Some openssl command line operations like creating an X.509 CSR require
the file /usr/lib/ssl-1.1/openssl.cnf to exist and fail if it doesn't
root@qemux86-64:~# openssl req -out my.csr -new -newkey rsa:2048 -nodes
-keyout my.key
Can't open /usr/lib/ssl-1.1/openssl.cnf for reading, No such file or
directory
140289168594176:error:02001002:system library:fopen:No such file or
directory:../openssl-1.1.1g/crypto/bio/bss_file.c:69:fopen('/usr/lib/ssl-1.1/openssl.cnf','r')
140289168594176:error:2006D080:BIO routines:BIO_new_file:no such
file:../openssl-1.1.1g/crypto/bio/bss_file.c:76:
which is the case e.g. in core-image-minimal with just the
package openssl-bin added to the image by declaring
IMAGE_INSTALL_append = " openssl-bin"
e.g. in local.conf.
The file did not exist in the aforementioned image / configuration
because it was packaged to the main openssl package
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
(there is no other FILES specification that would match the file either)
and
path/to/poky/build$ rpm --query --package --list
tmp/deploy/rpm/core2_64/openssl-1.1.1g-r0.core2_64.rpm
[...]
/usr/lib/ssl-1.1/openssl.cnf
[...]
Hence move /usr/lib/ssl-1.1/openssl.cnf (and openssl.cnf.dist as it
seems closely related) to the ${PN}-conf package to have it installed
with ${PN}-bin, which already (indirectly) depends on ${PN}-conf.
Note that the openssl recipe has the comment
Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
package RRECOMMENDS on this package. This will enable the configuration
file to be installed for both the openssl-bin package and the libcrypto
package since the openssl-bin package depends on the libcrypto package.
but openssl-conf only contained /etc/ssl/openssl.cnf
path/to/poky/build$ rpm --query --package --list
tmp/deploy/rpm/core2_64/openssl-conf-1.1.1g-r0.core2_64.rpm
/etc
/etc/ssl
/etc/ssl/openssl.cnf
/usr/lib/ssl-1.1/openssl.cnf is actually only a symlink that points to
../../../etc/ssl/openssl.cnf.
Other files and directories in /usr/lib/ssl-1.1/ were considered as well
because they seem to be configuration files and / or related to
(symlinks pointing to) /etc. They were not moved though, because based
on our use case and testing moving the openssl.cnf symlink is sufficient
for fixing the immediate problem and we lack knowledge about the other
files in order to make a decision to change their packaging.
Signed-off-by: Hannu Lounento <hannu.loune...@vaisala.com>
---
meta/recipes-connectivity/openssl/openssl_1.1.1g.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
index 66fa8f7d0a..47ed6b7640 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -191,7 +191,9 @@ PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines
${PN}-misc"
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+ ${libdir}/ssl-1.1/openssl.cnf* \
+ "
FILES_${PN}-engines = "${libdir}/engines-1.1"
FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
FILES_${PN} =+ "${libdir}/ssl-1.1/*"
--
2.26.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140377):
https://lists.openembedded.org/g/openembedded-core/message/140377
Mute This Topic: https://lists.openembedded.org/mt/75352768/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
