On Wed, Sep 25, 2019 at 1:37 PM Andre McCurdy <[email protected]> wrote: > > On Wed, Sep 25, 2019 at 11:13 AM George McCollister > <[email protected]> wrote: > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > > <[email protected]> wrote: > > > On 9/25/19 6:52 AM, George McCollister wrote: > > > > Set OPENSSL_ENGINES to the path where engines are actually installed. > > > > > > > > Signed-off-by: George McCollister <[email protected]> > > > > --- > > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > index 072f727e0b..8819e19ec4 100644 > > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > @@ -148,7 +148,7 @@ do_install_append_class-native () { > > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > > > + OPENSSL_ENGINES=${libdir}/engines-1.1 > > > > > > Is this a bug in the openssl recipe (it's placing engines in the wrong > > > place), > > > or a bug in the recipes providing acceleration engines and THEY are going > > > into > > > the wrong place? > > > > This recipe installs: > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > > > libp11 in meta-oe installs these: > > packages-split/libp11/usr/lib/engines-1.1 > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > > packages-split/libp11-dev/usr/lib/engines-1.1 > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > > > > > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > > > obscures > > > that they are OpenSSL related. > > > > I don't have a strong opinion either way but ssl-1.1/engines does make > > a bit more sense. > > Debian appears to install them in engines-1.1 though: > > https://packages.debian.org/buster/amd64/libssl1.1/filelist > > It would be interesting to know when the path in the -native wrapper > script stopped matching the path where the engines plugins are > installed. ie was the wrapper script always wrong? Did the default > install path used by openssl change at some point?
It's been wrong on and off with openssl 1.0 and I believe always wrong with openssl 1.1. > > > I do need this fixed in warrior though and wonder if anyone would > > gripe about changing where they are installed post release. > > > > How shall we proceed? Does anyone else want to chime in? > > The change being proposed is for the openssl-native wrapper script, so > won't affect anything on the target. > > I'm curious why openssl-native needs engines plugins at all? I need the pkcs11 engine for pkcs11 signing with an HSM. Unfortunately for me most people won't notice if the wrapper doesn't match the installed plugin path. -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
