[OE-core] [PATCH] rpm: use libgcrypt instead of NSS for cryptography

Mark Hatle mark.hatle at kernel.crashing.org
Wed Nov 20 17:51:31 UTC 2019 

Just as an ack.. Please get rid of NSS/NSPR ASAP, and move to libgcrypt.  Long
term it's a much much better solution.

--Mark

On 11/20/19 10:19 AM, Ross Burton wrote:
> RPM 4.15 by default will use libgcrypt instead of NSS for cryptography
> functions, but as we didn't have libgcrypt in DEPENDS it kept using NSS.
> 
> As RPM is the sole user of NSS/NSPR in oe-core, moving to libgcrypt can make a
> noticable difference to build time.  For example, building rpm (and packaging it
> as RPMs) from scratch is five minutes faster with libgcrypt.
> 
> Signed-off-by: Ross Burton <ross.burton at intel.com>
> ---
>  .../rpm/files/gcrypt-use-pkgconfig.patch      | 51 +++++++++++++++++++
>  meta/recipes-devtools/rpm/rpm_4.15.1.bb       |  5 +-
>  2 files changed, 54 insertions(+), 2 deletions(-)
>  create mode 100644 meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
> 
> diff --git a/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
> new file mode 100644
> index 00000000000..8c72d2310b6
> --- /dev/null
> +++ b/meta/recipes-devtools/rpm/files/gcrypt-use-pkgconfig.patch
> @@ -0,0 +1,51 @@
> +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/942]
> +Signed-off-by: Ross Burton <ross.burton at intel.com>
> +
> +From 3f6cda568853bf7878df704adc75d4a78d75346c Mon Sep 17 00:00:00 2001
> +From: Ross Burton <ross.burton at intel.com>
> +Date: Wed, 20 Nov 2019 13:06:51 +0000
> +Subject: [PATCH] configure.ac: prefer pkg-config to find libgcrypt
> +
> +libgcrypt from 1.8.5 provides a pkg-config file as well as the traditional
> +libgcrypt-config script.  As pkg-config is more resiliant in the face of
> +complicated build environments (for example cross-compilation and sysroots)
> +prefer the pkg-config file, falling back to libgcrypt-config if that doesn't
> +exist.
> +---
> + configure.ac | 23 +++++++++++++++--------
> + 1 file changed, 15 insertions(+), 8 deletions(-)
> +
> +diff --git a/configure.ac b/configure.ac
> +index 0a3a9bbf4..6a3ea3615 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -395,14 +395,21 @@ AC_SUBST(WITH_OPENSSL_LIB)
> + WITH_LIBGCRYPT_INCLUDE=
> + WITH_LIBGCRYPT_LIB=
> + if test "$with_crypto" = libgcrypt ; then
> +-AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
> +-if test notfound != "$LIBGCRYPT_CONFIG" ; then
> +-WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
> +-WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
> +-fi
> +-if test -z "$WITH_LIBGCRYPT_LIB" ; then
> +-AC_MSG_ERROR([libgcrypt not found])
> +-fi
> ++  # libgcrypt 1.8.5 onwards ships a pkg-config file so prefer that
> ++  PKG_CHECK_MODULES([LIBGCRYPT], [libgcrypt], [have_libgcrypt=yes], [have_libgcrypt=no])
> ++  if test "$have_libgcrypt" = "yes"; then
> ++    WITH_LIBGCRYPT_INCLUDE="$LIBGCRYPT_CFLAGS"
> ++    WITH_LIBGCRYPT_LIB="$LIBGCRYPT_LIBS"
> ++  else
> ++    AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, notfound)
> ++      if test notfound != "$LIBGCRYPT_CONFIG" ; then
> ++        WITH_LIBGCRYPT_INCLUDE=`$LIBGCRYPT_CONFIG --cflags`
> ++        WITH_LIBGCRYPT_LIB=`$LIBGCRYPT_CONFIG --libs`
> ++     fi
> ++     if test -z "$WITH_LIBGCRYPT_LIB" ; then
> ++       AC_MSG_ERROR([libgcrypt not found])
> ++    fi
> ++  fi
> + fi
> + 
> + AM_CONDITIONAL([WITH_LIBGCRYPT],[test "$with_crypto" = libgcrypt])
> diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> index 4fa2d764fb9..f033cf33144 100644
> --- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> +++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb
> @@ -38,6 +38,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \
>             file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \
>             file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
>             file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \
> +           file://gcrypt-use-pkgconfig.patch \
>             "
>  
>  PE = "1"
> @@ -45,7 +46,7 @@ SRCREV = "ab2179452c5be276a6b96c591afded485c7e58c3"
>  
>  S = "${WORKDIR}/git"
>  
> -DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3"
> +DEPENDS = "libarchive libgcrypt db file popt xz bzip2 dbus elfutils python3"
>  DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
>  
>  inherit autotools gettext pkgconfig python3native
> @@ -54,7 +55,7 @@ export PYTHON_ABI
>  # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
>  EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
>  
> -EXTRA_OECONF_append = " --without-lua --enable-python"
> +EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=libgcrypt"
>  EXTRA_OECONF_append_libc-musl = " --disable-nls"
>  
>  # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs
>

More information about the Openembedded-core mailing list