[OE-core] [RFC][PATCH 3/5] openssl: update to 1.1.1
Andre McCurdy
armccurdy at gmail.com
Tue Apr 10 21:20:57 UTC 2018
On Tue, Apr 10, 2018 at 5:07 AM, Alexander Kanavin
<alexander.kanavin at linux.intel.com> wrote:
> At the moment 1.1.1 is in pre-release stage, however the final release
> should be available within a few weeks. The major selling point is that
> it supports the new TLS 1.3 specification. At the moment it is not clear
> whether this also will be a long term support version of openssl;
> we can make the decision to merge this version once that is made clear
> by upstream. More information:
>
> https://www.openssl.org/policies/releasestrat.html
>
> Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
> ---
> ...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 ----------------------
> .../{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb} | 21 +++++------
> 2 files changed, 10 insertions(+), 54 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
> rename meta/recipes-connectivity/openssl/{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb} (83%)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> similarity index 83%
> rename from meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> rename to meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> index 94b75eb92a8..859362f7afe 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
> @@ -10,13 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
>
> BBCLASSEXTEND = "native nativesdk"
>
> -SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
> -SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
> +SRC_URI[md5sum] = "07c3f6831fb6dfe975795ef7bbbee9fc"
> +SRC_URI[sha256sum] = "df2d5fcc2a878525611c75b9e9116fbcfbce8d9b96419a16eda5fb11ecc428f6"
>
> SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> file://run-ptest \
> file://openssl-c_rehash.sh \
> - file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
> "
>
> S = "${WORKDIR}/openssl-${PV}"
> @@ -114,20 +113,20 @@ do_configure () {
> if [ "x$useprefix" = "x" ]; then
> useprefix=/
> fi
> - libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
> - perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
> + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
> + # environment variables set by bitbake. Adjust the environment variables instead.
> + perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
> }
>
> -#| engines/afalg/e_afalg.c: In function 'eventfd':
> -#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
> -#| return syscall(__NR_eventfd, n);
> -#| ^~~~~~~~~~~~
> -EXTRA_OECONF_aarch64 += "no-afalgeng"
> +# This prevents openssl from using getrandom() which is not available on older glibc versions
> +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
> +EXTRA_OECONF_class-native += "--with-rand-seed=devrandom"
> +EXTRA_OECONF_class-nativesdk += "--with-rand-seed=devrandom"
Better to avoid += with an over-ride since it doesn't do what most new
users etc expect. Better to use _append instead (or just the over-ride
on it's own, if over-riding the original value is what you intended to
do).
> #| ./libcrypto.so: undefined reference to `getcontext'
> #| ./libcrypto.so: undefined reference to `setcontext'
> #| ./libcrypto.so: undefined reference to `makecontext'
> -EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
> +CPPFLAGS_libc-musl += "-DOPENSSL_NO_ASYNC"
Same comment here.
> do_install () {
> oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
> --
More information about the Openembedded-core
mailing list