Re: [oe] [meta-oe][PATCH] signing.bbclass: don't export OPENSSL environment variables globally

Mon, 09 Oct 2023 05:53:35 -0700 

On Wed, 2023-09-20 at 16:33 +0200, Ahmad Fatoum wrote:
> OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
> exported globally for any recipe that inherits signing. This not only
> affects the tasks that use the signing infrastructure, but also unrelated
> tasks like e.g. do_fetch. Avoid this by exporting the variables only
> for these tasks that actually call signing_prepare.
> 
> This resolves a breakage I observed on Ubuntu 18.04, where the host
> tool wget is called with the environment variables set and then fails
> with a SSL error (exit code 5).
> 
> Signed-off-by: Ahmad Fatoum <a.fat...@pengutronix.de>

Reviewed-by: Jan Lübbe <j...@pengutronix.de>

> ---
>  meta-oe/classes/signing.bbclass | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
> index 5c74a319e4f9..79944e3fe91c 100644
> --- a/meta-oe/classes/signing.bbclass
> +++ b/meta-oe/classes/signing.bbclass
> @@ -224,6 +224,12 @@ signing_import_install() {
>  }
>  
>  signing_prepare() {
> +    export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> +    export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
> +    export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
> +    export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
> +    export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
> +
>      if [ -f ${OPENSSL_CONF} ]; then
>          echo "Using '${OPENSSL_CONF}' for OpenSSL configuration"
>      else
> @@ -308,9 +314,3 @@ signing_get_module() {
>  python () {
>      signing_class_prepare(d)
>  }
> -
> -export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> -export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
> -export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
> -export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
> -export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#105390): 
https://lists.openembedded.org/g/openembedded-devel/message/105390
Mute This Topic: https://lists.openembedded.org/mt/101486519/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to