Re: [OE-core] [PATCH 0/5] Add openssl 1.1

[Mark Hatle]

On 7/19/17 12:37 PM, Alexander Kanavin wrote:
> On 07/19/2017 07:55 PM, Andre McCurdy wrote:
>>> Openssl 1.1 is an opt-out; it has the same recipe name as openssl 1.0 had, 
>>> and so
>>> all dependencies are compiled with it by default. If there's an API issue, 
>>> please
>>> fix it, or adjust the recipe to depend on 'openssl10' (which is a lesser 
>>> solution,
>>> and subject to openssl 1.0 eventually being removed from oe-core).
>>
>> Are there any -native recipes which still need 1.0? Or could support
>> for openssl10-native be dropped as part of this patch set?
> 
> There are also other layers out there which may need 1.0-native, and so 
> this would cause unnecessary breakage. Let's just leave 1.0 alone and 
> drop it altogether when time comes.

I would agree with this as well.  I've seen various SDK signing apps and such
that need to be linked to OpenSSL 1.0, so if it was removed it would like need
to be re-added by people to support their custom infrastructures.

--Mark

> Alex
> 

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 0/5] Add openssl 1.1

[Alexander Kanavin]

On 07/19/2017 07:55 PM, Andre McCurdy wrote:

Openssl 1.1 is an opt-out; it has the same recipe name as openssl 1.0 had, and 
so
all dependencies are compiled with it by default. If there's an API issue, 
please
fix it, or adjust the recipe to depend on 'openssl10' (which is a lesser 
solution,
and subject to openssl 1.0 eventually being removed from oe-core).


Are there any -native recipes which still need 1.0? Or could support
for openssl10-native be dropped as part of this patch set?


There are also other layers out there which may need 1.0-native, and so 
this would cause unnecessary breakage. Let's just leave 1.0 alone and 
drop it altogether when time comes.


Alex
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 0/5] Add openssl 1.1

[Andre McCurdy]

On Wed, Jul 19, 2017 at 6:19 AM, Alexander Kanavin
 wrote:
> This patch series introduces the recipe for openssl 1.1 (openssl 1.0 is 
> preserved
> but renamed to openssl10), and does a few necessary adjustmenets and updates 
> to other
> recipes.
>
> Openssl 1.1 is an opt-out; it has the same recipe name as openssl 1.0 had, 
> and so
> all dependencies are compiled with it by default. If there's an API issue, 
> please
> fix it, or adjust the recipe to depend on 'openssl10' (which is a lesser 
> solution,
> and subject to openssl 1.0 eventually being removed from oe-core).

Are there any -native recipes which still need 1.0? Or could support
for openssl10-native be dropped as part of this patch set?

> The following changes since commit 50af58cedb3153f058d23a0a9584cf69bdcce81b:
>
>   systemd: refuse to load units with errors (CVE-2017-182) (2017-07-19 
> 11:30:16 +0100)
>
> are available in the git repository at:
>
>   git://git.yoctoproject.org/poky-contrib akanavin/openssl-1.1
>   
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akanavin/openssl-1.1
>
> Alexander Kanavin (4):
>   openssl: add a 1.1 version
>   openssh: depend on openssl 1.0
>   cryptodev-tests: depend on openssl 1.0
>   gstreamer-plugins-bad: replace openssl dependency with nettle for hls
> plugin
>
> Otavio Salvador (1):
>   u-boot: Upgrade to 2017.07 release
>
>  meta/conf/distro/include/no-static-libs.inc|   3 +
>  ...ommon_2017.05.inc => u-boot-common_2017.07.inc} |   2 +-
>  ...utils_2017.05.bb => u-boot-fw-utils_2017.07.bb} |   0
>  ...kimage_2017.05.bb => u-boot-mkimage_2017.07.bb} |   0
>  .../{u-boot_2017.05.bb => u-boot_2017.07.bb}   |   0
>  meta/recipes-connectivity/openssh/openssh_7.5p1.bb |   3 +-
>  ...ve-test-that-requires-running-as-non-root.patch |  49 +++
>  ...1-Take-linking-flags-from-LDFLAGS-env-var.patch |  43 ++
>  .../recipes-connectivity/openssl/openssl/run-ptest |   4 +-
>  .../openssl/{openssl.inc => openssl10.inc} |  14 +-
>  ...build-with-clang-using-external-assembler.patch |   0
>  .../{openssl => openssl10}/Makefiles-ptest.patch   |   0
>  .../Use-SHA256-not-MD5-as-default-digest.patch |   0
>  .../configure-musl-target.patch|   0
>  .../{openssl => openssl10}/configure-targets.patch |   0
>  .../debian/c_rehash-compat.patch   |   0
>  .../openssl/{openssl => openssl10}/debian/ca.patch |   0
>  .../debian/debian-targets.patch|   0
>  .../{openssl => openssl10}/debian/man-dir.patch|   0
>  .../debian/man-section.patch   |   0
>  .../{openssl => openssl10}/debian/no-rpath.patch   |   0
>  .../debian/no-symbolic.patch   |   0
>  .../{openssl => openssl10}/debian/pic.patch|   0
>  .../debian/version-script.patch|   0
>  .../debian1.0.2/block_digicert_malaysia.patch  |   0
>  .../debian1.0.2/block_diginotar.patch  |   0
>  .../debian1.0.2/soname.patch   |   0
>  .../debian1.0.2/version-script.patch   |   0
>  .../engines-install-in-libdir-ssl.patch|   0
>  .../openssl/{openssl => openssl10}/find.pl |   0
>  .../{openssl => openssl10}/oe-ldflags.patch|   0
>  .../openssl-1.0.2a-x32-asm.patch   |   0
>  .../{openssl => openssl10}/openssl-c_rehash.sh |   0
>  .../openssl-fix-des.pod-error.patch|   0
>  .../openssl-util-perlpath.pl-cwd.patch |   0
>  .../openssl_fix_for_x32.patch  |   0
>  .../openssl/{openssl => openssl10}/parallel.patch  |   0
>  .../{openssl => openssl10}/ptest-deps.patch|   0
>  .../ptest_makefile_deps.patch  |   0
>  .../openssl/openssl10/run-ptest|   2 +
>  .../{openssl => openssl10}/shared-libs.patch   |   0
>  .../{openssl_1.0.2l.bb => openssl10_1.0.2l.bb} |   4 +-
>  .../recipes-connectivity/openssl/openssl_1.1.0f.bb | 146 
> +
>  .../cryptodev/cryptodev-tests_1.8.bb   |   2 +-
>  .../gstreamer/gstreamer1.0-plugins-bad.inc |   4 +-
>  45 files changed, 265 insertions(+), 11 deletions(-)
>  rename meta/recipes-bsp/u-boot/{u-boot-common_2017.05.inc => 
> u-boot-common_2017.07.inc} (88%)
>  rename meta/recipes-bsp/u-boot/{u-boot-fw-utils_2017.05.bb => 
> u-boot-fw-utils_2017.07.bb} (100%)
>  rename meta/recipes-bsp/u-boot/{u-boot-mkimage_2017.05.bb => 
> u-boot-mkimage_2017.07.bb} (100%)
>  rename meta/recipes-bsp/u-boot/{u-boot_2017.05.bb => u-boot_2017.07.bb} 
> (100%)
>  create mode 100644 
> meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
>  create mode 100644 
> meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
>  mode change 100755 => 100644 
> meta/recipes-connectivity/openssl/openssl/run-ptest
>  rename meta/recipes-connectivity/openssl/{openssl.inc => openssl10.inc} (95%)
>  ren