[OE-core] [PATCH v2] openssl: Use the c_rehash shell re-implementation for target

Alexander Kanavin alex.kanavin at gmail.com
Mon Mar 18 14:53:28 UTC 2019 

Apologies, but I still have to veto this. The concerns I expressed previously still stand.

The best course of action would be to work with the OpenSSL upstream to replace the utility with either C or shell version.

Alex

> On 18 Mar 2019, at 14.36, Otavio Salvador <otavio at ossystems.com.br> wrote:
> 
> We had a c_rehash shell re-implementation being used for the native
> package and there is no reason to not use it as well for the
> target. This allows it to be available without the need of perl being
> installed.
> 
> This partially reverts OE-Core:d2b1a889ef (openssl: move c_rehash pkg
> to avoid perl dep) but still allows the removal of perl
> dependency.
> 
> The respective re-implementation was already in use here at OE-Core by
> the OpenSSL 1.0 recipe (since 2016) and were removed from the target
> recipe during the upgrade to the 1.1 release. So it now aligns the
> native and target recipes.
> 
> ,----
> | Author: Otavio Salvador <otavio at ossystems.com.br>
> | Date:   Mon May 23 17:45:25 2016 -0300
> |
> |     openssl: Add Shell-Script based c_rehash utility
> |
> |     The PLD Linux distribution has ported the c_rehash[1] utility from
> |     Perl to Shell-Script, allowing it to be shipped by default.
> |
> |     1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761
> |
> |     The OpenSSL upstream intends[2] to convert the utility for C
> |     however did not yet finished the conversion.
> |
> |     2. https://rt.openssl.org/Ticket/Display.html?id=2324
> |
> |     This patch adds this script and thus removed the Perl requirement
> |     for it.
> |
> |     Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
> |     Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> `----
> 
> Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
> ---
> 
> Changes in v2:
> - updated commit log
> 
> .../openssl/openssl_1.1.1a.bb                    | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> index 4a626a4fcd..a6f920e15b 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
> @@ -128,7 +128,13 @@ do_install () {
> 
>    oe_multilib_header openssl/opensslconf.h
> 
> -    # Create SSL structure for packages such as ca-certificates which
> +    # Install a custom version of c_rehash that can handle sysroots properly.
> +    # This version is used for example when installing ca-certificates during
> +    # image creation.
> +    install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> +    sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> +
> +        # Create SSL structure for packages such as ca-certificates which
>    # contain hard-coded paths to /etc/ssl. Debian does the same.
>    install -d ${D}${sysconfdir}/ssl
>    mv ${D}${libdir}/ssl-1.1/certs \
> @@ -149,12 +155,6 @@ do_install_append_class-native () {
>        SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
>        SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
>        OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> -
> -    # Install a custom version of c_rehash that can handle sysroots properly.
> -    # This version is used for example when installing ca-certificates during
> -    # image creation.
> -    install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
> -    sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
> }
> 
> do_install_append_class-nativesdk () {
> @@ -196,7 +196,7 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
> FILES_libssl = "${libdir}/libssl${SOLIBS}"
> FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
> FILES_${PN}-engines = "${libdir}/engines-1.1"
> -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"
> +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
> FILES_${PN} =+ "${libdir}/ssl-1.1/*"
> FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
> 
> -- 
> 2.21.0
> 
> -- 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list