* [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Change the defaults to use openSSL
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-core/glib-networking/glib-networking_2.66.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
index 230932daf0..786de744cb 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.66.0.bb
@@ -11,7 +11,7 @@ DEPENDS = "glib-2.0"
SRC_URI[archive.sha256sum] = "c5d7be2437fdd196eebfb70c4517b96d3ba7ec13bd496318b8f02dea383e0099"
-PACKAGECONFIG ??= "gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls"
PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 22:03 ` [OE-core] " Armin Kuster
2021-04-18 8:16 ` [PATCH 4/6] curl: Use openssl backend Khem Raj
` (2 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use openSSL for TLS/SSL implementation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index cddcfb6811..16c5918522 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
DEPENDS = "dbus libnl"
RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "openssl"
PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
PACKAGECONFIG[openssl] = ",,openssl"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
@ 2021-04-18 22:03 ` Armin Kuster
2021-04-18 22:10 ` Richard Purdie
0 siblings, 1 reply; 9+ messages in thread
From: Armin Kuster @ 2021-04-18 22:03 UTC (permalink / raw)
To: Khem Raj, openembedded-core
On 4/18/21 1:16 AM, Khem Raj wrote:
> Use openSSL for TLS/SSL implementation
I wonder if leveraging the "virtual" framework might work here so that
openssl, gnutls or wolfssl (whatever) would trickle down and use the
same TLS/SSl package evenly across all recipes in a single image?
-armin
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
> meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> index cddcfb6811..16c5918522 100644
> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
> @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
> DEPENDS = "dbus libnl"
> RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
>
> -PACKAGECONFIG ??= "gnutls"
> +PACKAGECONFIG ??= "openssl"
> PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
> PACKAGECONFIG[openssl] = ",,openssl"
>
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 22:03 ` [OE-core] " Armin Kuster
@ 2021-04-18 22:10 ` Richard Purdie
2021-04-19 5:19 ` Khem Raj
0 siblings, 1 reply; 9+ messages in thread
From: Richard Purdie @ 2021-04-18 22:10 UTC (permalink / raw)
To: Armin Kuster, Khem Raj, openembedded-core
On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
>
> On 4/18/21 1:16 AM, Khem Raj wrote:
> > Use openSSL for TLS/SSL implementation
>
> I wonder if leveraging the "virtual" framework might work here so that
> openssl, gnutls or wolfssl (whatever) would trickle down and use the
> same TLS/SSl package evenly across all recipes in a single image?
The trouble is that each recipe has its own set of PACKAGECONFIG/depends
changes needed between a differing set of options so its going to be hard
to make one soultion which fits virutal/XXX as instead there are a list
of different options with differing priorities. Not sure how best to
handle it :/
Cheers,
Richard
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [OE-core] [PATCH 3/6] wpa-supplicant: Enable openssl
2021-04-18 22:10 ` Richard Purdie
@ 2021-04-19 5:19 ` Khem Raj
0 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-19 5:19 UTC (permalink / raw)
To: Richard Purdie
Cc: Armin Kuster, Patches and discussions about the oe-core layer
On Sun, Apr 18, 2021 at 3:10 PM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Sun, 2021-04-18 at 15:03 -0700, Armin Kuster wrote:
> >
> > On 4/18/21 1:16 AM, Khem Raj wrote:
> > > Use openSSL for TLS/SSL implementation
> >
> > I wonder if leveraging the "virtual" framework might work here so that
> > openssl, gnutls or wolfssl (whatever) would trickle down and use the
> > same TLS/SSl package evenly across all recipes in a single image?
>
> The trouble is that each recipe has its own set of PACKAGECONFIG/depends
> changes needed between a differing set of options so its going to be hard
> to make one soultion which fits virutal/XXX as instead there are a list
> of different options with differing priorities. Not sure how best to
> handle it :/
yeah perhaps a DISTRO_FEATURE could be the global knob to control it.
In most cases openssl is a sane choice
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 4/6] curl: Use openssl backend
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
2021-04-18 8:16 ` [PATCH 2/6] glib-networking: Prefer openssl backend instead of gnutls Khem Raj
2021-04-18 8:16 ` [PATCH 3/6] wpa-supplicant: Enable openssl Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends Khem Raj
2021-04-18 8:16 ` [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
use openssl instead of gnutls
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-support/curl/curl_7.76.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/curl/curl_7.76.0.bb b/meta/recipes-support/curl/curl_7.76.0.bb
index 634bbd72c2..db6318148f 100644
--- a/meta/recipes-support/curl/curl_7.76.0.bb
+++ b/meta/recipes-support/curl/curl_7.76.0.bb
@@ -20,7 +20,7 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
inherit autotools pkgconfig binconfig multilib_header
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
` (2 preceding siblings ...)
2021-04-18 8:16 ` [PATCH 4/6] curl: Use openssl backend Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
2021-04-18 8:16 ` [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use openssl by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
.../gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
index ce2082ee32..96f01391b4 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
@@ -28,8 +28,8 @@ PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'directfb vulkan', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'gl', '', d)} \
- bz2 closedcaption curl dash dtls hls rsvg sbc smoothstreaming sndfile \
- ttml uvch264 webp \
+ bz2 closedcaption curl dash dtls hls openssl rsvg sbc smoothstreaming \
+ sndfile ttml uvch264 webp \
"
PACKAGECONFIG[aom] = "-Daom=enabled,-Daom=disabled,aom"
@@ -45,7 +45,11 @@ PACKAGECONFIG[dtls] = "-Ddtls=enabled,-Ddtls=disabled,openssl"
PACKAGECONFIG[faac] = "-Dfaac=enabled,-Dfaac=disabled,faac"
PACKAGECONFIG[faad] = "-Dfaad=enabled,-Dfaad=disabled,faad2"
PACKAGECONFIG[fluidsynth] = "-Dfluidsynth=enabled,-Dfluidsynth=disabled,fluidsynth"
-PACKAGECONFIG[hls] = "-Dhls=enabled -Dhls-crypto=nettle,-Dhls=disabled,nettle"
+PACKAGECONFIG[hls] = "-Dhls=enabled,-Dhls=disabled,"
+# Pick atleast one crypto backend below when enabling hls
+PACKAGECONFIG[nettle] = "-Dhls-crypto=nettle,,nettle"
+PACKAGECONFIG[openssl] = "-Dhls-crypto=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "-Dhls-crypto=libgcrypt,,libgcrypt"
# the gl packageconfig enables OpenGL elements that haven't been ported
# to -base yet. They depend on the gstgl library in -base, so we do
# not add GL dependencies here, since these are taken care of in -base.
@@ -148,4 +152,3 @@ FILES_${PN}-freeverb += "${datadir}/gstreamer-1.0/presets/GstFreeverb.prs"
FILES_${PN}-opencv += "${datadir}/gst-plugins-bad/1.0/opencv*"
FILES_${PN}-transcode += "${datadir}/gstreamer-1.0/encoding-profiles"
FILES_${PN}-voamrwbenc += "${datadir}/gstreamer-1.0/presets/GstVoAmrwbEnc.prs"
-
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 6/6] libpsl: Add config knobs for runtime/builtin conversion choices
2021-04-18 8:16 [PATCH 1/6] cups: Turn gnutls into a packageconfig knob Khem Raj
` (3 preceding siblings ...)
2021-04-18 8:16 ` [PATCH 5/6] gstreamer1.0-plugins-bad: Add packageconfigs for hls crypto backends Khem Raj
@ 2021-04-18 8:16 ` Khem Raj
4 siblings, 0 replies; 9+ messages in thread
From: Khem Raj @ 2021-04-18 8:16 UTC (permalink / raw)
To: openembedded-core; +Cc: Khem Raj
Use libicu by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-support/libpsl/libpsl_0.21.1.bb | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-support/libpsl/libpsl_0.21.1.bb b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
index db4b3a5991..4fc0ad8acb 100644
--- a/meta/recipes-support/libpsl/libpsl_0.21.1.bb
+++ b/meta/recipes-support/libpsl/libpsl_0.21.1.bb
@@ -16,11 +16,10 @@ SRC_URI[sha256sum] = "ac6ce1e1fbd4d0254c4ddb9d37f1fa99dec83619c1253328155206b896
UPSTREAM_CHECK_URI = "https://github.com/rockdaboot/libpsl/releases"
-DEPENDS = "libidn2"
-
inherit autotools gettext gtk-doc manpages pkgconfig lib_package
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ?= "icu"
PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native"
-
+PACKAGECONFIG[icu] = "--enable-runtime=libicu --enable-builtin=libicu,,icu"
+PACKAGECONFIG[idn2] = "--enable-runtime=libidn2 --enable-builtin=libidn2,,libidn2 libunistring"
BBCLASSEXTEND = "native nativesdk"
--
2.31.1
^ permalink raw reply related [flat|nested] 9+ messages in thread