Re: [OE-core] [RFC][PATCH 4/5] libressl: add a recipe to support openssh

2018-04-11 Thread Andre McCurdy 
On Wed, Apr 11, 2018 at 3:03 AM, Alexander Kanavin
 wrote:
> On 04/11/2018 11:38 AM, Andre McCurdy wrote:
>>
>> I played around with completely replacing openssl with libressl a year
>> or so ago and it went fairly smoothly (at least as far as I tested).
>> That was with libressl 2.4.2 and my recipe built with autotools rather
>> than cmake though. Did you try to build with autotools? That still
>> appears to be the option mentioned first in the libressl README.
>
> That's not however the options I would take first, as the recipe maintainer
> :) Autotools is horrible in many ways; while cmake is not great, it's
> definitely less horrible.

Well, as you're the one writing the recipe you get to make the choice
:-) But if one "just works" and the other requires patches that might
sway the choice a little. I wasn't sure if you'd even looked at the
autotools build.

Either option is a vast improvement on the openssl build system
though. Libressl seems to have done a lot of valuable cleanup in that
respect.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [RFC][PATCH 4/5] libressl: add a recipe to support openssh

2018-04-11 Thread Alexander Kanavin 

On 04/11/2018 11:38 AM, Andre McCurdy wrote:

I played around with completely replacing openssl with libressl a year
or so ago and it went fairly smoothly (at least as far as I tested).
That was with libressl 2.4.2 and my recipe built with autotools rather
than cmake though. Did you try to build with autotools? That still
appears to be the option mentioned first in the libressl README.


That's not however the options I would take first, as the recipe 
maintainer :) Autotools is horrible in many ways; while cmake is not 
great, it's definitely less horrible.



Alex
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [RFC][PATCH 4/5] libressl: add a recipe to support openssh

2018-04-11 Thread Andre McCurdy 
On Tue, Apr 10, 2018 at 5:07 AM, Alexander Kanavin
 wrote:
> After reading through this:
>
> https://github.com/openssh/openssh-portable/pull/48
>
> and this thread:
>
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036344.html
>
> I've concluded that this is the best of the three not-great options. The 
> alternatives:
>
> - bundle libressl inside openssh packages
> - keep openssh dependent on openssl 1.0 and wait until upstream does something
>
> are both inferior. Libressl is used with openssh in OpenBSD and in OS X,
> so it did get at least some testing in the real world.
>
> Signed-off-by: Alexander Kanavin 
> ---
>  ...c-libraries-with-their-library-dependenci.patch | 74 
> ++
>  .../libressl/libressl_2.7.2.bb | 31 +
>  2 files changed, 105 insertions(+)
>  create mode 100644 
> meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
>  create mode 100644 meta/recipes-connectivity/libressl/libressl_2.7.2.bb
>
> diff --git 
> a/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
>  
> b/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
> new file mode 100644
> index 000..977158fb673
> --- /dev/null
> +++ 
> b/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
> @@ -0,0 +1,74 @@
> +From 2e433aa5bb243c608930bdb46fbf55a31231a7bd Mon Sep 17 00:00:00 2001
> +From: Alexander Kanavin 
> +Date: Mon, 9 Apr 2018 18:02:56 +0300
> +Subject: [PATCH] Link dynamic libraries with their library dependencies.
> +
> +It does seem like outside of OpenBSD, no one has actually used libressl yet.

I played around with completely replacing openssl with libressl a year
or so ago and it went fairly smoothly (at least as far as I tested).
That was with libressl 2.4.2 and my recipe built with autotools rather
than cmake though. Did you try to build with autotools? That still
appears to be the option mentioned first in the libressl README.

> +Upstream-Status: Pending
> +Signed-off-by: Alexander Kanavin 
> +---
> + CMakeLists.txt| 7 ++-
> + crypto/CMakeLists.txt | 1 +
> + ssl/CMakeLists.txt| 2 +-
> + 3 files changed, 8 insertions(+), 2 deletions(-)
> +
> +diff --git a/CMakeLists.txt b/CMakeLists.txt
> +index 1c6bd67..2c1078d 100644
> +--- a/CMakeLists.txt
>  b/CMakeLists.txt
> +@@ -265,6 +265,7 @@ endif()
> + set(OPENSSL_LIBS tls ssl crypto)
> +
> + if(WIN32)
> ++  set(OPENSSL_LIB_LIBS ws2_32)
> +   set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
> + endif()
> +
> +@@ -274,16 +275,20 @@ if(HAVE_CLOCK_GETTIME)
> + endif()
> +
> + if(CMAKE_SYSTEM_NAME MATCHES "Linux")
> ++  set(OPENSSL_LIB_LIBS pthread)
> ++  set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
> +   check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
> +   if (HAVE_CLOCK_GETTIME)
> ++  set(OPENSSL_LIB_LIBS ${OPENSSL_LIB_LIBS} rt)
> +   set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
> +   endif()
> +-  set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
> + endif()
> + if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
> ++  set(OPENSSL_LIB_LIBS pthread)
> +   set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
> + endif()
> + if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
> ++  set(OPENSSL_LIB_LIBS nsl socket)
> +   set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
> + endif()
> +
> +diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
> +index 2fa08a5..32ab649 100644
> +--- a/crypto/CMakeLists.txt
>  b/crypto/CMakeLists.txt
> +@@ -811,6 +811,7 @@ endif()
> +
> + add_library(crypto ${CRYPTO_SRC})
> + if (BUILD_SHARED_LIBS)
> ++  target_link_libraries(crypto ${OPENSSL_LIB_LIBS})
> +   export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
> +   if (WIN32)
> +   target_link_libraries(crypto Ws2_32.lib)
> +diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
> +index e87e0f6..e53e5ea 100644
> +--- a/ssl/CMakeLists.txt
>  b/ssl/CMakeLists.txt
> +@@ -50,7 +50,7 @@ set(
> + add_library(ssl ${SSL_SRC})
> + if (BUILD_SHARED_LIBS)
> +   export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
> +-  target_link_libraries(ssl crypto)
> ++  target_link_libraries(ssl crypto ${OPENSSL_LIB_LIBS})
> +   if (WIN32)
> +   target_link_libraries(ssl Ws2_32.lib)
> +   set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
> diff --git a/meta/recipes-connectivity/libressl/libressl_2.7.2.bb 
> b/meta/recipes-connectivity/libressl/libressl_2.7.2.bb
> new file mode 100644
> index 000..375615a7d1c
> --- /dev/null
> +++ b/meta/recipes-connectivity/libressl/libressl_2.7.2.bb
> @@ -0,0 +1,31 @@
> +SUMMARY = "Drop-in replacement for openssl 1.0.x, maintained by OpenBSD"
> +DESCRIPTION = "LibreSSL is a version of the TLS/crypto stack forked from \
> +   OpenSSL in 2014, with goals of