Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 10/25/19 1:16 PM, George McCollister wrote: > Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to > warrior now that this has landed in master? once it makes it into zeus mainline. Its staged @ https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nmut while Richard sorts out a maintainer. - armin > Thanks, > George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to warrior now that this has landed in master? Thanks, George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 2:30 PM George McCollister
wrote:
>
> On Wed, Sep 25, 2019 at 1:34 PM Khem Raj wrote:
> >
> > On 9/25/19 11:13 AM, George McCollister wrote:
> > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
> > > wrote:
> > >>
> > >> On 9/25/19 6:52 AM, George McCollister wrote:
> > >>> Set OPENSSL_ENGINES to the path where engines are actually installed.
> > >>>
> > >>> Signed-off-by: George McCollister
> > >>> ---
> > >>> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> > >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> > >>>
> > >>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > >>> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > >>> index 072f727e0b..8819e19ec4 100644
> > >>> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > >>> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > >>> @@ -148,7 +148,7 @@ do_install_append_class-native () {
> > >>>OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> > >>>SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> > >>>SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> > >>> - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> > >>> + OPENSSL_ENGINES=${libdir}/engines-1.1
> > >>
> > >> Is this a bug in the openssl recipe (it's placing engines in the wrong
> > >> place),
> > >> or a bug in the recipes providing acceleration engines and THEY are
> > >> going into
> > >> the wrong place?
> > >
> > > This recipe installs:
> > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
> > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
> > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
> > >
> > > libp11 in meta-oe installs these:
> > > packages-split/libp11/usr/lib/engines-1.1
> > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
> > > packages-split/libp11-dev/usr/lib/engines-1.1
> > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
> > >
> > >>
> > >> The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1
> > >> obscures
> > >> that they are OpenSSL related.
> > >
> > > I don't have a strong opinion either way but ssl-1.1/engines does make
> > > a bit more sense.
> > > Debian appears to install them in engines-1.1 though:
> > > https://packages.debian.org/buster/amd64/libssl1.1/filelist
> > >
> > > I do need this fixed in warrior though and wonder if anyone would
> > > gripe about changing where they are installed post release.
> > >
> > > How shall we proceed? Does anyone else want to chime in?
> > >
> >
> > Using /usr/lib/ is known jargon and lets use it. I think doing
> > it the way other distros are doing it and how upstream defaults are is
> > also helpful. it reduced one more thing to worry about. Release branches
> > should not be an issue as long as we have them packages in same output
> > package.
>
> It looks like Fedora is also using engines-1.1:
> https://apps.fedoraproject.org/packages/openssl-libs/
>
> I've found there is no Configure switch to set the engines directory.
> I believe it will require a patch to changes 3 - 4 lines in
> Configurations/unix-Makefile.tmpl.
> meta-oe/recipes-support/libp11/libp11_0.4.10.bb would also need to be
> changed to use the new path.
>
> Is carrying a custom patch to deviate from the upstream package and
> major distribution behavior really wise?
>
right. so lets not do it.
> If there is somewhat of a consensus to go that way knowing it requires
> a custom patch I'll send a patch for openssl and then one to fix
> libp11 (which the first patch will break).
>
> >
> > >>
> > >> --Mark
> > >>
> > >>> }
> > >>>
> > >>> do_install_append_class-nativesdk () {
> > >>>
> > >>
> > >> --
> > >> ___
> > >> Openembedded-core mailing list
> > >> Openembedded-core@lists.openembedded.org
> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> > >
> > > -George
> > >
> >
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 1:34 PM Khem Raj wrote:
>
> On 9/25/19 11:13 AM, George McCollister wrote:
> > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
> > wrote:
> >>
> >> On 9/25/19 6:52 AM, George McCollister wrote:
> >>> Set OPENSSL_ENGINES to the path where engines are actually installed.
> >>>
> >>> Signed-off-by: George McCollister
> >>> ---
> >>> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> >>> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> >>> index 072f727e0b..8819e19ec4 100644
> >>> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> >>> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> >>> @@ -148,7 +148,7 @@ do_install_append_class-native () {
> >>>OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> >>>SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> >>>SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> >>> - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> >>> + OPENSSL_ENGINES=${libdir}/engines-1.1
> >>
> >> Is this a bug in the openssl recipe (it's placing engines in the wrong
> >> place),
> >> or a bug in the recipes providing acceleration engines and THEY are going
> >> into
> >> the wrong place?
> >
> > This recipe installs:
> > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
> > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
> > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
> >
> > libp11 in meta-oe installs these:
> > packages-split/libp11/usr/lib/engines-1.1
> > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
> > packages-split/libp11-dev/usr/lib/engines-1.1
> > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
> >
> >>
> >> The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1
> >> obscures
> >> that they are OpenSSL related.
> >
> > I don't have a strong opinion either way but ssl-1.1/engines does make
> > a bit more sense.
> > Debian appears to install them in engines-1.1 though:
> > https://packages.debian.org/buster/amd64/libssl1.1/filelist
> >
> > I do need this fixed in warrior though and wonder if anyone would
> > gripe about changing where they are installed post release.
> >
> > How shall we proceed? Does anyone else want to chime in?
> >
>
> Using /usr/lib/ is known jargon and lets use it. I think doing
> it the way other distros are doing it and how upstream defaults are is
> also helpful. it reduced one more thing to worry about. Release branches
> should not be an issue as long as we have them packages in same output
> package.
It looks like Fedora is also using engines-1.1:
https://apps.fedoraproject.org/packages/openssl-libs/
I've found there is no Configure switch to set the engines directory.
I believe it will require a patch to changes 3 - 4 lines in
Configurations/unix-Makefile.tmpl.
meta-oe/recipes-support/libp11/libp11_0.4.10.bb would also need to be
changed to use the new path.
Is carrying a custom patch to deviate from the upstream package and
major distribution behavior really wise?
If there is somewhat of a consensus to go that way knowing it requires
a custom patch I'll send a patch for openssl and then one to fix
libp11 (which the first patch will break).
>
> >>
> >> --Mark
> >>
> >>> }
> >>>
> >>> do_install_append_class-nativesdk () {
> >>>
> >>
> >> --
> >> ___
> >> Openembedded-core mailing list
> >> Openembedded-core@lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >
> > -George
> >
>
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 12:13 PM George McCollister
wrote:
> On Wed, Sep 25, 2019 at 1:37 PM Andre McCurdy wrote:
> >
> > On Wed, Sep 25, 2019 at 11:13 AM George McCollister
> > wrote:
> > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
> > > wrote:
> > > > On 9/25/19 6:52 AM, George McCollister wrote:
> > > > > Set OPENSSL_ENGINES to the path where engines are actually installed.
> > > > >
> > > > > Signed-off-by: George McCollister
> > > > > ---
> > > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > >
> > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > > index 072f727e0b..8819e19ec4 100644
> > > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > > @@ -148,7 +148,7 @@ do_install_append_class-native () {
> > > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> > > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> > > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> > > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> > > > > + OPENSSL_ENGINES=${libdir}/engines-1.1
> > > >
> > > > Is this a bug in the openssl recipe (it's placing engines in the wrong
> > > > place),
> > > > or a bug in the recipes providing acceleration engines and THEY are
> > > > going into
> > > > the wrong place?
> > >
> > > This recipe installs:
> > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
> > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
> > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
> > >
> > > libp11 in meta-oe installs these:
> > > packages-split/libp11/usr/lib/engines-1.1
> > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
> > > packages-split/libp11-dev/usr/lib/engines-1.1
> > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
> > >
> > > >
> > > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1
> > > > obscures
> > > > that they are OpenSSL related.
> > >
> > > I don't have a strong opinion either way but ssl-1.1/engines does make
> > > a bit more sense.
> > > Debian appears to install them in engines-1.1 though:
> > > https://packages.debian.org/buster/amd64/libssl1.1/filelist
> >
> > It would be interesting to know when the path in the -native wrapper
> > script stopped matching the path where the engines plugins are
> > installed. ie was the wrapper script always wrong? Did the default
> > install path used by openssl change at some point?
>
> It's been wrong on and off with openssl 1.0 and I believe always wrong
> with openssl 1.1.
>
> >
> > > I do need this fixed in warrior though and wonder if anyone would
> > > gripe about changing where they are installed post release.
> > >
> > > How shall we proceed? Does anyone else want to chime in?
> >
> > The change being proposed is for the openssl-native wrapper script, so
> > won't affect anything on the target.
> >
> > I'm curious why openssl-native needs engines plugins at all?
>
> I need the pkcs11 engine for pkcs11 signing with an HSM. Unfortunately
> for me most people won't notice if the wrapper doesn't match the
> installed plugin path.
OK. Not a use case which others are very likely to see, but good to
have it fixed anyway.
Note that (for unknown historical reasons) native and nativesdk use
different approaches to ensuring that these paths are correctly
defined. Native uses a wrapper script and nativesdk exports
environment variables globally via the SDK environment-setup script.
They probably both need fixing.
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 1:37 PM Andre McCurdy wrote:
>
> On Wed, Sep 25, 2019 at 11:13 AM George McCollister
> wrote:
> > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
> > wrote:
> > > On 9/25/19 6:52 AM, George McCollister wrote:
> > > > Set OPENSSL_ENGINES to the path where engines are actually installed.
> > > >
> > > > Signed-off-by: George McCollister
> > > > ---
> > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > index 072f727e0b..8819e19ec4 100644
> > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > > @@ -148,7 +148,7 @@ do_install_append_class-native () {
> > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> > > > + OPENSSL_ENGINES=${libdir}/engines-1.1
> > >
> > > Is this a bug in the openssl recipe (it's placing engines in the wrong
> > > place),
> > > or a bug in the recipes providing acceleration engines and THEY are going
> > > into
> > > the wrong place?
> >
> > This recipe installs:
> > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
> > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
> > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
> >
> > libp11 in meta-oe installs these:
> > packages-split/libp11/usr/lib/engines-1.1
> > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
> > packages-split/libp11-dev/usr/lib/engines-1.1
> > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
> >
> > >
> > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1
> > > obscures
> > > that they are OpenSSL related.
> >
> > I don't have a strong opinion either way but ssl-1.1/engines does make
> > a bit more sense.
> > Debian appears to install them in engines-1.1 though:
> > https://packages.debian.org/buster/amd64/libssl1.1/filelist
>
> It would be interesting to know when the path in the -native wrapper
> script stopped matching the path where the engines plugins are
> installed. ie was the wrapper script always wrong? Did the default
> install path used by openssl change at some point?
It's been wrong on and off with openssl 1.0 and I believe always wrong
with openssl 1.1.
>
> > I do need this fixed in warrior though and wonder if anyone would
> > gripe about changing where they are installed post release.
> >
> > How shall we proceed? Does anyone else want to chime in?
>
> The change being proposed is for the openssl-native wrapper script, so
> won't affect anything on the target.
>
> I'm curious why openssl-native needs engines plugins at all?
I need the pkcs11 engine for pkcs11 signing with an HSM. Unfortunately
for me most people won't notice if the wrapper doesn't match the
installed plugin path.
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 11:13 AM George McCollister
wrote:
> On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
> wrote:
> > On 9/25/19 6:52 AM, George McCollister wrote:
> > > Set OPENSSL_ENGINES to the path where engines are actually installed.
> > >
> > > Signed-off-by: George McCollister
> > > ---
> > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > index 072f727e0b..8819e19ec4 100644
> > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > > @@ -148,7 +148,7 @@ do_install_append_class-native () {
> > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> > > + OPENSSL_ENGINES=${libdir}/engines-1.1
> >
> > Is this a bug in the openssl recipe (it's placing engines in the wrong
> > place),
> > or a bug in the recipes providing acceleration engines and THEY are going
> > into
> > the wrong place?
>
> This recipe installs:
> packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
> packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
> packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
>
> libp11 in meta-oe installs these:
> packages-split/libp11/usr/lib/engines-1.1
> packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
> packages-split/libp11-dev/usr/lib/engines-1.1
> packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
>
> >
> > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1
> > obscures
> > that they are OpenSSL related.
>
> I don't have a strong opinion either way but ssl-1.1/engines does make
> a bit more sense.
> Debian appears to install them in engines-1.1 though:
> https://packages.debian.org/buster/amd64/libssl1.1/filelist
It would be interesting to know when the path in the -native wrapper
script stopped matching the path where the engines plugins are
installed. ie was the wrapper script always wrong? Did the default
install path used by openssl change at some point?
> I do need this fixed in warrior though and wonder if anyone would
> gripe about changing where they are installed post release.
>
> How shall we proceed? Does anyone else want to chime in?
The change being proposed is for the openssl-native wrapper script, so
won't affect anything on the target.
I'm curious why openssl-native needs engines plugins at all?
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 9/25/19 11:13 AM, George McCollister wrote:
On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
wrote:
On 9/25/19 6:52 AM, George McCollister wrote:
Set OPENSSL_ENGINES to the path where engines are actually installed.
Signed-off-by: George McCollister
---
meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 072f727e0b..8819e19ec4 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+ OPENSSL_ENGINES=${libdir}/engines-1.1
Is this a bug in the openssl recipe (it's placing engines in the wrong place),
or a bug in the recipes providing acceleration engines and THEY are going into
the wrong place?
This recipe installs:
packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
libp11 in meta-oe installs these:
packages-split/libp11/usr/lib/engines-1.1
packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
packages-split/libp11-dev/usr/lib/engines-1.1
packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures
that they are OpenSSL related.
I don't have a strong opinion either way but ssl-1.1/engines does make
a bit more sense.
Debian appears to install them in engines-1.1 though:
https://packages.debian.org/buster/amd64/libssl1.1/filelist
I do need this fixed in warrior though and wonder if anyone would
gripe about changing where they are installed post release.
How shall we proceed? Does anyone else want to chime in?
Using /usr/lib/ is known jargon and lets use it. I think doing
it the way other distros are doing it and how upstream defaults are is
also helpful. it reduced one more thing to worry about. Release branches
should not be an issue as long as we have them packages in same output
package.
--Mark
}
do_install_append_class-nativesdk () {
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
-George
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle
wrote:
>
> On 9/25/19 6:52 AM, George McCollister wrote:
> > Set OPENSSL_ENGINES to the path where engines are actually installed.
> >
> > Signed-off-by: George McCollister
> > ---
> > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > index 072f727e0b..8819e19ec4 100644
> > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> > @@ -148,7 +148,7 @@ do_install_append_class-native () {
> > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> > + OPENSSL_ENGINES=${libdir}/engines-1.1
>
> Is this a bug in the openssl recipe (it's placing engines in the wrong place),
> or a bug in the recipes providing acceleration engines and THEY are going into
> the wrong place?
This recipe installs:
packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so
packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so
packages-split/openssl-engines/usr/lib/engines-1.1/capi.so
libp11 in meta-oe installs these:
packages-split/libp11/usr/lib/engines-1.1
packages-split/libp11/usr/lib/engines-1.1/pkcs11.so
packages-split/libp11-dev/usr/lib/engines-1.1
packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so
>
> The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures
> that they are OpenSSL related.
I don't have a strong opinion either way but ssl-1.1/engines does make
a bit more sense.
Debian appears to install them in engines-1.1 though:
https://packages.debian.org/buster/amd64/libssl1.1/filelist
I do need this fixed in warrior though and wonder if anyone would
gripe about changing where they are installed post release.
How shall we proceed? Does anyone else want to chime in?
>
> --Mark
>
> > }
> >
> > do_install_append_class-nativesdk () {
> >
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
-George
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 9/25/19 6:52 AM, George McCollister wrote:
> Set OPENSSL_ENGINES to the path where engines are actually installed.
>
> Signed-off-by: George McCollister
> ---
> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> index 072f727e0b..8819e19ec4 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> @@ -148,7 +148,7 @@ do_install_append_class-native () {
> OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
> SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
> SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
> - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
> + OPENSSL_ENGINES=${libdir}/engines-1.1
Is this a bug in the openssl recipe (it's placing engines in the wrong place),
or a bug in the recipes providing acceleration engines and THEY are going into
the wrong place?
The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures
that they are OpenSSL related.
--Mark
> }
>
> do_install_append_class-nativesdk () {
>
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
Set OPENSSL_ENGINES to the path where engines are actually installed.
Signed-off-by: George McCollister
---
meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 072f727e0b..8819e19ec4 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
- OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+ OPENSSL_ENGINES=${libdir}/engines-1.1
}
do_install_append_class-nativesdk () {
--
2.22.0
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
