[PATCH resend 0/3] Openssl 1.1 upgrading

[PATCH resend 0/3] Openssl 1.1 upgrading

[Andrej Valek]

Resend patches from http://lists.openembedded.org/pipermail/openembedded-core/2018-June/151699.html thread.

Andrej Valek (3):
  openssl-1.1: fix c_rehash perl errors
  openssl-1.1: rework packaging
  openssl-1.1: /etc/ssl location compatibility

 ...le.pl-only-quote-stuff-that-actually-need.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb | 27 +++++++++++++++++---
 2 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch

-- 
2.11.0

[PATCH resend 1/3] openssl-1.1: fix c_rehash perl errors

[Andrej Valek]

Patch original c_rehash script with Debian patch instead
of overriding it with own version.

Error output from c_reshah without patching:
  Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line
  Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line
  No such class installdir at ./c_rehash line 63, near "Prefix our
  installdir"
    (Might be a runaway multi-line // string starting on line 28)
  syntax error at ./c_rehash line 63, near "Prefix our installdir"
  Can't redeclare "my" in "my" at ./c_rehash line 68, near ""
  Execution of ./c_rehash aborted due to compilation errors.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 ...le.pl-only-quote-stuff-that-actually-need.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch b/meta/recipes-connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch
new file mode 100644
index 0000000000..25d3093e40
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch
@@ -0,0 +1,29 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Wed, 28 Mar 2018 14:05:53 +0200
+Subject: Revert "util/dofile.pl: only quote stuff that actually needs
+ quoting"
+
+This reverts commit 77ba00bc. We ended up without the quotes.
+
+BTS: #894282
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ util/dofile.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/util/dofile.pl b/util/dofile.pl
+index fc72989b0fd9..a932941cd5ad 100644
+--- a/util/dofile.pl
++++ b/util/dofile.pl
+@@ -99,9 +99,9 @@ package main;
+ # This adds quotes (") around the given string, and escapes any $, @, \,
+ # " and ' by prepending a \ to them.
+ sub quotify1 {
+-    my $s = my $orig = shift @_;
++    my $s = shift @_;
+     $s =~ s/([\$\@\\"'])/\\$1/g;
+-    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
++    '"'.$s.'"';
+ }
+ 
+ # quotify_l LIST
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 94b75eb92a..eddf53c992 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+           file://debian/Revert-util-dofile.pl-only-quote-stuff-that-actually-need.patch \
            "
 
 S = "${WORKDIR}/openssl-${PV}"
-- 
2.11.0

[PATCH resend 2/3] openssl-1.1: rework packaging

[Andrej Valek]

The main idea is to have libssl and libcrypto in separate packages.
This saves space if only single library is needed and also some recipes
(in other layers) depend on these library packages.
Together with this other packages like in 1.0.x were created.
The only difference is that openssl 1.1 has additional package openssl-bin.

Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index eddf53c992..df05f3a2b7 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -155,8 +155,14 @@ do_install_ptest() {
 
 RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
 
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf"
+RDEPENDS_${PN}-bin = "perl"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
-
-PACKAGES =+ "${PN}-engines"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
-
+FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
-- 
2.11.0

[PATCH resend 3/3] openssl-1.1: /etc/ssl location compatibility

[Andrej Valek]

Some packages have hard-coded path to /etc/ssl location.
Create a symlinks to correct location.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index df05f3a2b7..487219b600 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -22,7 +22,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
 
 S = "${WORKDIR}/openssl-${PV}"
 
-inherit lib_package multilib_header ptest
+inherit lib_package multilib_header ptest relative_symlinks
 
 do_configure () {
 	os=${HOST_OS}
@@ -133,6 +133,18 @@ EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
 do_install () {
         oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
         oe_multilib_header openssl/opensslconf.h
+
+        # Create SSL structure for PATH hard-coded packages like ca-certificates
+        # Debian is also using this technique
+        install -d ${D}${sysconfdir}/ssl/
+        mv ${D}${libdir}/ssl-1.1/openssl.cnf \
+           ${D}${libdir}/ssl-1.1/certs \
+           ${D}${libdir}/ssl-1.1/private \
+           \
+           ${D}${sysconfdir}/ssl/
+        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
+        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
 }
 
 do_install_append_class-native () {
@@ -163,6 +175,6 @@ FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
 FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
-- 
2.11.0

Re: [PATCH resend 1/3] openssl-1.1: fix c_rehash perl errors

[Richard Purdie]

On Mon, 2018-07-09 at 14:56 +0200, Andrej Valek wrote:
> Patch original c_rehash script with Debian patch instead
> of overriding it with own version.
> 
> Error output from c_reshah without patching:
>   Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line
>   Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line
>   Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line
>   Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line
>   No such class installdir at ./c_rehash line 63, near "Prefix our
>   installdir"
>     (Might be a runaway multi-line // string starting on line 28)
>   syntax error at ./c_rehash line 63, near "Prefix our installdir"
>   Can't redeclare "my" in "my" at ./c_rehash line 68, near ""
>   Execution of ./c_rehash aborted due to compilation errors.
> 
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Signed-off-by: Marko Peter <peter.marko@siemens.com>
> ---
>  ...le.pl-only-quote-stuff-that-actually-need.patch | 29
> ++++++++++++++++++++++
>  .../recipes-connectivity/openssl/openssl_1.1.0h.bb |  1 +
>  2 files changed, 30 insertions(+)
>  create mode 100644 meta/recipes-
> connectivity/openssl/openssl/debian/Revert-util-dofile.pl-only-quote-
> stuff-that-actually-need.patch
> 
> diff --git a/meta/recipes-connectivity/openssl/openssl/debian/Revert-
> util-dofile.pl-only-quote-stuff-that-actually-need.patch
> b/meta/recipes-connectivity/openssl/openssl/debian/Revert-util-
> dofile.pl-only-quote-stuff-that-actually-need.patch
> new file mode 100644
> index 0000000000..25d3093e40
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/debian/Revert-util-
> dofile.pl-only-quote-stuff-that-actually-need.patch
> @@ -0,0 +1,29 @@
> +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
> +Date: Wed, 28 Mar 2018 14:05:53 +0200
> +Subject: Revert "util/dofile.pl: only quote stuff that actually
> needs
> + quoting"
> +
> +This reverts commit 77ba00bc. We ended up without the quotes.
> +
> +BTS: #894282
> +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
> +---
> + util/dofile.pl | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +

This patch appears to be missing an Upstream-Status line?

Cheers,

Richard

[PATCH v5 0/3] Openssl 1.1 upgrading

[Andrej Valek]

Changes:

[v4]
 - just resend series

[v5]
 - sync dofile.pl patch with mainline

Andrej Valek (3):
  openssl-1.1: fix c_rehash perl errors
  openssl-1.1: rework packaging
  openssl-1.1: /etc/ssl location compatibility

 ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb | 27 +++++++++++++++++---
 2 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

-- 
2.11.0

[PATCH v5 1/3] openssl-1.1: fix c_rehash perl errors

[Andrej Valek]

Patch original c_rehash script with Debian patch instead
of overriding it with own version.

Error output from c_reshah without patching:
  Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line
  Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line
  No such class installdir at ./c_rehash line 63, near "Prefix our
  installdir"
    (Might be a runaway multi-line // string starting on line 28)
  syntax error at ./c_rehash line 63, near "Prefix our installdir"
  Can't redeclare "my" in "my" at ./c_rehash line 68, near ""
  Execution of ./c_rehash aborted due to compilation errors.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch b/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
new file mode 100644
index 0000000000..81a9b2d060
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
@@ -0,0 +1,29 @@
+openssl-1.1.0h: Fix c_rehash perl errors
+
+[No upstream tracking] -- https://github.com/openssl/openssl/issues/5772
+
+dofile.pl: Revert only quote stuff that actually needs quoting
+
+This wasn't a good solution, too many things depend on the quotes being
+there consistently.
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/00701e5ea84861b74d9d624f21a6b3fcb12e8acd]
+bug: 5772
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/util/dofile.pl b/util/dofile.pl
+index 955224df7d..b0e20681dd 100644
+--- a/util/dofile.pl
++++ b/util/dofile.pl
+@@ -99,9 +99,9 @@ package main;
+ # This adds quotes (") around the given string, and escapes any $, @, \,
+ # " and ' by prepending a \ to them.
+ sub quotify1 {
+-    my $s = my $orig = shift @_;
++    my $s = shift @_;
+     $s =~ s/([\$\@\\"'])/\\$1/g;
+-    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
++    '"'.$s.'"';
+ }
+ 
+ # quotify_l LIST
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 64b8a997d0..3e068669b7 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+           file://0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
-- 
2.11.0

[PATCH v5 2/3] openssl-1.1: rework packaging

[Andrej Valek]

The main idea is to have libssl and libcrypto in separate packages.
This saves space if only single library is needed and also some recipes
(in other layers) depend on these library packages.
Together with this other packages like in 1.0.x were created.
The only difference is that openssl 1.1 has additional package openssl-bin.

Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 3e068669b7..e2d3020a28 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -166,8 +166,14 @@ do_install_ptest() {
 
 RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
 
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf"
+RDEPENDS_${PN}-bin = "perl"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
-
-PACKAGES =+ "${PN}-engines"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
-
+FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
-- 
2.11.0

[PATCH v5 3/3] openssl-1.1: /etc/ssl location compatibility

[Andrej Valek]

Some packages have hard-coded path to /etc/ssl location.
Create a symlinks to correct location.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index e2d3020a28..ca6224165a 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -26,7 +26,7 @@ SRC_URI_append_class-nativesdk = " \
 
 S = "${WORKDIR}/openssl-${PV}"
 
-inherit lib_package multilib_header ptest
+inherit lib_package multilib_header ptest relative_symlinks
 
 do_configure () {
 	os=${HOST_OS}
@@ -137,6 +137,18 @@ EXTRA_OECONF_append_libc-musl = " -DOPENSSL_NO_ASYNC"
 do_install () {
         oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
         oe_multilib_header openssl/opensslconf.h
+
+        # Create SSL structure for PATH hard-coded packages like ca-certificates
+        # Debian is also using this technique
+        install -d ${D}${sysconfdir}/ssl/
+        mv ${D}${libdir}/ssl-1.1/openssl.cnf \
+           ${D}${libdir}/ssl-1.1/certs \
+           ${D}${libdir}/ssl-1.1/private \
+           \
+           ${D}${sysconfdir}/ssl/
+        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
+        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
 }
 
 do_install_append_class-native () {
@@ -174,6 +186,6 @@ FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
 FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
-- 
2.11.0

[PATCH v6 0/3] Openssl 1.1 upgrading

[Andrej Valek]

Changes:

[v4]
 - just resend series

[v5]
 - sync dofile.pl patch with mainline

[v6]
 - sync changes with current master

Andrej Valek (3):
  openssl-1.1: fix c_rehash perl errors
  openssl-1.1: rework packaging
  openssl-1.1: /etc/ssl location compatibility

 ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb | 27 ++++++++++++++++++--
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

-- 
2.11.0

[PATCH v6 1/3] openssl-1.1: fix c_rehash perl errors

[Andrej Valek]

Patch original c_rehash script with Debian patch instead
of overriding it with own version.

Error output from c_reshah without patching:
  Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line
  Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line
  Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line
  No such class installdir at ./c_rehash line 63, near "Prefix our
  installdir"
    (Might be a runaway multi-line // string starting on line 28)
  syntax error at ./c_rehash line 63, near "Prefix our installdir"
  Can't redeclare "my" in "my" at ./c_rehash line 68, near ""
  Execution of ./c_rehash aborted due to compilation errors.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.1.0h.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch b/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
new file mode 100644
index 0000000000..81a9b2d060
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
@@ -0,0 +1,29 @@
+openssl-1.1.0h: Fix c_rehash perl errors
+
+[No upstream tracking] -- https://github.com/openssl/openssl/issues/5772
+
+dofile.pl: Revert only quote stuff that actually needs quoting
+
+This wasn't a good solution, too many things depend on the quotes being
+there consistently.
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/00701e5ea84861b74d9d624f21a6b3fcb12e8acd]
+bug: 5772
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/util/dofile.pl b/util/dofile.pl
+index 955224df7d..b0e20681dd 100644
+--- a/util/dofile.pl
++++ b/util/dofile.pl
+@@ -99,9 +99,9 @@ package main;
+ # This adds quotes (") around the given string, and escapes any $, @, \,
+ # " and ' by prepending a \ to them.
+ sub quotify1 {
+-    my $s = my $orig = shift @_;
++    my $s = shift @_;
+     $s =~ s/([\$\@\\"'])/\\$1/g;
+-    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
++    '"'.$s.'"';
+ }
+ 
+ # quotify_l LIST
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 8d445e4655..c5de085521 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+           file://0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
-- 
2.11.0

[PATCH v6 2/3] openssl-1.1: rework packaging

[Andrej Valek]

The main idea is to have libssl and libcrypto in separate packages.
This saves space if only single library is needed and also some recipes
(in other layers) depend on these library packages.
Together with this other packages like in 1.0.x were created.
The only difference is that openssl 1.1 has additional package openssl-bin.

Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index c5de085521..7af527ca31 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -158,12 +158,22 @@ do_install_ptest() {
         sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
 }
 
-PACKAGES =+ "${PN}-engines"
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf"
 
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ "${libdir}/ssl-1.1/*"
 FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
 
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+
+FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
+
+RDEPENDS_${PN}-bin = "perl"
 RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
 
 BBCLASSEXTEND = "native nativesdk"
-- 
2.11.0

[PATCH v6 3/3] openssl-1.1: /etc/ssl location compatibility

[Andrej Valek]

Some packages have hard-coded path to /etc/ssl location.
Create a symlinks to correct location.

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 7af527ca31..d6ef66ba51 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -22,7 +22,7 @@ SRC_URI_append_class-nativesdk = " \
 SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
 SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
 
-inherit lib_package multilib_header ptest
+inherit lib_package multilib_header ptest relative_symlinks
 
 #| engines/afalg/e_afalg.c: In function 'eventfd':
 #| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
@@ -133,6 +133,18 @@ do_configure () {
 do_install () {
         oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
         oe_multilib_header openssl/opensslconf.h
+
+        # Create SSL structure for PATH hard-coded packages like ca-certificates
+        # Debian is also using this technique
+        install -d ${D}${sysconfdir}/ssl/
+        mv ${D}${libdir}/ssl-1.1/openssl.cnf \
+           ${D}${libdir}/ssl-1.1/certs \
+           ${D}${libdir}/ssl-1.1/private \
+           \
+           ${D}${sysconfdir}/ssl/
+        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
+        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
 }
 
 do_install_append_class-native () {
@@ -169,8 +181,8 @@ FILES_${PN}-engines = "${libdir}/engines-1.1"
 FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 
-FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 
 RDEPENDS_${PN}-bin = "perl"
-- 
2.11.0

Re: [PATCH v6 0/3] Openssl 1.1 upgrading

[Andrej Valek]

Hi Richard,

What is the current status of this upgrade? I have made same additional
syncing with master. So the question is, if there are some additional
issues... .

Cheers,
Andrej

On 07/17/18 11:10, Andrej Valek wrote:
> Changes:
> 
> [v4]
>  - just resend series
> 
> [v5]
>  - sync dofile.pl patch with mainline
> 
> [v6]
>  - sync changes with current master
> 
> Andrej Valek (3):
>   openssl-1.1: fix c_rehash perl errors
>   openssl-1.1: rework packaging
>   openssl-1.1: /etc/ssl location compatibility
> 
>  ...-dofile.pl-only-quote-stuff-that-actually.patch | 29 ++++++++++++++++++++++
>  .../recipes-connectivity/openssl/openssl_1.1.0h.bb | 27 ++++++++++++++++++--
>  2 files changed, 54 insertions(+), 2 deletions(-)
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
> 

Re: [PATCH v6 2/3] openssl-1.1: rework packaging

[Andre McCurdy]

On Tue, Jul 17, 2018 at 2:10 AM, Andrej Valek <andrej.valek@siemens.com> wrote:
> The main idea is to have libssl and libcrypto in separate packages.
> This saves space if only single library is needed and also some recipes
> (in other layers) depend on these library packages.
> Together with this other packages like in 1.0.x were created.
> The only difference is that openssl 1.1 has additional package openssl-bin.
>
> Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Signed-off-by: Marko Peter <peter.marko@siemens.com>
> ---
>  meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> index c5de085521..7af527ca31 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> @@ -158,12 +158,22 @@ do_install_ptest() {
>          sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
>  }
>
> -PACKAGES =+ "${PN}-engines"
> +PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf"
>
> +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
> +FILES_libssl = "${libdir}/libssl${SOLIBS}"
>  FILES_${PN} =+ "${libdir}/ssl-1.1/*"
>  FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
>  FILES_${PN}-engines = "${libdir}/engines-1.1"
>
> +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
> +RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"

There is no "perl" PACKAGECONFIG in the openssl 1.1 recipe (there are
no PACKAGECONFIG options at all...).

> +
> +FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
> +CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
> +RRECOMMENDS_libcrypto += "openssl-conf"
> +
> +RDEPENDS_${PN}-bin = "perl"
>  RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
>
>  BBCLASSEXTEND = "native nativesdk"
> --
> 2.11.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH v6 3/3] openssl-1.1: /etc/ssl location compatibility

[Andre McCurdy]

On Tue, Jul 17, 2018 at 2:10 AM, Andrej Valek <andrej.valek@siemens.com> wrote:
> Some packages have hard-coded path to /etc/ssl location.
> Create a symlinks to correct location.
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> Signed-off-by: Marko Peter <peter.marko@siemens.com>
> ---
>  meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 18 +++++++++++++++---
>  1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> index 7af527ca31..d6ef66ba51 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
> @@ -22,7 +22,7 @@ SRC_URI_append_class-nativesdk = " \
>  SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
>  SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
>
> -inherit lib_package multilib_header ptest
> +inherit lib_package multilib_header ptest relative_symlinks
>
>  #| engines/afalg/e_afalg.c: In function 'eventfd':
>  #| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
> @@ -133,6 +133,18 @@ do_configure () {
>  do_install () {
>          oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
>          oe_multilib_header openssl/opensslconf.h
> +
> +        # Create SSL structure for PATH hard-coded packages like ca-certificates
> +        # Debian is also using this technique
> +        install -d ${D}${sysconfdir}/ssl/
> +        mv ${D}${libdir}/ssl-1.1/openssl.cnf \
> +           ${D}${libdir}/ssl-1.1/certs \
> +           ${D}${libdir}/ssl-1.1/private \
> +           \
> +           ${D}${sysconfdir}/ssl/
> +        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl-1.1/certs
> +        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl-1.1/private
> +        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl-1.1/openssl.cnf
>  }
>
>  do_install_append_class-native () {
> @@ -169,8 +181,8 @@ FILES_${PN}-engines = "${libdir}/engines-1.1"
>  FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
>  RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
>
> -FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
> -CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
> +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf ${libdir}/ssl-1.1/openssl.cnf"

The openssl 1.0 recipe does not put the ${libdir} symlink in the
openssl-conf package. The reasons for that are not entirely clear, but
it does seem to be a deliberate choice according to comments in this
thread:

  http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html

Is there a clear reason for the openssl 1.1 recipe to be different?

> +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
>  RRECOMMENDS_libcrypto += "openssl-conf"
>
>  RDEPENDS_${PN}-bin = "perl"
> --
> 2.11.0

Re: [PATCH v6 2/3] openssl-1.1: rework packaging

[Andre McCurdy]

On Thu, Aug 16, 2018 at 12:34 PM, Andre McCurdy <armccurdy@gmail.com> wrote:
> On Tue, Jul 17, 2018 at 2:10 AM, Andrej Valek <andrej.valek@siemens.com> wrote:
>> The main idea is to have libssl and libcrypto in separate packages.
>> This saves space if only single library is needed and also some recipes
>> (in other layers) depend on these library packages.
>> Together with this other packages like in 1.0.x were created.
>> The only difference is that openssl 1.1 has additional package openssl-bin.
>>
>> Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.

That perl dependency needs to be looked at again. By using the
unofficial c_rehash shell script for -native and the official upstream
perl script for the target we get the worst of both worlds - the
maintenance effort of the unofficial shell script and the perl runtime
dependency on the target.

To help users who don't want perl on the target, either the perl
version of c_rehash should go back into openssl-misc (where it always
used to be) or maybe it can now be dropped entirely as "openssl
rehash" seems to be replacement?

  https://www.openssl.org/docs/man1.1.0/apps/rehash.html

>> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
>> Signed-off-by: Marko Peter <peter.marko@siemens.com>
>> ---
>>  meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 12 +++++++++++-
>>  1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
>> index c5de085521..7af527ca31 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
>> @@ -158,12 +158,22 @@ do_install_ptest() {
>>          sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
>>  }
>>
>> -PACKAGES =+ "${PN}-engines"
>> +PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-engines openssl-conf"
>>
>> +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
>> +FILES_libssl = "${libdir}/libssl${SOLIBS}"
>>  FILES_${PN} =+ "${libdir}/ssl-1.1/*"
>>  FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
>>  FILES_${PN}-engines = "${libdir}/engines-1.1"
>>
>> +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
>> +RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
>
> There is no "perl" PACKAGECONFIG in the openssl 1.1 recipe (there are
> no PACKAGECONFIG options at all...).
>
>> +
>> +FILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
>> +CONFFILES_openssl-conf = "${libdir}/ssl-1.1/openssl.cnf"
>> +RRECOMMENDS_libcrypto += "openssl-conf"
>> +
>> +RDEPENDS_${PN}-bin = "perl"
>>  RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
>>
>>  BBCLASSEXTEND = "native nativesdk"
>> --
>> 2.11.0
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core