[PATCH] openvswitch: Turn off ssl integration by default

[PATCH] openvswitch: Turn off ssl integration by default

[Jason Wessel]

The openssl library is an optional component for the openvswitch.  The
problem with it enabled by default is that it will consume system
entropy to try to initialize the openssl library even though we are not
using it by default.  With the 4.16 kernel and up there is not always
enough entropy available at the early boot time which can cause a
lengthy stall, while waiting to initialize the openvswitch.

If ssl is needed, it can of course be turned on with the package
config option "ssl".

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
---
 recipes-networking/openvswitch/openvswitch_git.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
index 4a6002a..4cd82d7 100644
--- a/recipes-networking/openvswitch/openvswitch_git.bb
+++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -40,6 +40,7 @@ DPDK_INSTALL_DIR ?= "/opt/dpdk"
 PACKAGECONFIG ?= "libcap-ng"
 PACKAGECONFIG[dpdk] = "--with-dpdk=${STAGING_DIR_TARGET}${DPDK_INSTALL_DIR}/share/${TARGET_ARCH}-native-linuxapp-gcc,,dpdk,dpdk"
 PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng,"
+PACKAGECONFIG[ssl] = ",--disable-ssl,openssl,"
 
 # Don't compile kernel modules by default since it heavily depends on
 # kernel version. Use the in-kernel module for now.
-- 
2.17.1

Re: [PATCH] openvswitch: Turn off ssl integration by default

[Bruce Ashfield]

merged.

Bruce

On Wed, Sep 5, 2018 at 6:44 PM, Jason Wessel <jason.wessel@windriver.com> wrote:
> The openssl library is an optional component for the openvswitch.  The
> problem with it enabled by default is that it will consume system
> entropy to try to initialize the openssl library even though we are not
> using it by default.  With the 4.16 kernel and up there is not always
> enough entropy available at the early boot time which can cause a
> lengthy stall, while waiting to initialize the openvswitch.
>
> If ssl is needed, it can of course be turned on with the package
> config option "ssl".
>
> Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
> ---
>  recipes-networking/openvswitch/openvswitch_git.bb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
> index 4a6002a..4cd82d7 100644
> --- a/recipes-networking/openvswitch/openvswitch_git.bb
> +++ b/recipes-networking/openvswitch/openvswitch_git.bb
> @@ -40,6 +40,7 @@ DPDK_INSTALL_DIR ?= "/opt/dpdk"
>  PACKAGECONFIG ?= "libcap-ng"
>  PACKAGECONFIG[dpdk] = "--with-dpdk=${STAGING_DIR_TARGET}${DPDK_INSTALL_DIR}/share/${TARGET_ARCH}-native-linuxapp-gcc,,dpdk,dpdk"
>  PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng,"
> +PACKAGECONFIG[ssl] = ",--disable-ssl,openssl,"
>
>  # Don't compile kernel modules by default since it heavily depends on
>  # kernel version. Use the in-kernel module for now.
> --
> 2.17.1
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization



-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"