On Mon, 2020-07-06 at 18:23 +0300, Hannu Lounento wrote:
> Some openssl command line operations like creating an X.509 CSR require
> the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
>
> root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes
> -keyout my.key
> Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or
> directory
> 140289168594176:error:02001002:system library:fopen:No such file or
> directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
> 140289168594176:error:2006D080:BIO routines:BIO_new_file:no such
> file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
>
> which is the case e.g. in core-image-minimal with just the
> package openssl-bin added to the image by declaring
>
> IMAGE_INSTALL_append = " openssl-bin"
>
> e.g. in local.conf.
>
> The file does not exist in the aforementioned image / configuration
> because it is packaged to the main openssl package
>
> FILES_${PN} =+ "${libdir}/ssl-1.1/*"
>
> (there is no other FILES specification that would match the file either)
> and
>
> path/to/poky/build$ rpm --query --package --list
> tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
> [...]
> /usr/lib/ssl-1.1/openssl.cnf
> [...]
>
> Hence make the ${PN}-bin package rdepend on the main package to have the
> required file /usr/lib/ssl-1.1/openssl.cnf installed.
>
> Note that the openssl recipe has the comment
>
> Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
> package RRECOMMENDS on this package. This will enable the configuration
> file to be installed for both the openssl-bin package and the libcrypto
> package since the openssl-bin package depends on the libcrypto package.
>
> but openssl-conf only contains /etc/ssl/openssl.cnf
>
> path/to/poky/build$ rpm --query --package --list
> tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
> /etc
> /etc/ssl
> /etc/ssl/openssl.cnf
>
> /usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
> ../../../etc/ssl/openssl.cnf.
>
> Signed-off-by: Hannu Lounento <[email protected]>
> ---
> meta/recipes-connectivity/openssl/openssl_1.1.1g.bb | 1 +
> 1 file changed, 1 insertion(+)
Perhaps the correct fix here is to move the config file in /usr to the
-conf package?
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140370):
https://lists.openembedded.org/g/openembedded-core/message/140370
Mute This Topic: https://lists.openembedded.org/mt/75335126/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
