Ken Moffat wrote:
On Wed, Feb 07, 2018 at 10:50:57AM +0100, Pierre Labastie wrote:
On 07/02/2018 06:36, Bruce Dubbs wrote:
Ken Moffat wrote:
On Tue, Feb 06, 2018 at 07:06:22PM -0500, Ryan Marsaw wrote:
On Tue, 6 Feb 2018, wrote:

On Mon, 5 Feb 2018, wrote:
I got the following message when I built the Linux kernel 4.15:

fatal error: openssl/bio.h: No such file or directory
OK. I believe I've figured this out.

[...] Interesting and clever stuff
Thanks for the investigation - on one of my machines The first
kernel I built in chroot (before any of BLFS) was 4.15.0-rc4 on 22nd
December, so the dependency seems to have sneaked in after that (to fix
wireless regulatory problems, according to that link).

Bad news for those of us with machines which do not have wireless
connections :-(

Nope. The faulty switch is not selected if "Wireless" is not selected (in
"Networking support" menu. That's why I haven't seen the dependency on openssl
although I have gone through a lot of LFS builds lately (for testing jhalfs),
with 4.15{,.1} kernels.

Agreed - on my .config I can still build 4.5.2 in chroot without
needing openssl, so I retract the false statement that this sneaked
in after -rc4.

I do build openssl before I boot, but adding it seems like a
sledgehammer to crack a kernel config problem.

I agree.  I read the link above and the patch was rejected, but I also found:

It says:

"You should disable this option unless you are both capable and willing to
ensure your system will remain regulatory compliant with the features
available under this option. "

Hmm: I understand it says "don't change the defaults" that become visible if
that option is selected.

I think it should be disabled for LFS users and it is disabled by default.

The "option"  CFG80211_REQUIRE_SIGNED_REGDB seems to the problem.

Turning it off is difficult.  It requires enabling CONFIG_EXPERT:

General setup  --->
  Configure standard kernel features (expert users)

But that also says: "Only use this if you really know what you are doing."

It also turns on a lot of options we do not want, e.g. Kernel debugging which
we can't otherwise turn off.

The only options I can see for us is to either:

sed -e '/regdb signature/{N;s/y/CFG80211_CERTIFICATION_ONUS/}' \
     -i net/wireless/Kconfig

before menuconfig OR

sed -e '/REQUIRE_SIGNED_REGDB/s/y/n/' \
     -i .config

Or build openssl in LFS. I've done some testing with the new jhalfs-blfs
dependency engine:  when you select almost any package with optional
dependencies (which as a rule brings in half of the BLFS packages), openssl
appears among the first ten built packages... To me, it means it is a
requirement for almost anything in BLFS.

And IIUC, if I had a wireless card on my system, I wouldn't like this option
being turned off, since it would allow regulatory databases to be loaded
without checking their authenticity...


BUT - if I was building for the first time, I don't think *any*
wireless actually *works* without significant other items from BLFS

If somebody has already built LFS before, I suppose I expect them to
know what parts of BLFS are needed, and therefore what might be
needed to bring the new system up (e.g. some means of downloading
packages in the minimal case).  The only part-comparable things I can
come up with for *my* use case (I don't have a laptop powerful enough
to build recent LFS, my netbook never leaves the house now and gets
very restricted use/updates) are:

  radeon firmware - I add this to new systems on desktops with radeon

  nfs - I have a lot of my files on nfs, so I build this before

So I'm reluctant to see openssl added to LFS,

Too late...   :)

but if we add it then
perhaps we ought to add a big chunk of BLFS to get working wifi ?

What is needed is wireless tools and wpa_supplicant. We recommend libnl for wpa_supplicant. The other tools are network manager and wicd, but those are well beyond LFS.

Generally we expect a wired connection in LFS and I don't know of may laptops that don't have that. There may be come devices that only have wifi, but those are pretty specialized.

The theory behind openssl in LFS is that we have everything to build the kernel there. From a practical perspective, several rebuilds in BLFS are needed.

Or do we just need to point out that people building wireless
drivers will need to add *at least* openssl before building the
kernel ?

One advantage of moving openssl to LFS is that we can remove a ton of dependency references to it.

For a working wifi connection firmware is probably needed as well
as a choice of the tool to bring the connection up.  For  *working*
openssl, at least the certificates are needed.

Yes certs are needed, but I think they can wait for BLFS. The first place those are really needed for most users is at openssh. I could be wrong, but AFAIK, certs are not used for establishing a secure wifi connection. Certs are generally for end-to-end connections

  -- Bruce
Unsubscribe: See the above information page

Reply via email to