Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 10/25/19 1:16 PM, George McCollister wrote: > Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to > warrior now that this has landed in master? once it makes it into zeus mainline. Its staged @ https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nmut while Richard sorts out a maintainer. - armin > Thanks, > George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to warrior now that this has landed in master? Thanks, George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 2:30 PM George McCollister wrote: > > On Wed, Sep 25, 2019 at 1:34 PM Khem Raj wrote: > > > > On 9/25/19 11:13 AM, George McCollister wrote: > > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > > > wrote: > > >> > > >> On 9/25/19 6:52 AM, George McCollister wrote: > > >>> Set OPENSSL_ENGINES to the path where engines are actually installed. > > >>> > > >>> Signed-off-by: George McCollister > > >>> --- > > >>> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > > >>> > > >>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > >>> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > >>> index 072f727e0b..8819e19ec4 100644 > > >>> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > >>> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > >>> @@ -148,7 +148,7 @@ do_install_append_class-native () { > > >>>OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > >>>SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > >>>SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > >>> - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > >>> + OPENSSL_ENGINES=${libdir}/engines-1.1 > > >> > > >> Is this a bug in the openssl recipe (it's placing engines in the wrong > > >> place), > > >> or a bug in the recipes providing acceleration engines and THEY are > > >> going into > > >> the wrong place? > > > > > > This recipe installs: > > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > > > > > libp11 in meta-oe installs these: > > > packages-split/libp11/usr/lib/engines-1.1 > > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > > > packages-split/libp11-dev/usr/lib/engines-1.1 > > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > > > >> > > >> The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > > >> obscures > > >> that they are OpenSSL related. > > > > > > I don't have a strong opinion either way but ssl-1.1/engines does make > > > a bit more sense. > > > Debian appears to install them in engines-1.1 though: > > > https://packages.debian.org/buster/amd64/libssl1.1/filelist > > > > > > I do need this fixed in warrior though and wonder if anyone would > > > gripe about changing where they are installed post release. > > > > > > How shall we proceed? Does anyone else want to chime in? > > > > > > > Using /usr/lib/ is known jargon and lets use it. I think doing > > it the way other distros are doing it and how upstream defaults are is > > also helpful. it reduced one more thing to worry about. Release branches > > should not be an issue as long as we have them packages in same output > > package. > > It looks like Fedora is also using engines-1.1: > https://apps.fedoraproject.org/packages/openssl-libs/ > > I've found there is no Configure switch to set the engines directory. > I believe it will require a patch to changes 3 - 4 lines in > Configurations/unix-Makefile.tmpl. > meta-oe/recipes-support/libp11/libp11_0.4.10.bb would also need to be > changed to use the new path. > > Is carrying a custom patch to deviate from the upstream package and > major distribution behavior really wise? > right. so lets not do it. > If there is somewhat of a consensus to go that way knowing it requires > a custom patch I'll send a patch for openssl and then one to fix > libp11 (which the first patch will break). > > > > > >> > > >> --Mark > > >> > > >>> } > > >>> > > >>> do_install_append_class-nativesdk () { > > >>> > > >> > > >> -- > > >> ___ > > >> Openembedded-core mailing list > > >> Openembedded-core@lists.openembedded.org > > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core > > > > > > -George > > > > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 1:34 PM Khem Raj wrote: > > On 9/25/19 11:13 AM, George McCollister wrote: > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > > wrote: > >> > >> On 9/25/19 6:52 AM, George McCollister wrote: > >>> Set OPENSSL_ENGINES to the path where engines are actually installed. > >>> > >>> Signed-off-by: George McCollister > >>> --- > >>> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> > >>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > >>> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > >>> index 072f727e0b..8819e19ec4 100644 > >>> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > >>> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > >>> @@ -148,7 +148,7 @@ do_install_append_class-native () { > >>>OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > >>>SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > >>>SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > >>> - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > >>> + OPENSSL_ENGINES=${libdir}/engines-1.1 > >> > >> Is this a bug in the openssl recipe (it's placing engines in the wrong > >> place), > >> or a bug in the recipes providing acceleration engines and THEY are going > >> into > >> the wrong place? > > > > This recipe installs: > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > > > libp11 in meta-oe installs these: > > packages-split/libp11/usr/lib/engines-1.1 > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > > packages-split/libp11-dev/usr/lib/engines-1.1 > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > >> > >> The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > >> obscures > >> that they are OpenSSL related. > > > > I don't have a strong opinion either way but ssl-1.1/engines does make > > a bit more sense. > > Debian appears to install them in engines-1.1 though: > > https://packages.debian.org/buster/amd64/libssl1.1/filelist > > > > I do need this fixed in warrior though and wonder if anyone would > > gripe about changing where they are installed post release. > > > > How shall we proceed? Does anyone else want to chime in? > > > > Using /usr/lib/ is known jargon and lets use it. I think doing > it the way other distros are doing it and how upstream defaults are is > also helpful. it reduced one more thing to worry about. Release branches > should not be an issue as long as we have them packages in same output > package. It looks like Fedora is also using engines-1.1: https://apps.fedoraproject.org/packages/openssl-libs/ I've found there is no Configure switch to set the engines directory. I believe it will require a patch to changes 3 - 4 lines in Configurations/unix-Makefile.tmpl. meta-oe/recipes-support/libp11/libp11_0.4.10.bb would also need to be changed to use the new path. Is carrying a custom patch to deviate from the upstream package and major distribution behavior really wise? If there is somewhat of a consensus to go that way knowing it requires a custom patch I'll send a patch for openssl and then one to fix libp11 (which the first patch will break). > > >> > >> --Mark > >> > >>> } > >>> > >>> do_install_append_class-nativesdk () { > >>> > >> > >> -- > >> ___ > >> Openembedded-core mailing list > >> Openembedded-core@lists.openembedded.org > >> http://lists.openembedded.org/mailman/listinfo/openembedded-core > > > > -George > > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 12:13 PM George McCollister wrote: > On Wed, Sep 25, 2019 at 1:37 PM Andre McCurdy wrote: > > > > On Wed, Sep 25, 2019 at 11:13 AM George McCollister > > wrote: > > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > > > wrote: > > > > On 9/25/19 6:52 AM, George McCollister wrote: > > > > > Set OPENSSL_ENGINES to the path where engines are actually installed. > > > > > > > > > > Signed-off-by: George McCollister > > > > > --- > > > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > > index 072f727e0b..8819e19ec4 100644 > > > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > > @@ -148,7 +148,7 @@ do_install_append_class-native () { > > > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > > > > + OPENSSL_ENGINES=${libdir}/engines-1.1 > > > > > > > > Is this a bug in the openssl recipe (it's placing engines in the wrong > > > > place), > > > > or a bug in the recipes providing acceleration engines and THEY are > > > > going into > > > > the wrong place? > > > > > > This recipe installs: > > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > > > > > libp11 in meta-oe installs these: > > > packages-split/libp11/usr/lib/engines-1.1 > > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > > > packages-split/libp11-dev/usr/lib/engines-1.1 > > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > > > > > > > > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > > > > obscures > > > > that they are OpenSSL related. > > > > > > I don't have a strong opinion either way but ssl-1.1/engines does make > > > a bit more sense. > > > Debian appears to install them in engines-1.1 though: > > > https://packages.debian.org/buster/amd64/libssl1.1/filelist > > > > It would be interesting to know when the path in the -native wrapper > > script stopped matching the path where the engines plugins are > > installed. ie was the wrapper script always wrong? Did the default > > install path used by openssl change at some point? > > It's been wrong on and off with openssl 1.0 and I believe always wrong > with openssl 1.1. > > > > > > I do need this fixed in warrior though and wonder if anyone would > > > gripe about changing where they are installed post release. > > > > > > How shall we proceed? Does anyone else want to chime in? > > > > The change being proposed is for the openssl-native wrapper script, so > > won't affect anything on the target. > > > > I'm curious why openssl-native needs engines plugins at all? > > I need the pkcs11 engine for pkcs11 signing with an HSM. Unfortunately > for me most people won't notice if the wrapper doesn't match the > installed plugin path. OK. Not a use case which others are very likely to see, but good to have it fixed anyway. Note that (for unknown historical reasons) native and nativesdk use different approaches to ensuring that these paths are correctly defined. Native uses a wrapper script and nativesdk exports environment variables globally via the SDK environment-setup script. They probably both need fixing. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 1:37 PM Andre McCurdy wrote: > > On Wed, Sep 25, 2019 at 11:13 AM George McCollister > wrote: > > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > > wrote: > > > On 9/25/19 6:52 AM, George McCollister wrote: > > > > Set OPENSSL_ENGINES to the path where engines are actually installed. > > > > > > > > Signed-off-by: George McCollister > > > > --- > > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > index 072f727e0b..8819e19ec4 100644 > > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > > @@ -148,7 +148,7 @@ do_install_append_class-native () { > > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > > > + OPENSSL_ENGINES=${libdir}/engines-1.1 > > > > > > Is this a bug in the openssl recipe (it's placing engines in the wrong > > > place), > > > or a bug in the recipes providing acceleration engines and THEY are going > > > into > > > the wrong place? > > > > This recipe installs: > > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > > > libp11 in meta-oe installs these: > > packages-split/libp11/usr/lib/engines-1.1 > > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > > packages-split/libp11-dev/usr/lib/engines-1.1 > > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > > > > > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > > > obscures > > > that they are OpenSSL related. > > > > I don't have a strong opinion either way but ssl-1.1/engines does make > > a bit more sense. > > Debian appears to install them in engines-1.1 though: > > https://packages.debian.org/buster/amd64/libssl1.1/filelist > > It would be interesting to know when the path in the -native wrapper > script stopped matching the path where the engines plugins are > installed. ie was the wrapper script always wrong? Did the default > install path used by openssl change at some point? It's been wrong on and off with openssl 1.0 and I believe always wrong with openssl 1.1. > > > I do need this fixed in warrior though and wonder if anyone would > > gripe about changing where they are installed post release. > > > > How shall we proceed? Does anyone else want to chime in? > > The change being proposed is for the openssl-native wrapper script, so > won't affect anything on the target. > > I'm curious why openssl-native needs engines plugins at all? I need the pkcs11 engine for pkcs11 signing with an HSM. Unfortunately for me most people won't notice if the wrapper doesn't match the installed plugin path. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 11:13 AM George McCollister wrote: > On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle > wrote: > > On 9/25/19 6:52 AM, George McCollister wrote: > > > Set OPENSSL_ENGINES to the path where engines are actually installed. > > > > > > Signed-off-by: George McCollister > > > --- > > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > index 072f727e0b..8819e19ec4 100644 > > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > > @@ -148,7 +148,7 @@ do_install_append_class-native () { > > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > > + OPENSSL_ENGINES=${libdir}/engines-1.1 > > > > Is this a bug in the openssl recipe (it's placing engines in the wrong > > place), > > or a bug in the recipes providing acceleration engines and THEY are going > > into > > the wrong place? > > This recipe installs: > packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so > packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so > packages-split/openssl-engines/usr/lib/engines-1.1/capi.so > > libp11 in meta-oe installs these: > packages-split/libp11/usr/lib/engines-1.1 > packages-split/libp11/usr/lib/engines-1.1/pkcs11.so > packages-split/libp11-dev/usr/lib/engines-1.1 > packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > > > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 > > obscures > > that they are OpenSSL related. > > I don't have a strong opinion either way but ssl-1.1/engines does make > a bit more sense. > Debian appears to install them in engines-1.1 though: > https://packages.debian.org/buster/amd64/libssl1.1/filelist It would be interesting to know when the path in the -native wrapper script stopped matching the path where the engines plugins are installed. ie was the wrapper script always wrong? Did the default install path used by openssl change at some point? > I do need this fixed in warrior though and wonder if anyone would > gripe about changing where they are installed post release. > > How shall we proceed? Does anyone else want to chime in? The change being proposed is for the openssl-native wrapper script, so won't affect anything on the target. I'm curious why openssl-native needs engines plugins at all? -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 9/25/19 11:13 AM, George McCollister wrote: On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle wrote: On 9/25/19 6:52 AM, George McCollister wrote: Set OPENSSL_ENGINES to the path where engines are actually installed. Signed-off-by: George McCollister --- meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index 072f727e0b..8819e19ec4 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -148,7 +148,7 @@ do_install_append_class-native () { OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines + OPENSSL_ENGINES=${libdir}/engines-1.1 Is this a bug in the openssl recipe (it's placing engines in the wrong place), or a bug in the recipes providing acceleration engines and THEY are going into the wrong place? This recipe installs: packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so packages-split/openssl-engines/usr/lib/engines-1.1/capi.so libp11 in meta-oe installs these: packages-split/libp11/usr/lib/engines-1.1 packages-split/libp11/usr/lib/engines-1.1/pkcs11.so packages-split/libp11-dev/usr/lib/engines-1.1 packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures that they are OpenSSL related. I don't have a strong opinion either way but ssl-1.1/engines does make a bit more sense. Debian appears to install them in engines-1.1 though: https://packages.debian.org/buster/amd64/libssl1.1/filelist I do need this fixed in warrior though and wonder if anyone would gripe about changing where they are installed post release. How shall we proceed? Does anyone else want to chime in? Using /usr/lib/ is known jargon and lets use it. I think doing it the way other distros are doing it and how upstream defaults are is also helpful. it reduced one more thing to worry about. Release branches should not be an issue as long as we have them packages in same output package. --Mark } do_install_append_class-nativesdk () { -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On Wed, Sep 25, 2019 at 11:08 AM Mark Hatle wrote: > > On 9/25/19 6:52 AM, George McCollister wrote: > > Set OPENSSL_ENGINES to the path where engines are actually installed. > > > > Signed-off-by: George McCollister > > --- > > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > index 072f727e0b..8819e19ec4 100644 > > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > > @@ -148,7 +148,7 @@ do_install_append_class-native () { > > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > > + OPENSSL_ENGINES=${libdir}/engines-1.1 > > Is this a bug in the openssl recipe (it's placing engines in the wrong place), > or a bug in the recipes providing acceleration engines and THEY are going into > the wrong place? This recipe installs: packages-split/openssl-engines/usr/lib/engines-1.1/afalg.so packages-split/openssl-engines/usr/lib/engines-1.1/padlock.so packages-split/openssl-engines/usr/lib/engines-1.1/capi.so libp11 in meta-oe installs these: packages-split/libp11/usr/lib/engines-1.1 packages-split/libp11/usr/lib/engines-1.1/pkcs11.so packages-split/libp11-dev/usr/lib/engines-1.1 packages-split/libp11-dev/usr/lib/engines-1.1/libpkcs11.so > > The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures > that they are OpenSSL related. I don't have a strong opinion either way but ssl-1.1/engines does make a bit more sense. Debian appears to install them in engines-1.1 though: https://packages.debian.org/buster/amd64/libssl1.1/filelist I do need this fixed in warrior though and wonder if anyone would gripe about changing where they are installed post release. How shall we proceed? Does anyone else want to chime in? > > --Mark > > > } > > > > do_install_append_class-nativesdk () { > > > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -George -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
On 9/25/19 6:52 AM, George McCollister wrote: > Set OPENSSL_ENGINES to the path where engines are actually installed. > > Signed-off-by: George McCollister > --- > meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > index 072f727e0b..8819e19ec4 100644 > --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb > @@ -148,7 +148,7 @@ do_install_append_class-native () { > OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ > SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ > SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ > - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines > + OPENSSL_ENGINES=${libdir}/engines-1.1 Is this a bug in the openssl recipe (it's placing engines in the wrong place), or a bug in the recipes providing acceleration engines and THEY are going into the wrong place? The ssl-1.1/engines makes more sense to me.. as /usr/lib/engines-1.1 obscures that they are OpenSSL related. --Mark > } > > do_install_append_class-nativesdk () { > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path
Set OPENSSL_ENGINES to the path where engines are actually installed. Signed-off-by: George McCollister --- meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index 072f727e0b..8819e19ec4 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb @@ -148,7 +148,7 @@ do_install_append_class-native () { OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/ssl-1.1/engines + OPENSSL_ENGINES=${libdir}/engines-1.1 } do_install_append_class-nativesdk () { -- 2.22.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core