[OE-core] [PATCH v2] openssl: Use the c_rehash shell re-implementation for target

[Alexander Kanavin]

It’s fine to use the shell rewrite in the native case, as it’s only used from one place under our control. This is not the case for the target where we have no idea where and how the script can be used. So you can’t argue that native has the same issues as target does, and therefore they must be the same. The reason we use shell rewrite for native is that it handles sysroots properly from what I remember.

If something is broken, please describe the steps to reproduce and I can look into it

Alex

> On 18 Mar 2019, at 17.00, Otavio Salvador <otavio.salvador at ossystems.com.br> wrote:
> 
> Hello Alexander,
> 
> On Mon, Mar 18, 2019 at 11:53 AM Alexander Kanavin
> <alex.kanavin at gmail.com> wrote:
>> 
>> Apologies, but I still have to veto this. The concerns I expressed previously still stand.
>> 
>> The best course of action would be to work with the OpenSSL upstream to replace the utility with either C or shell version.
> 
> I understand your concerns about this however, those also stands for
> the native recipe. So we have two possible routes which seem to align
> with those concerns:
> 
> 1) assume the c_rehash in shell script is good enough and adopt it
> 2) drop c_rehash from openssl recipe
> 
> either work. The use of a different version for target and native does
> not seem consistent either correct.
> 
> As mentioned, this has been in use in multiple devices for years
> without concerns and this has been changed under the hood when moving
> to OpenSSL 1.1. Also, the ca-certificate is broken for installation on
> target now (as it uses c_rehash) and this is still unnoticed.
> 
> So I know your view on this. I'd like to know the view of other team
> members as well...
> 
> 
> -- 
> Otavio Salvador                             O.S. Systems
> http://www.ossystems.com.br        http://code.ossystems.com.br
> Mobile: +55 (53) 9 9981-7854          Mobile: +1 (347) 903-9750