* [PATCH] curl: Update tls backend PACKAGECONFIG options
@ 2021-09-24 16:00 Tom Pollard
2021-09-25 21:43 ` [OE-core] " Richard Purdie
0 siblings, 1 reply; 4+ messages in thread
From: Tom Pollard @ 2021-09-24 16:00 UTC (permalink / raw)
To: openembedded-core; +Cc: Tom Pollard
curl 7.77.0 made the tls backend configuration explicit. openssl
is now a specific option replacing the default `--with-ssl`, and
`--without-ssl` is required to build without any tls, overriding any
other tls config. Adding 'without-ssl` as a mutually exclusive
option against the existing tls options should prevent users
silently disabling other enabled tls backends.
https://curl.se/changes.html#7_77_0
Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
---
meta/recipes-support/curl/curl_7.78.0.bb | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb
index dece0babb2..315755c9b1 100644
--- a/meta/recipes-support/curl/curl_7.78.0.bb
+++ b/meta/recipes-support/curl/curl_7.78.0.bb
@@ -20,16 +20,17 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
inherit autotools pkgconfig binconfig multilib_header
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
-PACKAGECONFIG:class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
-PACKAGECONFIG:class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} openssl libidn proxy threaded-resolver verbose zlib"
+PACKAGECONFIG:class-native = "ipv6 proxy openssl threaded-resolver verbose zlib"
+PACKAGECONFIG:class-nativesdk = "ipv6 proxy openssl threaded-resolver verbose zlib"
# 'ares' and 'threaded-resolver' are mutually exclusive
+# 'without-ssl' explicitly disables tls, silently overriding other tls config and is required if no backend(s) are configured
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
-PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,without-ssl"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
@@ -39,7 +40,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
-PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
+PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls,,,without-ssl"
PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
@@ -48,12 +49,13 @@ PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
-PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
-PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
+PACKAGECONFIG[openssl] = "--with-openssl --with-random=/dev/urandom,,openssl,,,without-ssl"
+PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss,,,without-ssl"
PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
+PACKAGECONFIG[without-ssl] = "--without-ssl,,,,,gnutls mbedtls openssl nss"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
EXTRA_OECONF = " \
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] curl: Update tls backend PACKAGECONFIG options
2021-09-24 16:00 [PATCH] curl: Update tls backend PACKAGECONFIG options Tom Pollard
@ 2021-09-25 21:43 ` Richard Purdie
2021-09-27 11:36 ` Tom Pollard
0 siblings, 1 reply; 4+ messages in thread
From: Richard Purdie @ 2021-09-25 21:43 UTC (permalink / raw)
To: Tom Pollard, openembedded-core; +Cc: Joshua Watt
On Fri, 2021-09-24 at 17:00 +0100, Tom Pollard wrote:
> curl 7.77.0 made the tls backend configuration explicit. openssl
> is now a specific option replacing the default `--with-ssl`, and
> `--without-ssl` is required to build without any tls, overriding any
> other tls config. Adding 'without-ssl` as a mutually exclusive
> option against the existing tls options should prevent users
> silently disabling other enabled tls backends.
>
> https://curl.se/changes.html#7_77_0
>
> Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
> ---
> meta/recipes-support/curl/curl_7.78.0.bb | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb
> index dece0babb2..315755c9b1 100644
> --- a/meta/recipes-support/curl/curl_7.78.0.bb
> +++ b/meta/recipes-support/curl/curl_7.78.0.bb
> @@ -20,16 +20,17 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
>
> inherit autotools pkgconfig binconfig multilib_header
>
> -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
> -PACKAGECONFIG:class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
> -PACKAGECONFIG:class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
> +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} openssl libidn proxy threaded-resolver verbose zlib"
> +PACKAGECONFIG:class-native = "ipv6 proxy openssl threaded-resolver verbose zlib"
> +PACKAGECONFIG:class-nativesdk = "ipv6 proxy openssl threaded-resolver verbose zlib"
>
> # 'ares' and 'threaded-resolver' are mutually exclusive
> +# 'without-ssl' explicitly disables tls, silently overriding other tls config and is required if no backend(s) are configured
> PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
> PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
> PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
> PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
> -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
> +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,without-ssl"
> PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
> PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
> @@ -39,7 +40,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
> PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
> PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
> PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
> -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
> +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls,,,without-ssl"
> PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
> PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
> PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
> @@ -48,12 +49,13 @@ PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
> PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
> PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
> PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
> -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
> -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
> +PACKAGECONFIG[openssl] = "--with-openssl --with-random=/dev/urandom,,openssl,,,without-ssl"
> +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss,,,without-ssl"
> PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
> PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
> PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
> PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
> +PACKAGECONFIG[without-ssl] = "--without-ssl,,,,,gnutls mbedtls openssl nss"
> PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
>
> EXTRA_OECONF = " \
I think this change breaks mingw:
https://autobuilder.yoctoproject.org/typhoon/#/builders/89/builds/4055
Cheers,
Richard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] curl: Update tls backend PACKAGECONFIG options
2021-09-25 21:43 ` [OE-core] " Richard Purdie
@ 2021-09-27 11:36 ` Tom Pollard
2021-09-27 12:10 ` Joshua Watt
0 siblings, 1 reply; 4+ messages in thread
From: Tom Pollard @ 2021-09-27 11:36 UTC (permalink / raw)
To: Richard Purdie, openembedded-core; +Cc: Joshua Watt
Hi Richard,
On 25/09/2021 22:43, Richard Purdie wrote:
> On Fri, 2021-09-24 at 17:00 +0100, Tom Pollard wrote:
>> curl 7.77.0 made the tls backend configuration explicit. openssl
>> is now a specific option replacing the default `--with-ssl`, and
>> `--without-ssl` is required to build without any tls, overriding any
>> other tls config. Adding 'without-ssl` as a mutually exclusive
>> option against the existing tls options should prevent users
>> silently disabling other enabled tls backends.
>>
>> https://curl.se/changes.html#7_77_0
>>
>> Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
>> ---
>> meta/recipes-support/curl/curl_7.78.0.bb | 16 +++++++++-------
>> 1 file changed, 9 insertions(+), 7 deletions(-)
>>
>> diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb
>> index dece0babb2..315755c9b1 100644
>> --- a/meta/recipes-support/curl/curl_7.78.0.bb
>> +++ b/meta/recipes-support/curl/curl_7.78.0.bb
>> @@ -20,16 +20,17 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan
>>
>> inherit autotools pkgconfig binconfig multilib_header
>>
>> -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} ssl libidn proxy threaded-resolver verbose zlib"
>> -PACKAGECONFIG:class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
>> -PACKAGECONFIG:class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
>> +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} openssl libidn proxy threaded-resolver verbose zlib"
>> +PACKAGECONFIG:class-native = "ipv6 proxy openssl threaded-resolver verbose zlib"
>> +PACKAGECONFIG:class-nativesdk = "ipv6 proxy openssl threaded-resolver verbose zlib"
>>
>> # 'ares' and 'threaded-resolver' are mutually exclusive
>> +# 'without-ssl' explicitly disables tls, silently overriding other tls config and is required if no backend(s) are configured
>> PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
>> PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
>> PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
>> PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
>> -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
>> +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls,,,without-ssl"
>> PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
>> PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
>> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
>> @@ -39,7 +40,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
>> PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
>> PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
>> PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
>> -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
>> +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls,,,without-ssl"
>> PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
>> PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
>> PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
>> @@ -48,12 +49,13 @@ PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
>> PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
>> PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
>> PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
>> -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
>> -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
>> +PACKAGECONFIG[openssl] = "--with-openssl --with-random=/dev/urandom,,openssl,,,without-ssl"
>> +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss,,,without-ssl"
>> PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
>> PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
>> PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
>> PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
>> +PACKAGECONFIG[without-ssl] = "--without-ssl,,,,,gnutls mbedtls openssl nss"
>> PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
>>
>> EXTRA_OECONF = " \
>
> I think this change breaks mingw:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/89/builds/4055
It looks like the append in meta-mingw will need updating to align with
the changing the 'ssl' package option to 'openssl' and additionally the
requirement of explicitly adding the 'without-ssl' option to achieve the
old behavior:
http://git.yoctoproject.org/cgit.cgi/meta-mingw/tree/recipes-support/curl/curl_%25.bbappend
How would I go about synchronizing the change? I guess this also
highlights that it could be a breaking change to other meta layers that
append curl.
Enforcing the mutual exclusivity of the `without-ssl` option is also
something that be considered to deem if it is necessary, or should it
be left to the integrator to understand the change in behavior if the
option is selected whilst other ssl options are also included.
Regards,
Tom
> Cheers,
>
> Richard
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#156357): https://lists.openembedded.org/g/openembedded-core/message/156357
> Mute This Topic: https://lists.openembedded.org/mt/85842512/2167528
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [tom.pollard@codethink.co.uk]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
https://www.codethink.co.uk/privacy.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH] curl: Update tls backend PACKAGECONFIG options
2021-09-27 11:36 ` Tom Pollard
@ 2021-09-27 12:10 ` Joshua Watt
0 siblings, 0 replies; 4+ messages in thread
From: Joshua Watt @ 2021-09-27 12:10 UTC (permalink / raw)
To: Tom Pollard; +Cc: Richard Purdie, OE-core
[-- Attachment #1: Type: text/plain, Size: 6122 bytes --]
On Mon, Sep 27, 2021, 6:36 AM Tom Pollard <tom.pollard@codethink.co.uk>
wrote:
> Hi Richard,
>
> On 25/09/2021 22:43, Richard Purdie wrote:
> > On Fri, 2021-09-24 at 17:00 +0100, Tom Pollard wrote:
> >> curl 7.77.0 made the tls backend configuration explicit. openssl
> >> is now a specific option replacing the default `--with-ssl`, and
> >> `--without-ssl` is required to build without any tls, overriding any
> >> other tls config. Adding 'without-ssl` as a mutually exclusive
> >> option against the existing tls options should prevent users
> >> silently disabling other enabled tls backends.
> >>
> >> https://curl.se/changes.html#7_77_0
> >>
> >> Signed-off-by: Tom Pollard <tom.pollard@codethink.co.uk>
> >> ---
> >> meta/recipes-support/curl/curl_7.78.0.bb | 16 +++++++++-------
> >> 1 file changed, 9 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/meta/recipes-support/curl/curl_7.78.0.bb
> b/meta/recipes-support/curl/curl_7.78.0.bb
> >> index dece0babb2..315755c9b1 100644
> >> --- a/meta/recipes-support/curl/curl_7.78.0.bb
> >> +++ b/meta/recipes-support/curl/curl_7.78.0.bb
> >> @@ -20,16 +20,17 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl
> curl:libcurl libcurl:libcurl dan
> >>
> >> inherit autotools pkgconfig binconfig multilib_header
> >>
> >> -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}
> ssl libidn proxy threaded-resolver verbose zlib"
> >> -PACKAGECONFIG:class-native = "ipv6 proxy ssl threaded-resolver verbose
> zlib"
> >> -PACKAGECONFIG:class-nativesdk = "ipv6 proxy ssl threaded-resolver
> verbose zlib"
> >> +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}
> openssl libidn proxy threaded-resolver verbose zlib"
> >> +PACKAGECONFIG:class-native = "ipv6 proxy openssl threaded-resolver
> verbose zlib"
> >> +PACKAGECONFIG:class-nativesdk = "ipv6 proxy openssl threaded-resolver
> verbose zlib"
> >>
> >> # 'ares' and 'threaded-resolver' are mutually exclusive
> >> +# 'without-ssl' explicitly disables tls, silently overriding other tls
> config and is required if no backend(s) are configured
> >> PACKAGECONFIG[ares] =
> "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
> >> PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
> >> PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
> >> PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
> >> -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
> >> +PACKAGECONFIG[gnutls] =
> "--with-gnutls,--without-gnutls,gnutls,,,without-ssl"
> >> PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
> >> PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
> >> PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
> >> @@ -39,7 +40,7 @@ PACKAGECONFIG[ldaps] =
> "--enable-ldaps,--disable-ldaps,"
> >> PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
> >> PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
> >> PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
> >> -PACKAGECONFIG[mbedtls] =
> "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
> >> +PACKAGECONFIG[mbedtls] =
> "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls,,,without-ssl"
> >> PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
> >> PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
> >> PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
> >> @@ -48,12 +49,13 @@ PACKAGECONFIG[rtmpdump] =
> "--with-librtmp,--without-librtmp,rtmpdump"
> >> PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
> >> PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
> >> PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
> >> -PACKAGECONFIG[ssl] = "--with-ssl
> --with-random=/dev/urandom,--without-ssl,openssl"
> >> -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
> >> +PACKAGECONFIG[openssl] = "--with-openssl
> --with-random=/dev/urandom,,openssl,,,without-ssl"
> >> +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss,,,without-ssl"
> >> PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
> >> PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
> >> PACKAGECONFIG[threaded-resolver] =
> "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
> >> PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
> >> +PACKAGECONFIG[without-ssl] = "--without-ssl,,,,,gnutls mbedtls openssl
> nss"
> >> PACKAGECONFIG[zlib] =
> "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
> >>
> >> EXTRA_OECONF = " \
> >
> > I think this change breaks mingw:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/89/builds/4055
>
> It looks like the append in meta-mingw will need updating to align with
> the changing the 'ssl' package option to 'openssl' and additionally the
> requirement of explicitly adding the 'without-ssl' option to achieve the
> old behavior:
>
>
> http://git.yoctoproject.org/cgit.cgi/meta-mingw/tree/recipes-support/curl/curl_%25.bbappend
>
> How would I go about synchronizing the change? I guess this also
> highlights that it could be a breaking change to other meta layers that
> append curl.
>
Submit the patch to meta-mingw; now that Richard and I know to look for it
we will make sure it is synchronized
> Enforcing the mutual exclusivity of the `without-ssl` option is also
> something that be considered to deem if it is necessary, or should it
> be left to the integrator to understand the change in behavior if the
> option is selected whilst other ssl options are also included.
>
> Regards,
>
> Tom
>
> > Cheers,
> >
> > Richard
> >
> >
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#156357):
> https://lists.openembedded.org/g/openembedded-core/message/156357
> > Mute This Topic: https://lists.openembedded.org/mt/85842512/2167528
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> tom.pollard@codethink.co.uk]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
> --
> https://www.codethink.co.uk/privacy.html
>
[-- Attachment #2: Type: text/html, Size: 9407 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-27 12:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-24 16:00 [PATCH] curl: Update tls backend PACKAGECONFIG options Tom Pollard
2021-09-25 21:43 ` [OE-core] " Richard Purdie
2021-09-27 11:36 ` Tom Pollard
2021-09-27 12:10 ` Joshua Watt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.