[Buildroot] [PATCH v2 1/4] libressl: new package

[Buildroot] [PATCH v2 1/4] libressl: new package

[Adam Duskett]

Libressl is a fork of openssl from OpenSSL in 2014.  Its goal is to
modernize the OpenSSL codebase, improve security, and apply best
practice development processes.

Right now, libressl is API compatible with OpenSSL 1.0.1, but does not
yet include all new APIs from OpenSSL 1.0.2 and later.

This package has been tested with the following architectures and c
libraries:

- armv4
- aarch64
- ppc
- ppc64
- ppc64le
- x86_64
- uClibc-ng
- glibc 2.24
- musl

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - Changed from github to openbsd ftp. This is a all-in-one tarball
    that negates having to use the POST_PATCH_HOOKS. (Thomas)
  - Added 0001-remove-test-z-DESTDIR-from-ltmain.patch, this allows
    ltmain.sh to be patched with buildroot-libtool-v2.4.patch, which
    removes the need for a call to autogen.sh.
  - Changed sha256sum to reflect new tarball.
  - Changed Locally computed to openbsd ftp hash list in hash file. (Arnout)
  - Added DEVELOPERS changes to this patch. (Thomas)
  - Fixed formatting in commit message. (Thomas)
  - Removed "and scripts" from Config.in (Arnout)

 DEVELOPERS                                         |  1 +
 package/Config.in                                  |  1 +
 .../0001-remove-test-z-DESTDIR-from-ltmain.patch   | 28 ++++++++++++++++++++++
 package/libressl/Config.in                         | 20 ++++++++++++++++
 package/libressl/libressl.hash                     |  2 ++
 package/libressl/libressl.mk                       | 22 +++++++++++++++++
 6 files changed, 74 insertions(+)
 create mode 100644 package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch
 create mode 100644 package/libressl/Config.in
 create mode 100644 package/libressl/libressl.hash
 create mode 100644 package/libressl/libressl.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 9e421f4..b9f9d9d 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -34,6 +34,7 @@ F:	package/audit/
 F:	package/checkpolicy/
 F:	package/gstreamer1/gst1-vaapi/
 F:	package/janus-gateway/
+F:	package/libressl/
 F:	package/libselinux/
 F:	package/libsemanage/
 F:	package/libsepol/
diff --git a/package/Config.in b/package/Config.in
index f69f67f..89b1ee4 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -975,6 +975,7 @@ menu "Crypto"
 	source "package/libmcrypt/Config.in"
 	source "package/libmhash/Config.in"
 	source "package/libnss/Config.in"
+	source "package/libressl/Config.in"
 	source "package/libscrypt/Config.in"
 	source "package/libsecret/Config.in"
 	source "package/libsha1/Config.in"
diff --git a/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch b/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch
new file mode 100644
index 0000000..901a48c
--- /dev/null
+++ b/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch
@@ -0,0 +1,28 @@
+From 4317d43d74996ad7ec3270b1e786e91a19312309 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Sat, 24 Jun 2017 13:08:57 -0400
+Subject: [PATCH] remove test -z "$DESTDIR" from ltmain.sh.
+
+Without this patch, buildroot-libtool-v2.4.patch will fail to apply.
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ ltmain.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ltmain.sh b/ltmain.sh
+index 5d29bd6..6c90601 100644
+--- a/ltmain.sh
++++ b/ltmain.sh
+@@ -6658,7 +6658,7 @@ func_mode_link ()
+ 	  *)
+ 	    if test "$installed" = no; then
+ 	      func_append notinst_deplibs " $lib"
+-	      test -z "$DESTDIR" && need_relink=yes
++	      need_relink=yes
+ 	    fi
+ 	    ;;
+ 	  esac
+-- 
+2.9.4
+
diff --git a/package/libressl/Config.in b/package/libressl/Config.in
new file mode 100644
index 0000000..035176a
--- /dev/null
+++ b/package/libressl/Config.in
@@ -0,0 +1,19 @@
+config BR2_PACKAGE_LIBRESSL
+	bool "libressl"
+	help
+	  LibreSSL is a version of the TLS/crypto stack forked from
+	  OpenSSL in 2014, with goals of modernizing the codebase,
+	  improving security, and applying best practice development
+	  processes.
+
+	  http://www.libressl.org/
+
+if BR2_PACKAGE_LIBRESSL
+
+config BR2_PACKAGE_LIBRESSL_BIN
+	bool "openssl binary"
+	help
+	  Install the openssl binary to the target file system. This is a
+	  command line tool for doing various cryptographic stuff.
+
+endif
diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
new file mode 100644
index 0000000..9ffe964
--- /dev/null
+++ b/package/libressl/libressl.hash
@@ -0,0 +1,2 @@
+# From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
+sha256	107a5b522fbb8318d4c3be668075e5e607296f0a9255d71674caa94571336efa	libressl-2.5.4.tar.gz
diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
new file mode 100644
index 0000000..f315165
--- /dev/null
+++ b/package/libressl/libressl.mk
@@ -0,0 +1,22 @@
+################################################################################
+#
+# libressl
+#
+################################################################################
+
+LIBRESSL_VERSION = 2.5.4
+LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
+LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz
+LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
+LIBRESSL_LICENSE_FILES = COPYING
+LIBRESSL_INSTALL_STAGING = YES
+
+ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
+define LIBRESSL_REMOVE_BIN
+	$(RM) -f $(TARGET_DIR)/usr/bin/openssl
+endef
+LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
+endif
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))
-- 
2.9.4

[Buildroot] [PATCH v2 2/4] libssl: new virtual package

[Adam Duskett]

libressl is API compatible with OpenSSL 1.0.1 and is almost API
compatible with OpenSSL 1.0.2.  As such, a new virtual package is needed
to handle having both libressl and openssl.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - Removed final "." in commit title. (Thomas)
  - Fixed indentation issues in commit message.

 package/Config.in        | 1 +
 package/libssl/Config.in | 6 ++++++
 package/libssl/libssl.mk | 7 +++++++
 3 files changed, 14 insertions(+)
 create mode 100644 package/libssl/Config.in
 create mode 100644 package/libssl/libssl.mk

diff --git a/package/Config.in b/package/Config.in
index 89b1ee4..0279e79 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -979,6 +979,7 @@ menu "Crypto"
 	source "package/libscrypt/Config.in"
 	source "package/libsecret/Config.in"
 	source "package/libsha1/Config.in"
+	source "package/libssl/Config.in"
 	source "package/libsodium/Config.in"
 	source "package/libssh/Config.in"
 	source "package/libssh2/Config.in"
diff --git a/package/libssl/Config.in b/package/libssl/Config.in
new file mode 100644
index 0000000..71347de
--- /dev/null
+++ b/package/libssl/Config.in
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_HAS_LIBSSL
+	bool
+
+config BR2_PACKAGE_PROVIDES_LIBSSL
+	string
+	depends on BR2_PACKAGE_HAS_LIBSSL
diff --git a/package/libssl/libssl.mk b/package/libssl/libssl.mk
new file mode 100644
index 0000000..6e89bcc
--- /dev/null
+++ b/package/libssl/libssl.mk
@@ -0,0 +1,7 @@
+################################################################################
+#
+# libssl
+#
+################################################################################
+
+$(eval $(virtual-package))
-- 
2.9.4

[Buildroot] [PATCH v2 3/4] libressl: add libssl virtual package support.

[Adam Duskett]

libressl can provide libssl.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - None.

 package/libressl/Config.in   | 4 ++++
 package/libressl/libressl.mk | 1 +
 2 files changed, 5 insertions(+)

diff --git a/package/libressl/Config.in b/package/libressl/Config.in
index 035176a..2cc87d0 100644
--- a/package/libressl/Config.in
+++ b/package/libressl/Config.in
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_LIBRESSL
 	bool "libressl"
+	select BR2_PACKAGE_HAS_LIBSSL
 	help
 	  LibreSSL is a version of the TLS/crypto stack forked from
 	  OpenSSL in 2014, with goals of modernizing the codebase,
@@ -10,6 +11,9 @@ config BR2_PACKAGE_LIBRESSL
 
 if BR2_PACKAGE_LIBRESSL
 
+config BR2_PACKAGE_PROVIDES_LIBSSL
+	default "libressl"
+
 config BR2_PACKAGE_LIBRESSL_BIN
 	bool "openssl binary"
 	help
diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
index f315165..e8145c0 100644
--- a/package/libressl/libressl.mk
+++ b/package/libressl/libressl.mk
@@ -10,6 +10,7 @@ LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz
 LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
 LIBRESSL_LICENSE_FILES = COPYING
 LIBRESSL_INSTALL_STAGING = YES
+LIBRESSL_PROVIDES = libssl
 
 ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
 define LIBRESSL_REMOVE_BIN
-- 
2.9.4

[Buildroot] [PATCH v2 4/4] openssl: add libssl virtual package support

[Adam Duskett]

openssl can provide libssl.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - None.

 package/openssl/Config.in  | 4 ++++
 package/openssl/openssl.mk | 1 +
 2 files changed, 5 insertions(+)

diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index e08b648..d024cb4 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_OPENSSL
 	bool "openssl"
 	select BR2_PACKAGE_ZLIB
+	select BR2_PACKAGE_HAS_LIBSSL
 	help
 	  A collaborative effort to develop a robust, commercial-grade, fully
 	  featured, and Open Source toolkit implementing the Secure Sockets
@@ -13,6 +14,9 @@ config BR2_PACKAGE_OPENSSL
 
 if BR2_PACKAGE_OPENSSL
 
+config BR2_PACKAGE_PROVIDES_LIBSSL
+	default "openssl"
+
 config BR2_PACKAGE_OPENSSL_BIN
 	bool "openssl binary"
 	help
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 5f56b44..c028290 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -10,6 +10,7 @@ OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE
 OPENSSL_INSTALL_STAGING = YES
 OPENSSL_DEPENDENCIES = zlib
+OPENSSL_PROVIDES = libssl
 HOST_OPENSSL_DEPENDENCIES = host-zlib
 OPENSSL_TARGET_ARCH = generic32
 OPENSSL_CFLAGS = $(TARGET_CFLAGS)
-- 
2.9.4

[Buildroot] [PATCH v2 3/4] libressl: add libssl virtual package support.

[Adam Duskett]

Sorry about the final period.  Hard habit to break!

On Sat, Jun 24, 2017 at 1:28 PM, Adam Duskett <aduskett@gmail.com> wrote:
> libressl can provide libssl.
>
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> ---
> Changes v1 -> v2:
>   - None.
>
>  package/libressl/Config.in   | 4 ++++
>  package/libressl/libressl.mk | 1 +
>  2 files changed, 5 insertions(+)
>
> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
> index 035176a..2cc87d0 100644
> --- a/package/libressl/Config.in
> +++ b/package/libressl/Config.in
> @@ -1,5 +1,6 @@
>  config BR2_PACKAGE_LIBRESSL
>         bool "libressl"
> +       select BR2_PACKAGE_HAS_LIBSSL
>         help
>           LibreSSL is a version of the TLS/crypto stack forked from
>           OpenSSL in 2014, with goals of modernizing the codebase,
> @@ -10,6 +11,9 @@ config BR2_PACKAGE_LIBRESSL
>
>  if BR2_PACKAGE_LIBRESSL
>
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> +       default "libressl"
> +
>  config BR2_PACKAGE_LIBRESSL_BIN
>         bool "openssl binary"
>         help
> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> index f315165..e8145c0 100644
> --- a/package/libressl/libressl.mk
> +++ b/package/libressl/libressl.mk
> @@ -10,6 +10,7 @@ LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz
>  LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
>  LIBRESSL_LICENSE_FILES = COPYING
>  LIBRESSL_INSTALL_STAGING = YES
> +LIBRESSL_PROVIDES = libssl
>
>  ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
>  define LIBRESSL_REMOVE_BIN
> --
> 2.9.4
>

[Buildroot] [PATCH v2 1/4] libressl: new package

[Thomas Petazzoni]

Hello,

On Sat, 24 Jun 2017 13:28:57 -0400, Adam Duskett wrote:
> Libressl is a fork of openssl from OpenSSL in 2014.  Its goal is to
> modernize the OpenSSL codebase, improve security, and apply best
> practice development processes.
> 
> Right now, libressl is API compatible with OpenSSL 1.0.1, but does not
> yet include all new APIs from OpenSSL 1.0.2 and later.
> 
> This package has been tested with the following architectures and c
> libraries:

If I apply just this patch, then the libressl package can be enabled at
the same time as the openssl package, with one overwriting the files
installed by the other.

So I think we need to introduce the virtual package first, with openssl
as the only provider, and then add libressl.


> diff --git a/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch b/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch
> new file mode 100644
> index 0000000..901a48c
> --- /dev/null
> +++ b/package/libressl/0001-remove-test-z-DESTDIR-from-ltmain.patch
> @@ -0,0 +1,28 @@
> +From 4317d43d74996ad7ec3270b1e786e91a19312309 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Sat, 24 Jun 2017 13:08:57 -0400
> +Subject: [PATCH] remove test -z "$DESTDIR" from ltmain.sh.
> +
> +Without this patch, buildroot-libtool-v2.4.patch will fail to apply.
> +
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>

A bit weird. Why does their ltmain.sh differs from other ltmain.sh
generated by libtool 2.4 ?

> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> new file mode 100644
> index 0000000..f315165
> --- /dev/null
> +++ b/package/libressl/libressl.mk
> @@ -0,0 +1,22 @@
> +################################################################################
> +#
> +# libressl
> +#
> +################################################################################
> +
> +LIBRESSL_VERSION = 2.5.4
> +LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
> +LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz
> +LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
> +LIBRESSL_LICENSE_FILES = COPYING
> +LIBRESSL_INSTALL_STAGING = YES
> +
> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
> +define LIBRESSL_REMOVE_BIN
> +	$(RM) -f $(TARGET_DIR)/usr/bin/openssl
> +endef
> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
> +endif
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))

Another question is how do we handle the host package. Right now, all
packages that need openssl on the host depend on host-openssl. So as it
is, this host-libressl package is never used.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

[Buildroot] [PATCH v2 2/4] libssl: new virtual package

[Thomas Petazzoni]

Hello,

On Sat, 24 Jun 2017 13:28:58 -0400, Adam Duskett wrote:
> libressl is API compatible with OpenSSL 1.0.1 and is almost API
> compatible with OpenSSL 1.0.2.  As such, a new virtual package is needed
> to handle having both libressl and openssl.
> 
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> ---
> Changes v1 -> v2:
>   - Removed final "." in commit title. (Thomas)
>   - Fixed indentation issues in commit message.

I still don't get what is the plan for this virtual package. We have
two options:

 - Make it a regular virtual package, like package/opengl/libgles/.
   However in this case, we must change all packages that need
   OpenSSL/LibreSSL to use a "depends on BR2_PACKAGE_LIBSSL", which is
   a bit annoying.

 - Make it a virtual package like package/jpeg/, where it has a choice
   to define which jpeg implementation should be used. This nicely
   allows packages to "select BR2_PACKAGE_LIBSSL".

Also, how are we going to handle the fact that some packages support
only OpenSSL, while some support both OpenSSL and LibreSSL.

Even if all of this doesn't get implemented in the first series, I
still would like to understand what the plan is.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH v2 1/4] libressl: new package

[Arnout Vandecappelle]

On 24-06-17 21:42, Thomas Petazzoni wrote:
> Hello,
> 
> On Sat, 24 Jun 2017 13:28:57 -0400, Adam Duskett wrote:
[snip]
>> +$(eval $(autotools-package))
>> +$(eval $(host-autotools-package))
> 
> Another question is how do we handle the host package. Right now, all
> packages that need openssl on the host depend on host-openssl. So as it
> is, this host-libressl package is never used.

 Au contraire: the host-virtual-package infra will use the one selected for the
target, so if target libressl is selected, host-libssl will depend on
host-libressl. So the host-libressl package is required.

 Except that Adam didn't add host-libssl :-)

 Actually, I guess it's OK if packages always use host-openssl. Shouldn't make a
difference for the target, right?


 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH v2 2/4] libssl: new virtual package

[Arnout Vandecappelle]

On 24-06-17 21:45, Thomas Petazzoni wrote:
> Hello,
> 
> On Sat, 24 Jun 2017 13:28:58 -0400, Adam Duskett wrote:
>> libressl is API compatible with OpenSSL 1.0.1 and is almost API
>> compatible with OpenSSL 1.0.2.  As such, a new virtual package is needed
>> to handle having both libressl and openssl.
>>
>> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
>> ---
>> Changes v1 -> v2:
>>   - Removed final "." in commit title. (Thomas)
>>   - Fixed indentation issues in commit message.
> 
> I still don't get what is the plan for this virtual package. We have
> two options:
> 
>  - Make it a regular virtual package, like package/opengl/libgles/.
>    However in this case, we must change all packages that need
>    OpenSSL/LibreSSL to use a "depends on BR2_PACKAGE_LIBSSL", which is
>    a bit annoying.

 It can also be
	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
but then the advantage of a virtual package is almost gone...

> 
>  - Make it a virtual package like package/jpeg/, where it has a choice
>    to define which jpeg implementation should be used. This nicely
>    allows packages to "select BR2_PACKAGE_LIBSSL".

 Yeah, I like the second option more and more. One big problem though: it's
difficult to migrate, because *all* the 'select BR2_PACKAGE_OPENSSL" have to be
converted into "select BR2_PACKAGE_LIBSSL"... So starting like this and
introducing the choice later seems to be the most viable approach.


> Also, how are we going to handle the fact that some packages support
> only OpenSSL, while some support both OpenSSL and LibreSSL.

 With the regular virtual package you can just do
	select BR2_PACKAGE_OPENSSL
and then you get an error as soon as you try to build if libressl is selected. I
think adding a depends on !libressl leads to a circular dependency then.

 With the choice, you need
	select BR2_PACKAGE_LIBSSL
	depends on !BR2_PACKAGE_LIBRESSL	
which hopefully isn't considered a circular dependency.


 Regarding BoringSSL, putting it as the third libssl provider looks like the way
to go to me.

 Regards,
 Arnout


> Even if all of this doesn't get implemented in the first series, I
> still would like to understand what the plan is.
> 
> Best regards,
> 
> Thomas
> 

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH v2 4/4] openssl: add libssl virtual package support

[Arnout Vandecappelle]

On 24-06-17 19:29, Adam Duskett wrote:
> openssl can provide libssl.
> 
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>

 For me, this can be squashed with the patch adding libssl, and the one adding
libressl support can be squashed with the patch adding libressl.

 Regards,
 Arnout

> ---
> Changes v1 -> v2:
>   - None.
> 
>  package/openssl/Config.in  | 4 ++++
>  package/openssl/openssl.mk | 1 +
>  2 files changed, 5 insertions(+)
> 
> diff --git a/package/openssl/Config.in b/package/openssl/Config.in
> index e08b648..d024cb4 100644
> --- a/package/openssl/Config.in
> +++ b/package/openssl/Config.in
> @@ -1,6 +1,7 @@
>  config BR2_PACKAGE_OPENSSL
>  	bool "openssl"
>  	select BR2_PACKAGE_ZLIB
> +	select BR2_PACKAGE_HAS_LIBSSL
>  	help
>  	  A collaborative effort to develop a robust, commercial-grade, fully
>  	  featured, and Open Source toolkit implementing the Secure Sockets
> @@ -13,6 +14,9 @@ config BR2_PACKAGE_OPENSSL
>  
>  if BR2_PACKAGE_OPENSSL
>  
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> +	default "openssl"
> +
>  config BR2_PACKAGE_OPENSSL_BIN
>  	bool "openssl binary"
>  	help
> diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
> index 5f56b44..c028290 100644
> --- a/package/openssl/openssl.mk
> +++ b/package/openssl/openssl.mk
> @@ -10,6 +10,7 @@ OPENSSL_LICENSE = OpenSSL or SSLeay
>  OPENSSL_LICENSE_FILES = LICENSE
>  OPENSSL_INSTALL_STAGING = YES
>  OPENSSL_DEPENDENCIES = zlib
> +OPENSSL_PROVIDES = libssl
>  HOST_OPENSSL_DEPENDENCIES = host-zlib
>  OPENSSL_TARGET_ARCH = generic32
>  OPENSSL_CFLAGS = $(TARGET_CFLAGS)
> 

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH v2 1/4] libressl: new package

[Arnout Vandecappelle]

 Since patches 1 and 2 need to be swapped anyway I'll give a few minor comments
as well.

On 24-06-17 19:28, Adam Duskett wrote:
> Libressl is a fork of openssl from OpenSSL in 2014.  Its goal is to
> modernize the OpenSSL codebase, improve security, and apply best
> practice development processes.
> 
> Right now, libressl is API compatible with OpenSSL 1.0.1, but does not
> yet include all new APIs from OpenSSL 1.0.2 and later.
> 
> This package has been tested with the following architectures and c
> libraries:
> 
> - armv4
> - aarch64
> - ppc
> - ppc64
> - ppc64le
> - x86_64
> - uClibc-ng
> - glibc 2.24
> - musl

 It's good to report this, but I don't think it makes much sense in the history
since it will be outdated very quickly. So for me it should be put below the ---
line.

> 
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[snip]
> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
> new file mode 100644
> index 0000000..9ffe964
> --- /dev/null
> +++ b/package/libressl/libressl.hash
> @@ -0,0 +1,2 @@
> +# From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
> +sha256	107a5b522fbb8318d4c3be668075e5e607296f0a9255d71674caa94571336efa	libressl-2.5.4.tar.gz
> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> new file mode 100644
> index 0000000..f315165
> --- /dev/null
> +++ b/package/libressl/libressl.mk
> @@ -0,0 +1,22 @@
> +################################################################################
> +#
> +# libressl
> +#
> +################################################################################
> +
> +LIBRESSL_VERSION = 2.5.4
> +LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
> +LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz

 This is the default so can be removed.

> +LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
> +LIBRESSL_LICENSE_FILES = COPYING
> +LIBRESSL_INSTALL_STAGING = YES
> +
> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
> +define LIBRESSL_REMOVE_BIN
> +	$(RM) -f $(TARGET_DIR)/usr/bin/openssl
> +endef
> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
> +endif
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))

 Since the host package isn't used, it shouldn't be added here. Or if you do
have a reason to provide the host package, please mention in the commit log.

 Regards,
 Arnout


-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH v2 1/4] libressl: new package

[Adam Duskett]

On Sun, Jun 25, 2017 at 6:46 AM, Arnout Vandecappelle <arnout@mind.be> wrote:
>  Since patches 1 and 2 need to be swapped anyway I'll give a few minor comments
> as well.
>
> On 24-06-17 19:28, Adam Duskett wrote:
>> Libressl is a fork of openssl from OpenSSL in 2014.  Its goal is to
>> modernize the OpenSSL codebase, improve security, and apply best
>> practice development processes.
>>
>> Right now, libressl is API compatible with OpenSSL 1.0.1, but does not
>> yet include all new APIs from OpenSSL 1.0.2 and later.
>>
>> This package has been tested with the following architectures and c
>> libraries:
>>
>> - armv4
>> - aarch64
>> - ppc
>> - ppc64
>> - ppc64le
>> - x86_64
>> - uClibc-ng
>> - glibc 2.24
>> - musl
>
>  It's good to report this, but I don't think it makes much sense in the history
> since it will be outdated very quickly. So for me it should be put below the ---
> line.
>
Can do.
>>
>> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> [snip]
>> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
>> new file mode 100644
>> index 0000000..9ffe964
>> --- /dev/null
>> +++ b/package/libressl/libressl.hash
>> @@ -0,0 +1,2 @@
>> +# From https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
>> +sha256       107a5b522fbb8318d4c3be668075e5e607296f0a9255d71674caa94571336efa        libressl-2.5.4.tar.gz
>> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
>> new file mode 100644
>> index 0000000..f315165
>> --- /dev/null
>> +++ b/package/libressl/libressl.mk
>> @@ -0,0 +1,22 @@
>> +################################################################################
>> +#
>> +# libressl
>> +#
>> +################################################################################
>> +
>> +LIBRESSL_VERSION = 2.5.4
>> +LIBRESSL_SITE = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
>> +LIBRESSL_SOURCE = libressl-$(LIBRESSL_VERSION).tar.gz
>
>  This is the default so can be removed.
>
Good to know! Will do this as well.
>> +LIBRESSL_LICENSE = ISC (New additions), OpenSSL or SSLeay (Original OpenSSL code)
>> +LIBRESSL_LICENSE_FILES = COPYING
>> +LIBRESSL_INSTALL_STAGING = YES
>> +
>> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
>> +define LIBRESSL_REMOVE_BIN
>> +     $(RM) -f $(TARGET_DIR)/usr/bin/openssl
>> +endef
>> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
>> +endif
>> +
>> +$(eval $(autotools-package))
>> +$(eval $(host-autotools-package))
>
>  Since the host package isn't used, it shouldn't be added here. Or if you do
> have a reason to provide the host package, please mention in the commit log.
>
I will provide host-virtual-package.  It was a oversight on my part.
>  Regards,
>  Arnout
>
>
> --
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

[Buildroot] [PATCH v2 1/4] libressl: new package

[Arnout Vandecappelle]

On 26-06-17 15:15, Adam Duskett wrote:
[snip]
>>> +$(eval $(autotools-package))
>>> +$(eval $(host-autotools-package))
>>  Since the host package isn't used, it shouldn't be added here. Or if you do
>> have a reason to provide the host package, please mention in the commit log.
>>
> I will provide host-virtual-package.  It was a oversight on my part.

 Hang on though: I'm not so sure we want host-libssl.

 There are some packages that currently depend on host-openssl while the target
package doesn't select openssl. For example, host-erlang (needed for host-rebar,
needed to build and install erlang/rebar packages) unconditionally depends on
host-openssl, but for the target erlang it's configurable. If such a package
really requires openssl and not libressl, it means that the host package can no
longer be built when libressl is selected. Worse yet, it can fail in weird ways,
because it is possible that both host-openssl and host-libressl are built and
then depending on the build order either one of them actually gets installed...

 Therefore, I think it's more appropriate to drop host-libssl (and
host-libressl), and always use openssl for the host packages. The only
disadvantage to this as far as I can see is that openssl takes a little longer
to build than libressl.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF