* [PATCH 1/5] openssl_1.0: drop obsolete ca.patch
@ 2018-07-27 23:27 Andre McCurdy
2018-07-27 23:27 ` [PATCH 2/5] openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS Andre McCurdy
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-27 23:27 UTC (permalink / raw)
To: openembedded-core
This patch adds a second line to the -help output of the CA.pl script
(which lists almost the same command line options as the line above
it but in a slightly different order). Although it's tagged as a
Debian backport, there's no patch like it in recent Debian patch sets
for openssl 1.0.2.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
.../openssl/openssl-1.0.2o/debian/ca.patch | 22 ----------------------
.../recipes-connectivity/openssl/openssl_1.0.2o.bb | 1 -
2 files changed, 23 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
deleted file mode 100644
index fb745e4..0000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
-@@ -165,6 +166,7 @@
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 1;
- }
- }
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
index 9e5e7ec..ee1c1f7 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -23,7 +23,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://engines-install-in-libdir-ssl.patch \
file://debian1.0.2/block_diginotar.patch \
file://debian1.0.2/block_digicert_malaysia.patch \
- file://debian/ca.patch \
file://debian/c_rehash-compat.patch \
file://debian/debian-targets.patch \
file://debian/man-dir.patch \
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/5] openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
@ 2018-07-27 23:27 ` Andre McCurdy
2018-07-27 23:27 ` [PATCH 3/5] openssl_1.0: drop unmaintained darwin support Andre McCurdy
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-27 23:27 UTC (permalink / raw)
To: openembedded-core
Previously (when EXTRA_OEMAKE contained -e) exporting these variables
over-rode default values in the top-level openssl Makefile. However,
since -e was removed from EXTRA_OEMAKE as part of:
http://git.openembedded.org/openembedded-core/commit/?id=537a404cfbb811fcb526cdb5f2e059257de6ef13
exporting these variables does nothing. The comment from that commit
that only AR is affected by removing -e wasn't correct, but the
effects of letting the openssl Makefile also control AS, EX_LIBS and
DIRS seem to be either benign or beneficial.
Since without -e make ignores DIRS from the environment and always
runs for all subdirs (including "test"), adding "test" to DIRS and
calling "make depend" again from do_compile_ptest() can be dropped.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
meta/recipes-connectivity/openssl/openssl_1.0.2o.bb | 6 ------
1 file changed, 6 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
index ee1c1f7..c2d9264 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -72,9 +72,6 @@ PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryp
# vulnerability
EXTRA_OECONF = "no-ssl3"
-export DIRS = "crypto ssl apps engines"
-export AS = "${CC} -c"
-export EX_LIBS = "-lgcc -ldl"
export OE_LDFLAGS = "${LDFLAGS}"
# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
@@ -222,9 +219,6 @@ do_compile_class-target () {
}
do_compile_ptest () {
- # build dependencies for test directory too
- export DIRS="$DIRS test"
- oe_runmake depend
oe_runmake buildtest
}
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/5] openssl_1.0: drop unmaintained darwin support
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
2018-07-27 23:27 ` [PATCH 2/5] openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS Andre McCurdy
@ 2018-07-27 23:27 ` Andre McCurdy
2018-07-27 23:28 ` [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages Andre McCurdy
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-27 23:27 UTC (permalink / raw)
To: openembedded-core
The fact that the darwin support only appears to consider x86 (and
not x86_64) suggests that it's not maintained or tested. In general
oe-core doesn't support building on darwin.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
meta/recipes-connectivity/openssl/openssl_1.0.2o.bb | 7 -------
1 file changed, 7 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
index c2d9264..2804203 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -89,10 +89,6 @@ CFLAG += "-Wa,--noexecstack"
CFLAG_append_class-native = " -fPIC"
-do_configure_prepend_darwin () {
- sed -i -e '/version-script=openssl\.ld/d' Configure
-}
-
do_configure () {
# The crypto_use_bigint patch means that perl's bignum module needs to be
# installed, but some distributions (for example Fedora 23) don't ship it by
@@ -190,9 +186,6 @@ do_configure () {
linux-sparc)
target=linux-sparcv8
;;
- darwin-i386)
- target=darwin-i386-cc
- ;;
esac
# inject machine-specific flags
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
2018-07-27 23:27 ` [PATCH 2/5] openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS Andre McCurdy
2018-07-27 23:27 ` [PATCH 3/5] openssl_1.0: drop unmaintained darwin support Andre McCurdy
@ 2018-07-27 23:28 ` Andre McCurdy
2018-07-28 11:57 ` Burton, Ross
2018-07-27 23:28 ` [PATCH 5/5] openssl_1.0: squash whitespace in CC_INFO Andre McCurdy
2018-07-28 17:33 ` [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Alexander Kanavin
4 siblings, 1 reply; 9+ messages in thread
From: Andre McCurdy @ 2018-07-27 23:28 UTC (permalink / raw)
To: openembedded-core
Creating the openssl manpages, which happens as part of do_install(),
can take a significant amount of time (e.g. ~50 seconds on a quad
core laptop). Provide a PACKAGECONFIG option to allow creation of the
manpages to be skipped completely if not required. Leave manpages
enabled by default for target builds, but disable by default for
-native and -nativesdk.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
.../0001-allow-manpages-to-be-disabled.patch | 31 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2o.bb | 8 ++++--
2 files changed, 37 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
new file mode 100644
index 0000000..3f7d649
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
@@ -0,0 +1,31 @@
+From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Fri, 27 Jul 2018 21:41:06 +0000
+Subject: [PATCH] allow manpages to be disabled
+
+Define OE_DISABLE_MANPAGES (via environment or the make command line)
+to skip creation and installation of manpages.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ Makefile.org | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index ed98d2a..747d8cb 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -549,7 +549,7 @@ dist:
+ @$(MAKE) SDIRS='$(SDIRS)' clean
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+-install: all install_docs install_sw
++install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--
+1.9.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
index 2804203..527be72 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -43,6 +43,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://Use-SHA256-not-MD5-as-default-digest.patch \
file://0001-Fix-build-with-clang-using-external-assembler.patch \
file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+ file://0001-allow-manpages-to-be-disabled.patch \
"
SRC_URI_append_class-target = " \
@@ -61,17 +62,20 @@ UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
-PACKAGECONFIG ?= "cryptodev-linux"
+PACKAGECONFIG ?= "cryptodev-linux manpages"
PACKAGECONFIG_class-native = ""
PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[perl] = ",,,"
PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
# vulnerability
EXTRA_OECONF = "no-ssl3"
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+
export OE_LDFLAGS = "${LDFLAGS}"
# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/5] openssl_1.0: squash whitespace in CC_INFO
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
` (2 preceding siblings ...)
2018-07-27 23:28 ` [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages Andre McCurdy
@ 2018-07-27 23:28 ` Andre McCurdy
2018-07-28 17:33 ` [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Alexander Kanavin
4 siblings, 0 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-27 23:28 UTC (permalink / raw)
To: openembedded-core
Squash whitespace in CC_INFO to avoid recipe whitespace changes to
CFLAG affecting the final openssl binaries (the value of CC_INFO gets
embedded in libcrypto, via buildinf.h).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
meta/recipes-connectivity/openssl/openssl_1.0.2o.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
index 527be72..f33ca97 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -211,7 +211,7 @@ do_compile () {
do_compile_class-target () {
sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
oe_runmake depend
- cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
+ cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
oe_runmake CC_INFO="$cc_sanitized"
}
--
1.9.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages
2018-07-27 23:28 ` [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages Andre McCurdy
@ 2018-07-28 11:57 ` Burton, Ross
2018-07-28 20:36 ` Andre McCurdy
0 siblings, 1 reply; 9+ messages in thread
From: Burton, Ross @ 2018-07-28 11:57 UTC (permalink / raw)
To: Andre McCurdy; +Cc: OE-core
You might want to use the manpages class here.
Ross
On 28 July 2018 at 00:28, Andre McCurdy <armccurdy@gmail.com> wrote:
> Creating the openssl manpages, which happens as part of do_install(),
> can take a significant amount of time (e.g. ~50 seconds on a quad
> core laptop). Provide a PACKAGECONFIG option to allow creation of the
> manpages to be skipped completely if not required. Leave manpages
> enabled by default for target builds, but disable by default for
> -native and -nativesdk.
>
> Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
> ---
> .../0001-allow-manpages-to-be-disabled.patch | 31 ++++++++++++++++++++++
> .../recipes-connectivity/openssl/openssl_1.0.2o.bb | 8 ++++--
> 2 files changed, 37 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
> new file mode 100644
> index 0000000..3f7d649
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
> @@ -0,0 +1,31 @@
> +From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
> +From: Andre McCurdy <armccurdy@gmail.com>
> +Date: Fri, 27 Jul 2018 21:41:06 +0000
> +Subject: [PATCH] allow manpages to be disabled
> +
> +Define OE_DISABLE_MANPAGES (via environment or the make command line)
> +to skip creation and installation of manpages.
> +
> +Upstream-Status: Inappropriate [configuration]
> +
> +Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
> +---
> + Makefile.org | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile.org b/Makefile.org
> +index ed98d2a..747d8cb 100644
> +--- a/Makefile.org
> ++++ b/Makefile.org
> +@@ -549,7 +549,7 @@ dist:
> + @$(MAKE) SDIRS='$(SDIRS)' clean
> + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
> +
> +-install: all install_docs install_sw
> ++install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
> +
> + install_sw:
> + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> index 2804203..527be72 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> @@ -43,6 +43,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> file://Use-SHA256-not-MD5-as-default-digest.patch \
> file://0001-Fix-build-with-clang-using-external-assembler.patch \
> file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
> + file://0001-allow-manpages-to-be-disabled.patch \
> "
>
> SRC_URI_append_class-target = " \
> @@ -61,17 +62,20 @@ UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
>
> inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
>
> -PACKAGECONFIG ?= "cryptodev-linux"
> +PACKAGECONFIG ?= "cryptodev-linux manpages"
> PACKAGECONFIG_class-native = ""
> PACKAGECONFIG_class-nativesdk = ""
>
> -PACKAGECONFIG[perl] = ",,,"
> PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
> +PACKAGECONFIG[manpages] = ",,,"
> +PACKAGECONFIG[perl] = ",,,"
>
> # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
> # vulnerability
> EXTRA_OECONF = "no-ssl3"
>
> +EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
> +
> export OE_LDFLAGS = "${LDFLAGS}"
>
> # openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/5] openssl_1.0: drop obsolete ca.patch
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
` (3 preceding siblings ...)
2018-07-27 23:28 ` [PATCH 5/5] openssl_1.0: squash whitespace in CC_INFO Andre McCurdy
@ 2018-07-28 17:33 ` Alexander Kanavin
2018-07-28 21:01 ` Andre McCurdy
4 siblings, 1 reply; 9+ messages in thread
From: Alexander Kanavin @ 2018-07-28 17:33 UTC (permalink / raw)
To: Andre McCurdy; +Cc: OE-core
Andre, do take a look at 1.1 as well. As soon as the final openssl
1.1.1 is released (and I get the powerful build box my new employer
promised), I'll send a patchset that makes 1.1 the default - I'm not
sure you should put all this effort into a soon obsolete version.
Alex
2018-07-28 1:27 GMT+02:00 Andre McCurdy <armccurdy@gmail.com>:
> This patch adds a second line to the -help output of the CA.pl script
> (which lists almost the same command line options as the line above
> it but in a slightly different order). Although it's tagged as a
> Debian backport, there's no patch like it in recent Debian patch sets
> for openssl 1.0.2.
>
> Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
> ---
> .../openssl/openssl-1.0.2o/debian/ca.patch | 22 ----------------------
> .../recipes-connectivity/openssl/openssl_1.0.2o.bb | 1 -
> 2 files changed, 23 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
> deleted file mode 100644
> index fb745e4..0000000
> --- a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
> +++ /dev/null
> @@ -1,22 +0,0 @@
> -Upstream-Status: Backport [debian]
> -
> -Index: openssl-0.9.8m/apps/CA.pl.in
> -===================================================================
> ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
> -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
> -@@ -65,6 +65,7 @@
> - foreach (@ARGV) {
> - if ( /^(-\?|-h|-help)$/ ) {
> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
> -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
> - exit 0;
> - } elsif (/^-newcert$/) {
> - # create a certificate
> -@@ -165,6 +166,7 @@
> - } else {
> - print STDERR "Unknown arg $_\n";
> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
> -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
> - exit 1;
> - }
> - }
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> index 9e5e7ec..ee1c1f7 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
> @@ -23,7 +23,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> file://engines-install-in-libdir-ssl.patch \
> file://debian1.0.2/block_diginotar.patch \
> file://debian1.0.2/block_digicert_malaysia.patch \
> - file://debian/ca.patch \
> file://debian/c_rehash-compat.patch \
> file://debian/debian-targets.patch \
> file://debian/man-dir.patch \
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages
2018-07-28 11:57 ` Burton, Ross
@ 2018-07-28 20:36 ` Andre McCurdy
0 siblings, 0 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-28 20:36 UTC (permalink / raw)
To: Burton, Ross; +Cc: OE-core
On Sat, Jul 28, 2018 at 4:57 AM, Burton, Ross <ross.burton@intel.com> wrote:
> You might want to use the manpages class here.
Thanks. I was wondering if I could justify disabling the manpages by
default for the target builds too and the api-documentation distro
feature does exactly that :-)
> On 28 July 2018 at 00:28, Andre McCurdy <armccurdy@gmail.com> wrote:
>> Creating the openssl manpages, which happens as part of do_install(),
>> can take a significant amount of time (e.g. ~50 seconds on a quad
>> core laptop). Provide a PACKAGECONFIG option to allow creation of the
>> manpages to be skipped completely if not required. Leave manpages
>> enabled by default for target builds, but disable by default for
>> -native and -nativesdk.
>>
>> Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
>> ---
>> .../0001-allow-manpages-to-be-disabled.patch | 31 ++++++++++++++++++++++
>> .../recipes-connectivity/openssl/openssl_1.0.2o.bb | 8 ++++--
>> 2 files changed, 37 insertions(+), 2 deletions(-)
>> create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
>>
>> diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
>> new file mode 100644
>> index 0000000..3f7d649
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-allow-manpages-to-be-disabled.patch
>> @@ -0,0 +1,31 @@
>> +From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
>> +From: Andre McCurdy <armccurdy@gmail.com>
>> +Date: Fri, 27 Jul 2018 21:41:06 +0000
>> +Subject: [PATCH] allow manpages to be disabled
>> +
>> +Define OE_DISABLE_MANPAGES (via environment or the make command line)
>> +to skip creation and installation of manpages.
>> +
>> +Upstream-Status: Inappropriate [configuration]
>> +
>> +Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
>> +---
>> + Makefile.org | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/Makefile.org b/Makefile.org
>> +index ed98d2a..747d8cb 100644
>> +--- a/Makefile.org
>> ++++ b/Makefile.org
>> +@@ -549,7 +549,7 @@ dist:
>> + @$(MAKE) SDIRS='$(SDIRS)' clean
>> + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
>> +
>> +-install: all install_docs install_sw
>> ++install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
>> +
>> + install_sw:
>> + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
>> +--
>> +1.9.1
>> +
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> index 2804203..527be72 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> @@ -43,6 +43,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>> file://Use-SHA256-not-MD5-as-default-digest.patch \
>> file://0001-Fix-build-with-clang-using-external-assembler.patch \
>> file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
>> + file://0001-allow-manpages-to-be-disabled.patch \
>> "
>>
>> SRC_URI_append_class-target = " \
>> @@ -61,17 +62,20 @@ UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
>>
>> inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
>>
>> -PACKAGECONFIG ?= "cryptodev-linux"
>> +PACKAGECONFIG ?= "cryptodev-linux manpages"
>> PACKAGECONFIG_class-native = ""
>> PACKAGECONFIG_class-nativesdk = ""
>>
>> -PACKAGECONFIG[perl] = ",,,"
>> PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
>> +PACKAGECONFIG[manpages] = ",,,"
>> +PACKAGECONFIG[perl] = ",,,"
>>
>> # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
>> # vulnerability
>> EXTRA_OECONF = "no-ssl3"
>>
>> +EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
>> +
>> export OE_LDFLAGS = "${LDFLAGS}"
>>
>> # openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 1/5] openssl_1.0: drop obsolete ca.patch
2018-07-28 17:33 ` [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Alexander Kanavin
@ 2018-07-28 21:01 ` Andre McCurdy
0 siblings, 0 replies; 9+ messages in thread
From: Andre McCurdy @ 2018-07-28 21:01 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: OE-core
On Sat, Jul 28, 2018 at 10:33 AM, Alexander Kanavin
<alex.kanavin@gmail.com> wrote:
> Andre, do take a look at 1.1 as well. As soon as the final openssl
> 1.1.1 is released (and I get the powerful build box my new employer
> promised), I'll send a patchset that makes 1.1 the default - I'm not
> sure you should put all this effort into a soon obsolete version.
I will certainly look at the 1.1 recipe too, but any work on cleaning
up the 1.0 recipe won't go to waste. I work with a silicon supplier
who's current SDK is based on daisy (they are in the process of
updating to morty). Their silicon and daisy based firmware images ship
in literally millions of products (all of them with a high speed
internet connection). Having a more robust openssl 1.0 recipe in
master gives me something I can more easily backport to the older OE
releases used in these SDKs.
> 2018-07-28 1:27 GMT+02:00 Andre McCurdy <armccurdy@gmail.com>:
>> This patch adds a second line to the -help output of the CA.pl script
>> (which lists almost the same command line options as the line above
>> it but in a slightly different order). Although it's tagged as a
>> Debian backport, there's no patch like it in recent Debian patch sets
>> for openssl 1.0.2.
>>
>> Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
>> ---
>> .../openssl/openssl-1.0.2o/debian/ca.patch | 22 ----------------------
>> .../recipes-connectivity/openssl/openssl_1.0.2o.bb | 1 -
>> 2 files changed, 23 deletions(-)
>> delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
>>
>> diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
>> deleted file mode 100644
>> index fb745e4..0000000
>> --- a/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
>> +++ /dev/null
>> @@ -1,22 +0,0 @@
>> -Upstream-Status: Backport [debian]
>> -
>> -Index: openssl-0.9.8m/apps/CA.pl.in
>> -===================================================================
>> ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
>> -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
>> -@@ -65,6 +65,7 @@
>> - foreach (@ARGV) {
>> - if ( /^(-\?|-h|-help)$/ ) {
>> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
>> -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
>> - exit 0;
>> - } elsif (/^-newcert$/) {
>> - # create a certificate
>> -@@ -165,6 +166,7 @@
>> - } else {
>> - print STDERR "Unknown arg $_\n";
>> - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
>> -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
>> - exit 1;
>> - }
>> - }
>> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> index 9e5e7ec..ee1c1f7 100644
>> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
>> @@ -23,7 +23,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>> file://engines-install-in-libdir-ssl.patch \
>> file://debian1.0.2/block_diginotar.patch \
>> file://debian1.0.2/block_digicert_malaysia.patch \
>> - file://debian/ca.patch \
>> file://debian/c_rehash-compat.patch \
>> file://debian/debian-targets.patch \
>> file://debian/man-dir.patch \
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-07-28 21:01 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-27 23:27 [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Andre McCurdy
2018-07-27 23:27 ` [PATCH 2/5] openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS Andre McCurdy
2018-07-27 23:27 ` [PATCH 3/5] openssl_1.0: drop unmaintained darwin support Andre McCurdy
2018-07-27 23:28 ` [PATCH 4/5] openssl_1.0: add PACKAGECONFIG option to control manpages Andre McCurdy
2018-07-28 11:57 ` Burton, Ross
2018-07-28 20:36 ` Andre McCurdy
2018-07-27 23:28 ` [PATCH 5/5] openssl_1.0: squash whitespace in CC_INFO Andre McCurdy
2018-07-28 17:33 ` [PATCH 1/5] openssl_1.0: drop obsolete ca.patch Alexander Kanavin
2018-07-28 21:01 ` Andre McCurdy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.