SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> -
> - # Install a custom version of c_rehash that can handle sysroots properly.
> - # This version is used for example when installing ca-certificates during
> - # image creation.
> - install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> - sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> }
>
> do_install_append_class-nativesdk () {
> @@ -196,7 +196,7 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
> FILES_libssl = "${libdir}/libssl${SOLIBS}"
> FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> FILES_${PN}-engines = "${libdir}/engines-1.1"
> -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"
> +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
> FILES_${PN} =+ "${libdir}/ssl-1.1/*"
> FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
>
> --
> 2.21.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list