Some openssl command line operations like creating an X.509 CSR require
the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes
-keyout my.key
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or
directory
140289168594176:error:02001002:system library:fopen:No such file or
directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
140289168594176:error:2006D080:BIO routines:BIO_new_file:no such
file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
which is the case e.g. in core-image-minimal with just the
package openssl-bin added to the image by declaring
IMAGE_INSTALL_append = " openssl-bin"
e.g. in local.conf.
The file does not exist in the aforementioned image / configuration
because it is packaged to the main openssl package
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
(there is no other FILES specification that would match the file either)
and
path/to/poky/build$ rpm --query --package --list
tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
[...]
/usr/lib/ssl-1.1/openssl.cnf
[...]
Hence make the ${PN}-bin package rdepend on the main package to have the
required file /usr/lib/ssl-1.1/openssl.cnf installed.
Note that the openssl recipe has the comment
Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
package RRECOMMENDS on this package. This will enable the configuration
file to be installed for both the openssl-bin package and the libcrypto
package since the openssl-bin package depends on the libcrypto package.
but openssl-conf only contains /etc/ssl/openssl.cnf
path/to/poky/build$ rpm --query --package --list
tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
/etc
/etc/ssl
/etc/ssl/openssl.cnf
/usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
../../../etc/ssl/openssl.cnf.
Signed-off-by: Hannu Lounento <[email protected]>
---
meta/recipes-connectivity/openssl/openssl_1.1.1g.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index 66fa8f7d0a..0ac40091fd 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -201,6 +201,7 @@ CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
+RDEPENDS_${PN}-bin += "${PN}"
BBCLASSEXTEND = "native nativesdk"
--
2.26.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140328):
https://lists.openembedded.org/g/openembedded-core/message/140328
Mute This Topic: https://lists.openembedded.org/mt/75335126/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
