* [Buildroot] [PATCH 1/2] openssl: remove binary install option
@ 2016-01-05 12:35 Gustavo Zacarias
2016-01-05 12:35 ` [Buildroot] [PATCH 2/2] openssl: remove additional engines option Gustavo Zacarias
2016-01-08 23:33 ` [Buildroot] [PATCH 1/2] openssl: remove binary install option Arnout Vandecappelle
0 siblings, 2 replies; 5+ messages in thread
From: Gustavo Zacarias @ 2016-01-05 12:35 UTC (permalink / raw)
To: buildroot
In preparation for the libssl virtual and libressl inclusion, also
keeping with the KISS principle the binary can be removed in a
post-build script if need be, so remove the option and add it in legacy.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
Config.in.legacy | 8 ++++++++
package/openssl/Config.in | 7 -------
package/openssl/openssl.mk | 8 --------
3 files changed, 8 insertions(+), 15 deletions(-)
diff --git a/Config.in.legacy b/Config.in.legacy
index 2e6062c..3bcd50d 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -145,6 +145,14 @@ endif
###############################################################################
comment "Legacy options removed in 2016.02"
+config BR2_PACKAGE_OPENSSL_BIN
+ bool "openssl binary option removed"
+ select BR2_LEGACY
+ help
+ The openssl binary option has been removed. You can remove the
+ binary from a post-build script if your target space is too
+ constrained.
+
config BR2_PACKAGE_PYTHON_PYXML
bool "python-pyxml package has been removed"
select BR2_LEGACY
diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index e08b648..dfbc850 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -13,13 +13,6 @@ config BR2_PACKAGE_OPENSSL
if BR2_PACKAGE_OPENSSL
-config BR2_PACKAGE_OPENSSL_BIN
- bool "openssl binary"
- help
- Install the openssl binary and the associated helper scripts to the
- target file system. This is a command line tool for doing various
- cryptographic stuff.
-
config BR2_PACKAGE_OPENSSL_ENGINES
bool "openssl additional engines"
help
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index c3ea08d..1e5ea9b 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -151,14 +151,6 @@ endef
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_PERL_SCRIPTS
endif
-ifeq ($(BR2_PACKAGE_OPENSSL_BIN),)
-define OPENSSL_REMOVE_BIN
- $(RM) -f $(TARGET_DIR)/usr/bin/openssl
- $(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.*,c_*}
-endef
-OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_BIN
-endif
-
ifneq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
define OPENSSL_REMOVE_OPENSSL_ENGINES
rm -rf $(TARGET_DIR)/usr/lib/engines
--
2.4.10
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] openssl: remove additional engines option
2016-01-05 12:35 [Buildroot] [PATCH 1/2] openssl: remove binary install option Gustavo Zacarias
@ 2016-01-05 12:35 ` Gustavo Zacarias
2016-01-08 23:35 ` Arnout Vandecappelle
2016-01-08 23:33 ` [Buildroot] [PATCH 1/2] openssl: remove binary install option Arnout Vandecappelle
1 sibling, 1 reply; 5+ messages in thread
From: Gustavo Zacarias @ 2016-01-05 12:35 UTC (permalink / raw)
To: buildroot
In preparation for the libssl virtual and libressl inclusion, also
keeping with the KISS principle the engines can be removed in a
post-build script if need be, so remove the option and add it in legacy.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
Config.in.legacy | 8 ++++++++
package/bind/bind.mk | 9 ++-------
package/openssl/Config.in | 9 ---------
package/openssl/openssl.mk | 7 -------
4 files changed, 10 insertions(+), 23 deletions(-)
diff --git a/Config.in.legacy b/Config.in.legacy
index 3bcd50d..45b5e23 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -145,6 +145,14 @@ endif
###############################################################################
comment "Legacy options removed in 2016.02"
+config BR2_PACKAGE_OPENSSL_ENGINES
+ bool "openssl additional engines option removed"
+ select BR2_LEGACY
+ help
+ The openssl additional engines option has been removed. You
+ can remove them from a post-build script if your target space
+ is too constrained.
+
config BR2_PACKAGE_OPENSSL_BIN
bool "openssl binary option removed"
select BR2_LEGACY
diff --git a/package/bind/bind.mk b/package/bind/bind.mk
index 2a06599..4d3fa86 100644
--- a/package/bind/bind.mk
+++ b/package/bind/bind.mk
@@ -52,13 +52,8 @@ BIND_CONF_ENV += \
ac_cv_func_EVP_sha512=yes
BIND_CONF_OPTS += \
--with-openssl=$(STAGING_DIR)/usr LIBS="-lz" \
- --with-ecdsa=yes
-# GOST cipher support requires openssl extra engines
-ifeq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
-BIND_CONF_OPTS += --with-gost=yes
-else
-BIND_CONF_OPTS += --with-gost=no
-endif
+ --with-ecdsa=yes \
+ --with-gost=yes
else
BIND_CONF_OPTS += --with-openssl=no
endif
diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index dfbc850..baca05c 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -10,12 +10,3 @@ config BR2_PACKAGE_OPENSSL
http://www.openssl.org/
Note: Some helper scripts need perl.
-
-if BR2_PACKAGE_OPENSSL
-
-config BR2_PACKAGE_OPENSSL_ENGINES
- bool "openssl additional engines"
- help
- Install additional encryption engine libraries.
-
-endif
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 1e5ea9b..2c8a96f 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -151,12 +151,5 @@ endef
OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_PERL_SCRIPTS
endif
-ifneq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
-define OPENSSL_REMOVE_OPENSSL_ENGINES
- rm -rf $(TARGET_DIR)/usr/lib/engines
-endef
-OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_OPENSSL_ENGINES
-endif
-
$(eval $(generic-package))
$(eval $(host-generic-package))
--
2.4.10
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: remove binary install option
2016-01-05 12:35 [Buildroot] [PATCH 1/2] openssl: remove binary install option Gustavo Zacarias
2016-01-05 12:35 ` [Buildroot] [PATCH 2/2] openssl: remove additional engines option Gustavo Zacarias
@ 2016-01-08 23:33 ` Arnout Vandecappelle
2016-01-09 13:13 ` Gustavo Zacarias
1 sibling, 1 reply; 5+ messages in thread
From: Arnout Vandecappelle @ 2016-01-08 23:33 UTC (permalink / raw)
To: buildroot
On 05-01-16 13:35, Gustavo Zacarias wrote:
> In preparation for the libssl virtual and libressl inclusion, also
> keeping with the KISS principle the binary can be removed in a
> post-build script if need be, so remove the option and add it in legacy.
I did a build of openssl on aarch64, and the openssl binary makes up almost 20%
of the package and 5% of a minimal filesystem (with glibc though). I think
that's a fairly significant percentage, so I think it's worthwhile to keep this
option.
Of course, people who care about size should probably use libressl :-)
How does it help for the libssl virtual package? For the engines I can
understand because other packages select it, but this one could stay, no?
Regards,
Arnout
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> Config.in.legacy | 8 ++++++++
> package/openssl/Config.in | 7 -------
> package/openssl/openssl.mk | 8 --------
> 3 files changed, 8 insertions(+), 15 deletions(-)
>
> diff --git a/Config.in.legacy b/Config.in.legacy
> index 2e6062c..3bcd50d 100644
> --- a/Config.in.legacy
> +++ b/Config.in.legacy
> @@ -145,6 +145,14 @@ endif
> ###############################################################################
> comment "Legacy options removed in 2016.02"
>
> +config BR2_PACKAGE_OPENSSL_BIN
> + bool "openssl binary option removed"
> + select BR2_LEGACY
> + help
> + The openssl binary option has been removed. You can remove the
> + binary from a post-build script if your target space is too
> + constrained.
> +
> config BR2_PACKAGE_PYTHON_PYXML
> bool "python-pyxml package has been removed"
> select BR2_LEGACY
> diff --git a/package/openssl/Config.in b/package/openssl/Config.in
> index e08b648..dfbc850 100644
> --- a/package/openssl/Config.in
> +++ b/package/openssl/Config.in
> @@ -13,13 +13,6 @@ config BR2_PACKAGE_OPENSSL
>
> if BR2_PACKAGE_OPENSSL
>
> -config BR2_PACKAGE_OPENSSL_BIN
> - bool "openssl binary"
> - help
> - Install the openssl binary and the associated helper scripts to the
> - target file system. This is a command line tool for doing various
> - cryptographic stuff.
> -
> config BR2_PACKAGE_OPENSSL_ENGINES
> bool "openssl additional engines"
> help
> diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
> index c3ea08d..1e5ea9b 100644
> --- a/package/openssl/openssl.mk
> +++ b/package/openssl/openssl.mk
> @@ -151,14 +151,6 @@ endef
> OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_PERL_SCRIPTS
> endif
>
> -ifeq ($(BR2_PACKAGE_OPENSSL_BIN),)
> -define OPENSSL_REMOVE_BIN
> - $(RM) -f $(TARGET_DIR)/usr/bin/openssl
> - $(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.*,c_*}
> -endef
> -OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_BIN
> -endif
> -
> ifneq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
> define OPENSSL_REMOVE_OPENSSL_ENGINES
> rm -rf $(TARGET_DIR)/usr/lib/engines
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] openssl: remove additional engines option
2016-01-05 12:35 ` [Buildroot] [PATCH 2/2] openssl: remove additional engines option Gustavo Zacarias
@ 2016-01-08 23:35 ` Arnout Vandecappelle
0 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle @ 2016-01-08 23:35 UTC (permalink / raw)
To: buildroot
On 05-01-16 13:35, Gustavo Zacarias wrote:
> In preparation for the libssl virtual and libressl inclusion, also
> keeping with the KISS principle the engines can be removed in a
> post-build script if need be, so remove the option and add it in legacy.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The engines take up 8.5% of the openssl package, so not worthwhile to remove them.
Regards,
Arnout
> ---
> Config.in.legacy | 8 ++++++++
> package/bind/bind.mk | 9 ++-------
> package/openssl/Config.in | 9 ---------
> package/openssl/openssl.mk | 7 -------
> 4 files changed, 10 insertions(+), 23 deletions(-)
>
> diff --git a/Config.in.legacy b/Config.in.legacy
> index 3bcd50d..45b5e23 100644
> --- a/Config.in.legacy
> +++ b/Config.in.legacy
> @@ -145,6 +145,14 @@ endif
> ###############################################################################
> comment "Legacy options removed in 2016.02"
>
> +config BR2_PACKAGE_OPENSSL_ENGINES
> + bool "openssl additional engines option removed"
> + select BR2_LEGACY
> + help
> + The openssl additional engines option has been removed. You
> + can remove them from a post-build script if your target space
> + is too constrained.
> +
> config BR2_PACKAGE_OPENSSL_BIN
> bool "openssl binary option removed"
> select BR2_LEGACY
> diff --git a/package/bind/bind.mk b/package/bind/bind.mk
> index 2a06599..4d3fa86 100644
> --- a/package/bind/bind.mk
> +++ b/package/bind/bind.mk
> @@ -52,13 +52,8 @@ BIND_CONF_ENV += \
> ac_cv_func_EVP_sha512=yes
> BIND_CONF_OPTS += \
> --with-openssl=$(STAGING_DIR)/usr LIBS="-lz" \
> - --with-ecdsa=yes
> -# GOST cipher support requires openssl extra engines
> -ifeq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
> -BIND_CONF_OPTS += --with-gost=yes
> -else
> -BIND_CONF_OPTS += --with-gost=no
> -endif
> + --with-ecdsa=yes \
> + --with-gost=yes
> else
> BIND_CONF_OPTS += --with-openssl=no
> endif
> diff --git a/package/openssl/Config.in b/package/openssl/Config.in
> index dfbc850..baca05c 100644
> --- a/package/openssl/Config.in
> +++ b/package/openssl/Config.in
> @@ -10,12 +10,3 @@ config BR2_PACKAGE_OPENSSL
> http://www.openssl.org/
>
> Note: Some helper scripts need perl.
> -
> -if BR2_PACKAGE_OPENSSL
> -
> -config BR2_PACKAGE_OPENSSL_ENGINES
> - bool "openssl additional engines"
> - help
> - Install additional encryption engine libraries.
> -
> -endif
> diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
> index 1e5ea9b..2c8a96f 100644
> --- a/package/openssl/openssl.mk
> +++ b/package/openssl/openssl.mk
> @@ -151,12 +151,5 @@ endef
> OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_PERL_SCRIPTS
> endif
>
> -ifneq ($(BR2_PACKAGE_OPENSSL_ENGINES),y)
> -define OPENSSL_REMOVE_OPENSSL_ENGINES
> - rm -rf $(TARGET_DIR)/usr/lib/engines
> -endef
> -OPENSSL_POST_INSTALL_TARGET_HOOKS += OPENSSL_REMOVE_OPENSSL_ENGINES
> -endif
> -
> $(eval $(generic-package))
> $(eval $(host-generic-package))
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: remove binary install option
2016-01-08 23:33 ` [Buildroot] [PATCH 1/2] openssl: remove binary install option Arnout Vandecappelle
@ 2016-01-09 13:13 ` Gustavo Zacarias
0 siblings, 0 replies; 5+ messages in thread
From: Gustavo Zacarias @ 2016-01-09 13:13 UTC (permalink / raw)
To: buildroot
On 08/01/16 20:33, Arnout Vandecappelle wrote:
> On 05-01-16 13:35, Gustavo Zacarias wrote:
>> In preparation for the libssl virtual and libressl inclusion, also
>> keeping with the KISS principle the binary can be removed in a
>> post-build script if need be, so remove the option and add it in legacy.
>
> I did a build of openssl on aarch64, and the openssl binary makes up almost 20%
> of the package and 5% of a minimal filesystem (with glibc though). I think
> that's a fairly significant percentage, so I think it's worthwhile to keep this
> option.
>
> Of course, people who care about size should probably use libressl :-)
>
> How does it help for the libssl virtual package? For the engines I can
> understand because other packages select it, but this one could stay, no?
>
> Regards,
> Arnout
Hi Arnout.
It helps in having matching options for both. Regarding engines libressl
doesn't handle that. And in openssl we just remove the tool with that
option - arguably we can do the same with libressl, but then other
people might chime in for adding that same option to some other $package
and we'd get an option overload.
Hence i found the opportunity a good one for cleaning up.
Regards.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-01-09 13:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-05 12:35 [Buildroot] [PATCH 1/2] openssl: remove binary install option Gustavo Zacarias
2016-01-05 12:35 ` [Buildroot] [PATCH 2/2] openssl: remove additional engines option Gustavo Zacarias
2016-01-08 23:35 ` Arnout Vandecappelle
2016-01-08 23:33 ` [Buildroot] [PATCH 1/2] openssl: remove binary install option Arnout Vandecappelle
2016-01-09 13:13 ` Gustavo Zacarias
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.