Fixes [YOCTO #15416] Adds legacy-openssl packageconfig option to allow users to specify if they would like the cryptography module to support the legacy OpenSSL module or not. The legacy-openssl packageconfig option ensures the openssl-ossl-module-legacy package is set as a runtime dependency. If the packageconfig option is disabled, CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY will prevent the library from ever attempting to load the legacy provdier.
Signed-off-by: Colin Pinnell McAllister <[email protected]> --- I wasn't sure if this new packageconfig option should be enabled or disabled by default. Leaving it enabled seems like the less disruptive option, although it's leaving the module in a less secure state by default. I'm happy to update the patch to leave the option disabled by default if others think that would be better. meta/recipes-devtools/python/python3-cryptography.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/python/python3-cryptography.bb b/meta/recipes-devtools/python/python3-cryptography.bb index b3b45cd172..366fda5e87 100644 --- a/meta/recipes-devtools/python/python3-cryptography.bb +++ b/meta/recipes-devtools/python/python3-cryptography.bb @@ -22,6 +22,11 @@ require ${BPN}-crates.inc inherit pypi python_maturin cargo-update-recipe-crates pkgconfig +PACKAGECONFIG ??= "legacy-openssl" +PACKAGECONFIG[legacy-openssl] = ",,,openssl-ossl-module-legacy" + +export CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY = "${@bb.utils.contains('PACKAGECONFIG', 'legacy-openssl', '0', '1', d)}" + DEPENDS += " \ python3-cffi-native \ openssl \ -- 2.49.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229831): https://lists.openembedded.org/g/openembedded-core/message/229831 Mute This Topic: https://lists.openembedded.org/mt/117394116/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
