[PATCH 1/6] cups: Turn gnutls into a packageconfig knob

[PATCH 1/6] cups: Turn gnutls into a packageconfig knob

[Khem Raj]

Disable it by default

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-extended/cups/cups.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 244c87001f..9faac08104 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -6,7 +6,7 @@ document types."
 HOMEPAGE = "https://www.cups.org/"
 SECTION = "console/utils"
 LICENSE = "Apache-2.0"
-DEPENDS = "gnutls libpng jpeg dbus zlib libusb1"
+DEPENDS = "libpng jpeg dbus zlib libusb1"
 
 SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.tar.gz \
            file://0001-use-echo-only-in-init.patch \
@@ -43,12 +43,12 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi',
                    ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
 PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi"
 PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
 PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
 PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
 PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
 
 EXTRA_OECONF = " \
-               --enable-gnutls \
                --enable-dbus \
                --enable-browsing \
                --disable-gssapi \
-- 
2.31.1

[PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls

[Khem Raj]

Change the defaults to use openSSL

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-core/glib-networking/glib-networking_2.66.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
index 230932daf0..786de744cb 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
@@ -11,7 +11,7 @@ DEPENDS = "glib-2.0"
 
 SRC_URI[archive.sha256sum] = "c5d7be2437fdd196eebfb70c4517b96d3ba7ec13bd496318b8f02dea383e0099"
 
-PACKAGECONFIG ??= "gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
 
 PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls"
 PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
-- 
2.31.1

[PATCH 3/6] wpa-supplicant: Enable openssl

[Khem Raj]

Use openSSL for TLS/SSL implementation

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index cddcfb6811..16c5918522 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
 DEPENDS = "dbus libnl"
 RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
 
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "openssl"
 PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = ",,openssl"
 
-- 
2.31.1

[PATCH 4/6] curl: Use openssl backend

[Khem Raj]

use openssl instead of gnutls

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-support/curl/curl_7.76.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/curl/curl_7.76.0.bb b/meta/recipes-support/curl/curl_7.76.0.bb
index 634bbd72c2..db6318148f 100644
--- a/meta/recipes-support/curl/curl_7.76.0.bb
+++ b/meta/recipes-support/curl/curl_7.76.0.bb
@@ -20,7 +20,7 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
 
 inherit autotools pkgconfig binconfig multilib_header
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
 PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
 PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
 
-- 
2.31.1

[PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends

[Khem Raj]

Use openssl by default

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb      | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
index ce2082ee32..96f01391b4 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
@@ -28,8 +28,8 @@ PACKAGECONFIG ??= " \
     ${@bb.utils.filter('DISTRO_FEATURES', 'directfb vulkan', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gl', '', d)} \
-    bz2 closedcaption curl dash dtls hls rsvg sbc smoothstreaming sndfile \
-    ttml uvch264 webp \
+    bz2 closedcaption curl dash dtls hls openssl rsvg sbc smoothstreaming \
+    sndfile ttml uvch264 webp \
 "
 
 PACKAGECONFIG[aom]             = "-Daom=enabled,-Daom=disabled,aom"
@@ -45,7 +45,11 @@ PACKAGECONFIG[dtls]            = "-Ddtls=enabled,-Ddtls=disabled,openssl"
 PACKAGECONFIG[faac]            = "-Dfaac=enabled,-Dfaac=disabled,faac"
 PACKAGECONFIG[faad]            = "-Dfaad=enabled,-Dfaad=disabled,faad2"
 PACKAGECONFIG[fluidsynth]      = "-Dfluidsynth=enabled,-Dfluidsynth=disabled,fluidsynth"
-PACKAGECONFIG[hls]             = "-Dhls=enabled -Dhls-crypto=nettle,-Dhls=disabled,nettle"
+PACKAGECONFIG[hls]             = "-Dhls=enabled,-Dhls=disabled,"
+# Pick atleast one crypto backend below when enabling hls
+PACKAGECONFIG[nettle]          = "-Dhls-crypto=nettle,,nettle"
+PACKAGECONFIG[openssl]         = "-Dhls-crypto=openssl,,openssl"
+PACKAGECONFIG[gcrypt]          = "-Dhls-crypto=libgcrypt,,libgcrypt"
 # the gl packageconfig enables OpenGL elements that haven't been ported
 # to -base yet. They depend on the gstgl library in -base, so we do
 # not add GL dependencies here, since these are taken care of in -base.
@@ -148,4 +152,3 @@ FILES_${PN}-freeverb += "${datadir}/gstreamer-1.0/presets/GstFreeverb.prs"
 FILES_${PN}-opencv += "${datadir}/gst-plugins-bad/1.0/opencv*"
 FILES_${PN}-transcode += "${datadir}/gstreamer-1.0/encoding-profiles"
 FILES_${PN}-voamrwbenc += "${datadir}/gstreamer-1.0/presets/GstVoAmrwbEnc.prs"
-
-- 
2.31.1

[PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices

[Khem Raj]

Use libicu by default

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-support/libpsl/libpsl_0.21.1.bb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-support/libpsl/libpsl_0.21.1.bb b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
index db4b3a5991..4fc0ad8acb 100644
--- a/meta/recipes-support/libpsl/libpsl_0.21.1.bb
+++ b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
@@ -16,11 +16,10 @@ SRC_URI[sha256sum] = "ac6ce1e1fbd4d0254c4ddb9d37f1fa99dec83619c1253328155206b896
 
 UPSTREAM_CHECK_URI = "https://github.com/rockdaboot/libpsl/releases"
 
-DEPENDS = "libidn2"
-
 inherit autotools gettext gtk-doc manpages pkgconfig lib_package
 
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ?= "icu"
 PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native"
-
+PACKAGECONFIG[icu] = "--enable-runtime=libicu --enable-builtin=libicu,,icu"
+PACKAGECONFIG[idn2] = "--enable-runtime=libidn2 --enable-builtin=libidn2,,libidn2 libunistring"
 BBCLASSEXTEND = "native nativesdk"
-- 
2.31.1

Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl

[Armin Kuster]

On 4/18/21 1:16 AM, Khem Raj wrote:
> Use openSSL for TLS/SSL implementation

I wonder if leveraging the "virtual" framework might work here so that
openssl, gnutls or wolfssl (whatever)  would trickle down and use the
same TLS/SSl package evenly across all recipes in a single image?

-armin
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
>  meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> index cddcfb6811..16c5918522 100644
> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
>  DEPENDS = "dbus libnl"
>  RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
>  
> -PACKAGECONFIG ??= "gnutls"
> +PACKAGECONFIG ??= "openssl"
>  PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
>  PACKAGECONFIG[openssl] = ",,openssl"
>  
>
> 
>

Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl

[Richard Purdie]

On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
> 
> On 4/18/21 1:16 AM, Khem Raj wrote:
> > Use openSSL for TLS/SSL implementation
> 
> I wonder if leveraging the "virtual" framework might work here so that
> openssl, gnutls or wolfssl (whatever)  would trickle down and use the
> same TLS/SSl package evenly across all recipes in a single image?

The trouble is that each recipe has its own set of PACKAGECONFIG/depends 
changes needed between a differing set of options so its going to be hard 
to make one soultion which fits virutal/XXX as instead there are a list 
of different options with differing priorities. Not sure how best to 
handle it :/

Cheers,

Richard

Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl

[Khem Raj]

On Sun, Apr 18, 2021 at 3:10 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
> >
> > On 4/18/21 1:16 AM, Khem Raj wrote:
> > > Use openSSL for TLS/SSL implementation
> >
> > I wonder if leveraging the "virtual" framework might work here so that
> > openssl, gnutls or wolfssl (whatever)  would trickle down and use the
> > same TLS/SSl package evenly across all recipes in a single image?
>
> The trouble is that each recipe has its own set of PACKAGECONFIG/depends
> changes needed between a differing set of options so its going to be hard
> to make one soultion which fits virutal/XXX as instead there are a list
> of different options with differing priorities. Not sure how best to
> handle it :/

yeah perhaps a DISTRO_FEATURE could be the global knob to control it.
In most cases openssl is a sane choice

>
> Cheers,
>
> Richard
>