[PATCH] curl: Modify PACKAGECONFIG to enable openssl

[PATCH] curl: Modify PACKAGECONFIG to enable openssl

[Li xin]

Enabled openssl defalutly to use https, just like Ubuntu and Red Hat do.

Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
---
 meta/recipes-support/curl/curl_7.42.1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/curl/curl_7.42.1.bb b/meta/recipes-support/curl/curl_7.42.1.bb
index 8b0ccb8..ce39892 100644
--- a/meta/recipes-support/curl/curl_7.42.1.bb
+++ b/meta/recipes-support/curl/curl_7.42.1.bb
@@ -19,7 +19,7 @@ SRC_URI[sha256sum] = "e2905973391ec2dfd7743a8034ad10eeb58dab8b3a297e7892a41a7999
 
 inherit autotools pkgconfig binconfig multilib_header
 
-PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls zlib"
+PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} ssl zlib"
 PACKAGECONFIG_class-native = "ipv6 ssl zlib"
 PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"
 
@@ -36,6 +36,7 @@ EXTRA_OECONF = "--without-libidn \
                 --disable-ldap \
                 --disable-ldaps \
                 --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
+                --with-libssh2 \
 "
 # see https://lists.yoctoproject.org/pipermail/poky/2013-December/009435.html
 # We should ideally drop ac_cv_sizeof_off_t from site files but until then
-- 
1.8.4.2

Re: [PATCH] curl: Modify PACKAGECONFIG to enable openssl

[Anders Darander]

* Li xin <lixin.fnst@cn.fujitsu.com> [150612 05:41]:

> Enabled openssl defalutly to use https, just like Ubuntu and Red Hat do.

> Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
> ---

> -PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls zlib"
> +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} ssl zlib"

I think you need to motivate why you're changing from gnutls to ssl
(openssl) here.

Not that I'm personally against it. I've occasionally done the same
thing locally. But this is a change of the defaults, and the default
dependencies. Thus, it needs to have a good motivation.

>  PACKAGECONFIG_class-native = "ipv6 ssl zlib"
>  PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"

> @@ -36,6 +36,7 @@ EXTRA_OECONF = "--without-libidn \
>                  --disable-ldap \
>                  --disable-ldaps \
>                  --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
> +                --with-libssh2 \

NACK.

We have a PACKAGECONFIG för libssh2, which defaults to off. Do /not/
enable it directly in EXTRA_OECONF. This will break builds (at least
the determinism of builds).

Cheers,
Anders

-- 
Anders Darander
ChargeStorm AB / eStorm AB

Re: [PATCH] curl: Modify PACKAGECONFIG to enable openssl

[Li, Xin]

> -----Original Message-----
> From: Anders Darander [mailto:anders@chargestorm.se]
> Sent: Friday, June 12, 2015 4:29 PM
> To: Li, Xin/李 欣
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH] curl: Modify PACKAGECONFIG to enable openssl
> 
> * Li xin <lixin.fnst@cn.fujitsu.com> [150612 05:41]:
> 
> > Enabled openssl defalutly to use https, just like Ubuntu and Red Hat do.
> 
> > Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
> > ---
> 
> > -PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> "", d)} gnutls zlib"
> > +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> "", d)} ssl zlib"
> 
> I think you need to motivate why you're changing from gnutls to ssl
> (openssl) here.

> Not that I'm personally against it. I've occasionally done the same thing locally. But
> this is a change of the defaults, and the default dependencies. Thus, it needs to
> have a good motivation.

Thank you for your reply.
Yes, the motivation is not clear here. I will do some additional test and then add much more comments.
 
> >  PACKAGECONFIG_class-native = "ipv6 ssl zlib"
> >  PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"
> 
> > @@ -36,6 +36,7 @@ EXTRA_OECONF = "--without-libidn \
> >                  --disable-ldap \
> >                  --disable-ldaps \
> >
> > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
> > +                --with-libssh2 \
> 
> NACK.
> 
> We have a PACKAGECONFIG för libssh2, which defaults to off. Do /not/ enable it
> directly in EXTRA_OECONF. This will break builds (at least the determinism of
> builds).

May be it is not right.
I will send patch V2.

Cheers,
Li xin

Re: [PATCH] curl: Modify PACKAGECONFIG to enable openssl

[Li, Xin]

Hi, Anders

Thanks for your replay.

> Subject: Re: [OE-core] [PATCH] curl: Modify PACKAGECONFIG to enable openssl
> 
> * Li xin <lixin.fnst@cn.fujitsu.com> [150612 05:41]:
> 
> > Enabled openssl defalutly to use https, just like Ubuntu and Red Hat do.
> 
> > Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
> > ---
> 
> > -PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> "", d)} gnutls zlib"
> > +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> "", d)} ssl zlib"
> 
> I think you need to motivate why you're changing from gnutls to ssl
> (openssl) here.
> 
> Not that I'm personally against it. I've occasionally done the same thing locally. But
> this is a change of the defaults, and the default dependencies. Thus, it needs to
> have a good motivation.

The motivation is as following:
Curl depends on gnutls and gnutls depends on gmp, but the LICENSE of gmp is LGPLv3.
If the users do not want to use the LGPLv3 recipes(the rpm of gmp is not be installed), there will be an error when using https.
Such as:
----------------
# curl -k https://192.168.246.1
curl: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory 
----------------
But after changing gnutls to ssl in PACKAGECONFIG, there will be no errors.

> 
> >  PACKAGECONFIG_class-native = "ipv6 ssl zlib"
> >  PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"
> 
> > @@ -36,6 +36,7 @@ EXTRA_OECONF = "--without-libidn \
> >                  --disable-ldap \
> >                  --disable-ldaps \
> >
> > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
> > +                --with-libssh2 \
> 
> NACK.
> 
> We have a PACKAGECONFIG för libssh2, which defaults to off. Do /not/ enable it
> directly in EXTRA_OECONF. This will break builds (at least the determinism of
> builds).
> 
Yes.
Enabling -with-libssh2 in EXTRA_OECONF is not right.
My goal is to let sftp supported by curl, by adding libssh2 in PACKAGECONFIG.
But libssh2 is not in OE-core by default. 
And I think there may be someone else want to use libssh2.
So how about moving libssh2 recipe from Meta-oe to OE-core? :)

Thank you very much.

Regards,
Li

Re: [PATCH] curl: Modify PACKAGECONFIG to enable openssl

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3115 bytes --]

On Thu, Jul 16, 2015 at 03:54:04AM +0000, Li, Xin wrote:
> Hi, Anders
> 
> Thanks for your replay.
> 
> > Subject: Re: [OE-core] [PATCH] curl: Modify PACKAGECONFIG to enable openssl
> > 
> > * Li xin <lixin.fnst@cn.fujitsu.com> [150612 05:41]:
> > 
> > > Enabled openssl defalutly to use https, just like Ubuntu and Red Hat do.
> > 
> > > Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
> > > ---
> > 
> > > -PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> > "", d)} gnutls zlib"
> > > +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6",
> > "", d)} ssl zlib"
> > 
> > I think you need to motivate why you're changing from gnutls to ssl
> > (openssl) here.
> > 
> > Not that I'm personally against it. I've occasionally done the same thing locally. But
> > this is a change of the defaults, and the default dependencies. Thus, it needs to
> > have a good motivation.
> 
> The motivation is as following:
> Curl depends on gnutls and gnutls depends on gmp, but the LICENSE of gmp is LGPLv3.
> If the users do not want to use the LGPLv3 recipes(the rpm of gmp is not be installed), there will be an error when using https.
> Such as:
> ----------------
> # curl -k https://192.168.246.1
> curl: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory 
> ----------------
> But after changing gnutls to ssl in PACKAGECONFIG, there will be no errors.

What about returning gmp v4.2.1 which was last LGPLv2 version?

This says, it's OK to remove v4.2.1, because v6.0.0 is dual licensed:
http://git.openembedded.org/openembedded-core/commit/?id=f181c6ce8b364fbf761a456d998ab78fbd751f35

but it's dual licensed under GPLv2+ | LGPLv3+ and using GPLv2 libraries
isn't acceptable by some projects.

So I would vote for returning v4.2.1.

> > 
> > >  PACKAGECONFIG_class-native = "ipv6 ssl zlib"
> > >  PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"
> > 
> > > @@ -36,6 +36,7 @@ EXTRA_OECONF = "--without-libidn \
> > >                  --disable-ldap \
> > >                  --disable-ldaps \
> > >
> > > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
> > > +                --with-libssh2 \
> > 
> > NACK.
> > 
> > We have a PACKAGECONFIG för libssh2, which defaults to off. Do /not/ enable it
> > directly in EXTRA_OECONF. This will break builds (at least the determinism of
> > builds).
> > 
> Yes.
> Enabling -with-libssh2 in EXTRA_OECONF is not right.
> My goal is to let sftp supported by curl, by adding libssh2 in PACKAGECONFIG.
> But libssh2 is not in OE-core by default. 
> And I think there may be someone else want to use libssh2.
> So how about moving libssh2 recipe from Meta-oe to OE-core? :)
> 
> Thank you very much.
> 
> Regards,
> Li
> 
> -- 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]