[OE-core] [PATCH] rpm: use libgcrypt instead of NSS for cryptography
Mark Hatle
mark.hatle at kernel.crashing.org
Wed Nov 20 17:51:31 UTC 2019
Just as an ack.. Please get rid of NSS/NSPR ASAP, and move to libgcrypt. Long
term it's a much much better solution.
--Mark
On 11/20/19 10:19 AM, Ross Burton wrote:
> RPM 4.15 by default will use libgcrypt instead of NSS for cryptography
> functions, but as we didn't have libgcrypt in DEPENDS it kept using NSS.
>
> As RPM is the sole user of NSS/NSPR in oe-core, moving to libgcrypt can make a
> noticable difference to build time. For example, building rpm (and packaging it
> as RPMs) from scratch is five minutes faster with libgcrypt.
>
> Signed-off-by: Ross Burton <ross.burton at intel.com>
> ---
> .../rpm/files/gcrypt-use-pkgconfig.patch | 51 +++++++++++++++++++
> meta/recipes-devtools/rpm/rpm_4.15.1.bb | 5 +-
> 2 files changed, 54 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
>
> diff --git a/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
> new file mode 100644
> index 00000000000..8c72d2310b6
> --- /dev/null
> +++ b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
> @@ -0,0 +1,51 @@
> +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/942]
> +Signed-off-by: Ross Burton <ross.burton at intel.com>
> +
> +From 3f6cda568853bf7878df704adc75d4a78d75346c Mon Sep 17 00:00:00 2001
> +From: Ross Burton <ross.burton at intel.com>
> +Date: Wed, 20 Nov 2019 13:06:51 +0000
> +Subject: [PATCH] configure.ac: prefer pkg-config to find libgcrypt
> +
> +libgcrypt from 1.8.5 provides a pkg-config file as well as the traditional
> +libgcrypt-config script. As pkg-config is more resiliant in the face of
> +complicated build environments (for example cross-compilation and sysroots)
> +prefer the pkg-config file, falling back to libgcrypt-config if that doesn't
> +exist.
> +---
> + configure.ac | 23 +++++++++++++++--------
> + 1 file changed, 15 insertions(+), 8 deletions(-)
> +
> +diff --git a/configure.ac b/configure.ac
> +index 0a3a9bbf4..6a3ea3615 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -395,14 +395,21 @@ AC_SUBST(WITH_OPENSSL_LIB)
> + WITH_LIBGCRYPT_INCLUDE=
> + WITH_LIBGCRYPT_LIB=
> + if test "$with_crypto" = libgcrypt ; then
> +-AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
> +-if test notfound != "$LIBGCRYPT_CONFIG" ; then
> +-WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
> +-WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
> +-fi
> +-if test -z "$WITH_LIBGCRYPT_LIB" ; then
> +-AC_MSG_ERROR([libgcrypt not found])
> +-fi
> ++ # libgcrypt 1.8.5 onwards ships a pkg-config file so prefer that
> ++ PKG_CHECK_MODULES([LIBGCRYPT], [libgcrypt], [have_libgcrypt=yes], [have_libgcrypt=no])
> ++ if test "$have_libgcrypt" = "yes"; then
> ++ WITH_LIBGCRYPT_INCLUDE="$LIBGCRYPT_CFLAGS"
> ++ WITH_LIBGCRYPT_LIB="$LIBGCRYPT_LIBS"
> ++ else
> ++ AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
> ++ if test notfound != "$LIBGCRYPT_CONFIG" ; then
> ++ WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
> ++ WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
> ++ fi
> ++ if test -z "$WITH_LIBGCRYPT_LIB" ; then
> ++ AC_MSG_ERROR([libgcrypt not found])
> ++ fi
> ++ fi
> + fi
> +
> + AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
> diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> index 4fa2d764fb9..f033cf33144 100644
> --- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> +++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> @@ -38,6 +38,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
> file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \
> file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
> file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
> + file://gcrypt-use-pkgconfig.patch \
> "
>
> PE = "1"
> @@ -45,7 +46,7 @@ SRCREV = "ab2179452c5be276a6b96c591afded485c7e58c3"
>
> S = "${WORKDIR}/git"
>
> -DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3"
> +DEPENDS = "libarchive libgcrypt db file popt xz bzip2 dbus elfutils python3"
> DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
>
> inherit autotools gettext pkgconfig python3native
> @@ -54,7 +55,7 @@ export PYTHON_ABI
> # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
> EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
>
> -EXTRA_OECONF_append = " --without-lua --enable-python"
> +EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=libgcrypt"
> EXTRA_OECONF_append_libc-musl = " --disable-nls"
>
> # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs
>
More information about the Openembedded-core
mailing list