On 6 April 2017 at 12:23, David Vincent <freesilicon@gmail.com> wrote:
>
> On mercredi 5 avril 2017 09:30:52 CEST Jussi Kukkonen wrote:
> > This apparently breaks key generation with openssl-native because the file
> > doesn't exist.
>
> Looking at the recipe right now, I understand why key generation is broken for
> native build (I should have been more careful). I see two ways of fixing it :
>         - either recreate the symlink in do_install_append_class_native
>         - or simply modifiyng the OPENSSL_CONF variable in the same task.
>
> >
> > I can fix it by adding one more complication to the recipe (will send a
> > patch) but I don't think the current solution is all that great: I've been
> > looking at this patch for a while now and still don't really understand why
> > it is needed and how these different packages interact. I'm sure it makes
> > sense when you look at the other recipe but ... isn't it a bad sign that
> > that context seems to be needed?
>
> OK, I will provide some context because maybe my approach was wrong. In some
> of my builds, I require some images to have a very specific configuration to
> make OpenSSL use engines. My idea was to provide a package for this task since
> the default file can not be overridden (and in fact shouldn't be for the native
> build).


So previously openssl-conf package included etc/ssl/openssl.cnf and the symlink ${libdir}/ssl/openssl.conf. Nothing RDEPENDS on this package (but libcrypto RRECOMMENDS it).

After your patch the actual configuration file is still installed. In a postinst
  * ${libdir}/ssl/openssl.conf is removed if it exists (why? If it's for upgrading, then this should happen in a prerm or postrm)
  * the symlink ${libdir}/ssl/openssl.conf is created