[OE-core] [PATCH] rpm: use libgcrypt instead of NSS for cryptography

Wed Nov 20 16:19:41 UTC 2019

RPM 4.15 by default will use libgcrypt instead of NSS for cryptography
functions, but as we didn't have libgcrypt in DEPENDS it kept using NSS.

As RPM is the sole user of NSS/NSPR in oe-core, moving to libgcrypt can make a
noticable difference to build time.  For example, building rpm (and packaging it
as RPMs) from scratch is five minutes faster with libgcrypt.

Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 .../rpm/files/gcrypt-use-pkgconfig.patch      | 51 +++++++++++++++++++
 meta/recipes-devtools/rpm/rpm_4.15.1.bb       |  5 +-
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch

diff --git a/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
new file mode 100644
index 00000000000..8c72d2310b6
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
@@ -0,0 +1,51 @@
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/942]
+Signed-off-by: Ross Burton <ross.burton at intel.com>
+
+From 3f6cda568853bf7878df704adc75d4a78d75346c Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton at intel.com>
+Date: Wed, 20 Nov 2019 13:06:51 +0000
+Subject: [PATCH] configure.ac: prefer pkg-config to find libgcrypt
+
+libgcrypt from 1.8.5 provides a pkg-config file as well as the traditional
+libgcrypt-config script.  As pkg-config is more resiliant in the face of
+complicated build environments (for example cross-compilation and sysroots)
+prefer the pkg-config file, falling back to libgcrypt-config if that doesn't
+exist.
+---
+ configure.ac | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0a3a9bbf4..6a3ea3615 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -395,14 +395,21 @@ AC_SUBST(WITH_OPENSSL_LIB)
+ WITH_LIBGCRYPT_INCLUDE=
+ WITH_LIBGCRYPT_LIB=
+ if test "$with_crypto" = libgcrypt ; then
+-AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
+-if test notfound != "$LIBGCRYPT_CONFIG" ; then
+-WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
+-WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
+-fi
+-if test -z "$WITH_LIBGCRYPT_LIB" ; then
+-AC_MSG_ERROR([libgcrypt not found])
+-fi
++  # libgcrypt 1.8.5 onwards ships a pkg-config file so prefer that
++  PKG_CHECK_MODULES([LIBGCRYPT], [libgcrypt], [have_libgcrypt=yes], [have_libgcrypt=no])
++  if test "$have_libgcrypt" = "yes"; then
++    WITH_LIBGCRYPT_INCLUDE="$LIBGCRYPT_CFLAGS"
++    WITH_LIBGCRYPT_LIB="$LIBGCRYPT_LIBS"
++  else
++    AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
++      if test notfound != "$LIBGCRYPT_CONFIG" ; then
++        WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
++        WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
++     fi
++     if test -z "$WITH_LIBGCRYPT_LIB" ; then
++       AC_MSG_ERROR([libgcrypt not found])
++    fi
++  fi
+ fi
+ 
+ AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
index 4fa2d764fb9..f033cf33144 100644
--- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
@@ -38,6 +38,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
            file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \
            file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
            file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
+           file://gcrypt-use-pkgconfig.patch \
            "
 
 PE = "1"
@@ -45,7 +46,7 @@ SRCREV = "ab2179452c5be276a6b96c591afded485c7e58c3"
 
 S = "${WORKDIR}/git"
 
-DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3"
+DEPENDS = "libarchive libgcrypt db file popt xz bzip2 dbus elfutils python3"
 DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
 
 inherit autotools gettext pkgconfig python3native
@@ -54,7 +55,7 @@ export PYTHON_ABI
 # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
 EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
 
-EXTRA_OECONF_append = " --without-lua --enable-python"
+EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=libgcrypt"
 EXTRA_OECONF_append_libc-musl = " --disable-nls"
 
 # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs
-- 
2.20.1

