* [PATCH 1/6] cups: Turn gnutls into a packageconfig knob
@ 2021-04-18 8:16 Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Disable it by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-extended/cups/cups.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 244c87001f..9faac08104 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -6,7 +6,7 @@ document types."
HOMEPAGE = "https://www.cups.org/"
SECTION = "console/utils"
LICENSE = "Apache-2.0"
-DEPENDS = "gnutls libpng jpeg dbus zlib libusb1"
+DEPENDS = "libpng jpeg dbus zlib libusb1"
SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.tar.gz \
file://0001-use-echo-only-in-init.patch \
@@ -43,12 +43,12 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi',
${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
EXTRA_OECONF = " \
- --enable-gnutls \
--enable-dbus \
--enable-browsing \
--disable-gssapi \
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Change the defaults to use openSSL
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-core/glib-networking/glib-networking_2.66.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
index 230932daf0..786de744cb 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
@@ -11,7 +11,7 @@ DEPENDS = "glib-2.0"
SRC_URI[archive.sha256sum] = "c5d7be2437fdd196eebfb70c4517b96d3ba7ec13bd496318b8f02dea383e0099"
-PACKAGECONFIG ??= "gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls"
PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 22:03 ` [OE-core] " Armin Kuster
2021-04-18 8:16 ` [PATCH 4/6] curl: Use openssl backend Khem Raj
` (2 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use openSSL for TLS/SSL implementation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index cddcfb6811..16c5918522 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
DEPENDS = "dbus libnl"
RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "openssl"
PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
PACKAGECONFIG[openssl] = ",,openssl"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/6] curl: Use openssl backend
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends Khem Raj
2021-04-18 8:16 ` [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
use openssl instead of gnutls
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-support/curl/curl_7.76.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/curl/curl_7.76.0.bb b/meta/recipes-support/curl/curl_7.76.0.bb
index 634bbd72c2..db6318148f 100644
--- a/meta/recipes-support/curl/curl_7.76.0.bb
+++ b/meta/recipes-support/curl/curl_7.76.0.bb
@@ -20,7 +20,7 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
inherit autotools pkgconfig binconfig multilib_header
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
` (2 preceding siblings ...)
2021-04-18 8:16 ` [PATCH 4/6] curl: Use openssl backend Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use openssl by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
.../gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
index ce2082ee32..96f01391b4 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
@@ -28,8 +28,8 @@ PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'directfb vulkan', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gl', '', d)} \
- bz2 closedcaption curl dash dtls hls rsvg sbc smoothstreaming sndfile \
- ttml uvch264 webp \
+ bz2 closedcaption curl dash dtls hls openssl rsvg sbc smoothstreaming \
+ sndfile ttml uvch264 webp \
"
PACKAGECONFIG[aom] = "-Daom=enabled,-Daom=disabled,aom"
@@ -45,7 +45,11 @@ PACKAGECONFIG[dtls] = "-Ddtls=enabled,-Ddtls=disabled,openssl"
PACKAGECONFIG[faac] = "-Dfaac=enabled,-Dfaac=disabled,faac"
PACKAGECONFIG[faad] = "-Dfaad=enabled,-Dfaad=disabled,faad2"
PACKAGECONFIG[fluidsynth] = "-Dfluidsynth=enabled,-Dfluidsynth=disabled,fluidsynth"
-PACKAGECONFIG[hls] = "-Dhls=enabled -Dhls-crypto=nettle,-Dhls=disabled,nettle"
+PACKAGECONFIG[hls] = "-Dhls=enabled,-Dhls=disabled,"
+# Pick atleast one crypto backend below when enabling hls
+PACKAGECONFIG[nettle] = "-Dhls-crypto=nettle,,nettle"
+PACKAGECONFIG[openssl] = "-Dhls-crypto=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "-Dhls-crypto=libgcrypt,,libgcrypt"
# the gl packageconfig enables OpenGL elements that haven't been ported
# to -base yet. They depend on the gstgl library in -base, so we do
# not add GL dependencies here, since these are taken care of in -base.
@@ -148,4 +152,3 @@ FILES_${PN}-freeverb += "${datadir}/gstreamer-1.0/presets/GstFreeverb.prs"
FILES_${PN}-opencv += "${datadir}/gst-plugins-bad/1.0/opencv*"
FILES_${PN}-transcode += "${datadir}/gstreamer-1.0/encoding-profiles"
FILES_${PN}-voamrwbenc += "${datadir}/gstreamer-1.0/presets/GstVoAmrwbEnc.prs"
-
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
` (3 preceding siblings ...)
2021-04-18 8:16 ` [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use libicu by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-support/libpsl/libpsl_0.21.1.bb | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-support/libpsl/libpsl_0.21.1.bb b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
index db4b3a5991..4fc0ad8acb 100644
--- a/meta/recipes-support/libpsl/libpsl_0.21.1.bb
+++ b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
@@ -16,11 +16,10 @@ SRC_URI[sha256sum] = "ac6ce1e1fbd4d0254c4ddb9d37f1fa99dec83619c1253328155206b896
UPSTREAM_CHECK_URI = "https://github.com/rockdaboot/libpsl/releases"
-DEPENDS = "libidn2"
-
inherit autotools gettext gtk-doc manpages pkgconfig lib_package
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ?= "icu"
PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native"
-
+PACKAGECONFIG[icu] = "--enable-runtime=libicu --enable-builtin=libicu,,icu"
+PACKAGECONFIG[idn2] = "--enable-runtime=libidn2 --enable-builtin=libidn2,,libidn2 libunistring"
BBCLASSEXTEND = "native nativesdk"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
@ 2021-04-18 22:03 ` Armin Kuster
2021-04-18 22:10 ` Richard Purdie
0 siblings, 1 reply; 9+ messages in thread
From: Armin Kuster @ 2021-04-18 22:03 UTC (permalink / raw)
To: Khem Raj, openembedded-core
On 4/18/21 1:16 AM, Khem Raj wrote:
> Use openSSL for TLS/SSL implementation
I wonder if leveraging the "virtual" framework might work here so that
openssl, gnutls or wolfssl (whatever) would trickle down and use the
same TLS/SSl package evenly across all recipes in a single image?
-armin
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
> meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> index cddcfb6811..16c5918522 100644
> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
> DEPENDS = "dbus libnl"
> RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
>
> -PACKAGECONFIG ??= "gnutls"
> +PACKAGECONFIG ??= "openssl"
> PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
> PACKAGECONFIG[openssl] = ",,openssl"
>
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 22:03 ` [OE-core] " Armin Kuster
@ 2021-04-18 22:10 ` Richard Purdie
2021-04-19 5:19 ` Khem Raj
0 siblings, 1 reply; 9+ messages in thread
From: Richard Purdie @ 2021-04-18 22:10 UTC (permalink / raw)
To: Armin Kuster, Khem Raj, openembedded-core
On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
>
> On 4/18/21 1:16 AM, Khem Raj wrote:
> > Use openSSL for TLS/SSL implementation
>
> I wonder if leveraging the "virtual" framework might work here so that
> openssl, gnutls or wolfssl (whatever) would trickle down and use the
> same TLS/SSl package evenly across all recipes in a single image?
The trouble is that each recipe has its own set of PACKAGECONFIG/depends
changes needed between a differing set of options so its going to be hard
to make one soultion which fits virutal/XXX as instead there are a list
of different options with differing priorities. Not sure how best to
handle it :/
Cheers,
Richard
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 22:10 ` Richard Purdie
@ 2021-04-19 5:19 ` Khem Raj
0 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-19 5:19 UTC (permalink / raw)
To: Richard Purdie
Cc: Armin Kuster, Patches and discussions about the oe-core layer
On Sun, Apr 18, 2021 at 3:10 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
> >
> > On 4/18/21 1:16 AM, Khem Raj wrote:
> > > Use openSSL for TLS/SSL implementation
> >
> > I wonder if leveraging the "virtual" framework might work here so that
> > openssl, gnutls or wolfssl (whatever) would trickle down and use the
> > same TLS/SSl package evenly across all recipes in a single image?
>
> The trouble is that each recipe has its own set of PACKAGECONFIG/depends
> changes needed between a differing set of options so its going to be hard
> to make one soultion which fits virutal/XXX as instead there are a list
> of different options with differing priorities. Not sure how best to
> handle it :/
yeah perhaps a DISTRO_FEATURE could be the global knob to control it.
In most cases openssl is a sane choice
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-04-19 5:19 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
2021-04-18 22:03 ` [OE-core] " Armin Kuster
2021-04-18 22:10 ` Richard Purdie
2021-04-19 5:19 ` Khem Raj
2021-04-18 8:16 ` [PATCH 4/6] curl: Use openssl backend Khem Raj
2021-04-18 8:16 ` [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends Khem Raj
2021-04-18 8:16 ` [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.