From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id 008BBE00CFD; Mon, 9 Jul 2018 07:31:11 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-HAM-Report: * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider * (alex.kanavin[at]gmail.com) * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no * trust * [209.85.218.50 listed in list.dnswl.org] * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Received: from mail-oi0-f50.google.com (mail-oi0-f50.google.com [209.85.218.50]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id 89B70E006B3 for ; Mon, 9 Jul 2018 07:31:10 -0700 (PDT) Received: by mail-oi0-f50.google.com with SMTP id s198-v6so36230815oih.11 for ; Mon, 09 Jul 2018 07:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=auRmntCefU/7ghNgtbOdiibL/eIw5YNEiVV9XW4AgSA=; b=FR4L3GLTK1alpzV2YZKL5WUk6kCf6AOuNbsxcDssl+qQPfEUZdC4uehlc2HCQZWwBo UxUlq2io9DxN5yyCcsKx8NN3N837Mx0E91fRP5WpK41XdSbaPYxnlvOCy7yyQoHczJdR qQLT206RXC/xiCYpkDv138KgV9T5ZVKmM/2dIQC20jYXCHO//gOl8sL92/XXRlSo8YOS 9asqkGGLmuOfMzDaWGdXm1+bcTf5O+4cLtAKDK0Wp9jOLHak+Lp4uF+jsmHz51SNt72S gOUYXiWA62yF85ob/qu7IyF2dk2oEw8DHHTXLYkpN7kabZ5RuF8wH0Wp2FK1rzRIJgyz GgbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=auRmntCefU/7ghNgtbOdiibL/eIw5YNEiVV9XW4AgSA=; b=N3pVSFqekdmkpI8XBhkPBHqbDL2EWKs48X9yqhXwRcQh+MKdZxjcG8OrENdLwu8RxY eNTk4nKD5CTYoUubij/J5LYrDDY+n3tqtnRQ3PFBtBGYli3i9kYK1gBtbDrhZIYJ4x+h jKux/1NG62qZdyWE7biWrogaD7Tlw4LsRiSNelTZYUvQLIqwRNJwOBCLBWeXykLtJRVv Rl5cLNhmHScPI7k7XXPOEourzNOVJi/+Lf/ztTgGM+cSV2HYGSZXUWriEgpUwrZOSW9X XsnYwWofLN5aBNK6pP+s8YUj0O9GhXOrYwlttM2FMvVrxWjYzJVAhJf1073Im4XPM6SO fR2A== X-Gm-Message-State: APt69E1xY3hj6vxTL7AnS6m2ekZ1Vq8JXpCBIGBl4AccG3s3H2oIeaIU Nr0yuTWu2g03UdPtStNWlikiyG2sFvdNO6M9dVo= X-Google-Smtp-Source: AAOMgpdLHCNt1vp9vanvQstUEP0eod63Od6rTfACu4U6HOlwT8FuqIJJ6pguR3sFSzCEZZyrFJVSQkcRk2VrAVFUFzY= X-Received: by 2002:aca:b7c3:: with SMTP id h186-v6mr21401168oif.54.1531146669815; Mon, 09 Jul 2018 07:31:09 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4a:90c5:0:0:0:0:0 with HTTP; Mon, 9 Jul 2018 07:31:09 -0700 (PDT) In-Reply-To: References: From: Alexander Kanavin Date: Mon, 9 Jul 2018 16:31:09 +0200 Message-ID: To: Raymond Yeung Cc: "yocto@yoctoproject.org" Subject: Re: How to remove openssl from sysroots X-BeenThere: yocto@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Discussion of all things Yocto Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2018 14:31:12 -0000 Content-Type: multipart/alternative; boundary="0000000000005a7a95057091dd4e" --0000000000005a7a95057091dd4e Content-Type: text/plain; charset="UTF-8" Just fix the build issue. Look into how opensslconf.h gets created and where the -32 suffix comes from and why the included file is absent. Seriously - that is less effort than trying to make Yocto do what it really was not designed for, and certainly takes less than one week to resolve. Also, you do not have to use core-image-minimal or -sato, or any of the standard images, if they pull in things that you do not want. Write your own image recipe, and specify there precisely what you want. Alex 2018-07-09 2:32 GMT+02:00 Raymond Yeung : > > + yocto mailing list. > > ------------------------------ > *From:* Raymond Yeung > *Sent:* Sunday, July 8, 2018 5:31 PM > *To:* Burton, Ross > *Subject:* Re: [yocto] How to remove openssl from sysroots > > > We're not going to integrate everything into one homogeneous package. > Poky and BSP would be together. Then, we've application codes that we'd > build in the same old way with SCONs the way we do before. The two parts > would link together. > > > And we do have a number of 3rd party vendor packages beside openssl. > Currently, the issue with openssl is that, we run into build issue with the > version we got in 2016 release. See this: > > > > > In file included from /volume/tools/x86_64_linux. > x86_64/2.1.3/sysroots/corei7-64-poky-linux/usr/include/openssl/evp.h:66:0, > > from src/infra/utils/obf/cv_obfuscate.c:20: > > /volume/tools/x86_64_linux.x86_64/2.1.3/sysroots/corei7- > 64-poky-linux/usr/include/openssl/opensslconf.h:41:36: fatal error: > openssl/opensslconf-32.h: No such file or directory > > We plan to use 64-bit kernel, and 32-bit applications. Perhaps that > explains the issue above. We don't want to spend a lot of effort doing > porting simply because we adopt Yocto. So ideally, if we could remove > what's in Yocto, we could integrate our apps with our own openssl; no > changes, including upgrade, would be needed. We'd upgrade when we're > ready. > > Another question from my team is why the "minimal" package includes > connectivity, which includes openssl? > > Raymond > > ------------------------------ > *From:* Burton, Ross > *Sent:* Sunday, July 8, 2018 1:06 AM > > *To:* Raymond Yeung > *Cc:* yocto@yoctoproject.org > *Subject:* Re: [yocto] How to remove openssl from sysroots > > I strongly recommend you just write a recipe that builds openssl as you > wish, instead of building it out of the build system and somehow getting it > into the images. The problem is that how do you intend to build software > against openssl if it can't link to the one in oe-core (as you don't want > it) or your custom one (because it doesn't exist yet). > > The workaround - which is horrible - would be to use a rootfs postprocess > hook to forcibly remove the openssl packages from the rootfs, and then drop > in your own files. > > Ross > > On 8 July 2018 at 07:14, Raymond Yeung wrote: > > We have a shell script that builds openssl. It uses the native makefiles > from the open source project. There's no recipe. I suppose we define a > recipe for this out-of-tree sources. > > > Still, if we could yank out embedded openssl easily, that would be the > best. > > > Raymond > > > ------------------------------ > *From:* Burton, Ross > *Sent:* Saturday, July 7, 2018 3:41 PM > *To:* Raymond Yeung > *Cc:* yocto@yoctoproject.org > *Subject:* Re: [yocto] How to remove openssl from sysroots > > Presumably you've a recipe for the vendor openssl. If it has the same > name but is a different version then just set PREFERRED_VERSION. If > it has a different name too, it should PROVIDE openssl and you can > just set PREFERRED_PROVIDER. > > If it doesn't do either of those things, then it is broken. > > Ross > > On 6 July 2018 at 23:06, Raymond Yeung wrote: > > I've changed the subject heading to make it more specific to our problem. > > Hopefully this generates some responses. > > > > > > It has been blocking us for close to one week now. We want to use our > 3rd > > party vendor openssl, not the one that comes with the source. > Apparently, > > even with "minimal" instead of "base" or "sato" cannot exclude it. > > > > > > Any idea [e.g. how do we systematically find out how it's included now, > and > > possibly what other packages/recipes we may also need to remove due to > > dependency]? > > > > > > Thanks, > > > > Raymond > > > > > > > > ________________________________ > > From: Raymond Yeung > > Sent: Monday, July 2, 2018 11:05 PM > > To: yocto@yoctoproject.org > > Subject: How to remove a package from a build > > > > > > We've our own non-yocto openssl that we want to use. At the moment, > we're > > using "sato" image, rather than "minimal" and includes its openssl that > is > > out-of-date. What is the best way to exclude it from our image (and from > > sysroots)? > > > > > > We have thought about two ideas - > > > > > > Use smaller image like core-image-base, or core-image-full-cmdline (but > not > > -minimal that may remove too much functionality). > > Use INSTALL_IMAGE_remove += " openssl" > > > > > > Would either one work? Also, how do I follow the .bb files etc (e.g. > > starting from the one for sato) to trace down which sub-package includes > > openssl? > > > > > > Thanks, > > > > Raymond > > > > > > -- > > _______________________________________________ > > yocto mailing list > > yocto@yoctoproject.org > > https://lists.yoctoproject.org/listinfo/yocto > yocto Info Page > lists.yoctoproject.org > Discussion of all things about the Yocto Project. Read our Community > Guidelines or learn more about how to participate in other community > discussions. Subscribe before posting to bypass moderation. > > > > > > > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > > --0000000000005a7a95057091dd4e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Just fix the build issue. Look into how opensslconf.h= gets created and where the -32 suffix comes from and why the included file= is absent.

Seriously - that is less effort t= han trying to make Yocto do what it really was not designed for, and certai= nly takes less than one week to resolve.

Also, you= do not have to use core-image-minimal or -sato, or any of the standard ima= ges, if they pull in things that you do not want. Write your own image reci= pe, and specify there precisely what you want.

Ale= x

= 2018-07-09 2:32 GMT+02:00 Raymond Yeung <rksyeung@hotmail.com>:


+ yocto mailing list.

From:= Raymond Yeung <rksyeung@hotmail.com>
Sent: Sunday, July 8, 2018 5:31 PM
To: Burton, Ross
Subject: Re: [yocto] How to remove openssl from sysroots
=C2=A0

We're not going to integrate = everything into one homogeneous package.=C2=A0 Poky and BSP would be togeth= er.=C2=A0 Then, we've application codes that we'd build in the same= old way with SCONs the way we do before.=C2=A0 The two parts would link together.


And we do have a number of 3rd pa= rty vendor packages beside openssl.=C2=A0 Currently, the issue with openssl= is that, we run into build issue with the version we got in 2016 release.= =C2=A0 See this:


=C2=A0

In file included from /volume/tools/x86_64_linux.x86_64/2.1.3/sysroots/c= orei7-64-poky-linux/usr/include/openssl= /evp.h:66:0,

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0from src/infra/utils/obf/cv_obfuscate.c:20:

/volume/tools/x86_64_linux.x86_64/2.1.3/sysroots/corei7-64-poky-linux/usr/include/openssl/opensslconf.h:41:36: fatal error:=C2=A0openssl/ope= nsslconf-32.h: No such file or directory


We plan to use 64-bit kernel, and 32-bit applications.=C2=A0 Perhaps that e= xplains the issue above.=C2=A0 We don't want to spend a lot of effort d= oing porting simply because we adopt Yocto.=C2=A0 So ideally, if we could r= emove what's in Yocto, we could integrate our apps with our own openssl; no changes, including upgrade, would be needed.=C2= =A0 We'd upgrade when we're ready.

Another question from my team is why the "minimal" package i= ncludes connectivity, which includes openssl?

Raymond

From:= Burton, Ross <ross.burton@intel.com>
Sent: Sunday, July 8, 2018 1:06 AM

To: Raymond Yeung
Cc: yoct= o@yoctoproject.org
Subject: Re: [yocto] How to remove openssl from sysroots
=
=C2=A0
I strongly recommend you just write a recipe that builds o= penssl as you wish, instead of building it out of the build system and some= how getting it into the images.=C2=A0 The problem is that how do you intend= to build software against openssl if it can't link to the one in oe-core (as you don't want it) or your cu= stom one (because it doesn't exist yet).

The workaround - which is horrible - would be to use a rootfs postproc= ess hook to forcibly remove the openssl packages from the rootfs, and then = drop in your own files.

Ross

On 8 July 2018 at 07:1= 4, Raymond Yeung <r= ksyeung@hotmail.com> wrote:

We have a shell script that build= s openssl.=C2=A0 It uses the native makefiles from the open source project.= =C2=A0 There's no =C2=A0recipe.=C2=A0 I suppose we define a recipe for = this out-of-tree sources.


Still, if we could yank out embed= ded openssl easily, that would be the best.


Raymond



From: Burton, Ross <ross.burton@intel.com>
Sent: Saturday, July 7, 2018 3:41 PM
To: Raymond Yeung
Cc: yocto@yoctoproject.org
Subject: Re: [yocto] How to remove openssl from sysroots
=C2=A0
=
Presumably you've a recipe = for the vendor openssl.=C2=A0 If it has the same
name but is a different version then just set PREFERRED_VERSION.=C2=A0 If it has a different name too, it should PROVIDE openssl and you can
just set PREFERRED_PROVIDER.

If it doesn't do either of those things, then it is broken.

Ross

On 6 July 2018 at 23:06, Raymond Yeung <rksyeung@hotmail.com> wrote: > I've changed the subject heading to make it more specific to our p= roblem.
> Hopefully this generates some responses.
>
>
> It has been blocking us for close to one week now.=C2=A0 We want to us= e our 3rd
> party vendor openssl, not the one that comes with the source.=C2=A0 Ap= parently,
> even with "minimal" instead of "base" or "sat= o" cannot exclude it.
>
>
> Any idea [e.g. how do we systematically find out how it's included= now, and
> possibly what other packages/recipes we may also need to remove due to=
> dependency]?
>
>
> Thanks,
>
> Raymond
>
>
>
> ________________________________
> From: Raymond Yeung <rksyeung@hotmail.com>
> Sent: Monday, July 2, 2018 11:05 PM
> To: yocto@yoctoproject.org
> Subject: How to remove a package from a build
>
>
> We've our own non-yocto openssl that we want to use.=C2=A0 At the = moment, we're
> using "sato" image, rather than "minimal" and incl= udes its openssl that is
> out-of-date.=C2=A0 What is the best way to exclude it from our image (= and from
> sysroots)?
>
>
> We have thought about two ideas -
>
>
> Use smaller image like core-image-base, or core-image-full-cmdline (bu= t not
> -minimal that may remove too much functionality).
> Use INSTALL_IMAGE_remove +=3D " openssl"
>
>
> Would either one work?=C2=A0 Also, how do I follow the .bb files etc (= e.g.
> starting from the one for sato) to trace down which sub-package includ= es
> openssl?
>
>
> Thanks,
>
> Raymond
>
>
> --
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
yocto Info Page
lis= ts.yoctoproject.org
Discussion of all things about the Yocto Project. Read our Community Guidel= ines or learn more about how to participate in other community discussions.= Subscribe before posting to bypass moderation.


>


--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto<= br>

--0000000000005a7a95057091dd4e--