From: Alexander Kanavin <alexander.kanavin@linux.intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [RFC][PATCH 3/5] openssl: update to 1.1.1
Date: Tue, 10 Apr 2018 15:07:45 +0300 [thread overview]
Message-ID: <20180410120747.41814-3-alexander.kanavin@linux.intel.com> (raw)
In-Reply-To: <20180410120747.41814-1-alexander.kanavin@linux.intel.com>
At the moment 1.1.1 is in pre-release stage, however the final release
should be available within a few weeks. The major selling point is that
it supports the new TLS 1.3 specification. At the moment it is not clear
whether this also will be a long term support version of openssl;
we can make the decision to merge this version once that is made clear
by upstream. More information:
https://www.openssl.org/policies/releasestrat.html
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
---
...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 ----------------------
.../{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb} | 21 +++++------
2 files changed, 10 insertions(+), 54 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
rename meta/recipes-connectivity/openssl/{openssl_1.1.0h.bb => openssl_1.1.1-pre4.bb} (83%)
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
deleted file mode 100644
index 6ce4e47d712..00000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 28 Mar 2017 16:40:12 +0300
-Subject: [PATCH] Take linking flags from LDFLAGS env var
-
-This fixes "No GNU_HASH in the elf binary" issues.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- Configurations/unix-Makefile.tmpl | 2 +-
- Configure | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index c029817..43b769b 100644
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -}
- CC= $(CROSS_COMPILE){- $target{cc} -}
- CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
- CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
--LDFLAGS= {- $target{lflags} -}
-+LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -}
- PLIB_LDFLAGS= {- $target{plib_lflags} -}
- EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
- LIB_CFLAGS={- $target{shared_cflag} || "" -}
-diff --git a/Configure b/Configure
-index aee7cc3..274d236 100755
---- a/Configure
-+++ b/Configure
-@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file};
- $config{defines} = [];
- $config{cflags} = "";
- $config{ex_libs} = "";
--$config{shared_ldflag} = "";
-+$config{shared_ldflag} = $ENV{'LDFLAGS'};
-
- # Make sure build_scheme is consistent.
- $target{build_scheme} = [ $target{build_scheme} ]
---
-2.11.0
-
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
similarity index 83%
rename from meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
rename to meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
index 94b75eb92a8..859362f7afe 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1-pre4.bb
@@ -10,13 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
BBCLASSEXTEND = "native nativesdk"
-SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
-SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
+SRC_URI[md5sum] = "07c3f6831fb6dfe975795ef7bbbee9fc"
+SRC_URI[sha256sum] = "df2d5fcc2a878525611c75b9e9116fbcfbce8d9b96419a16eda5fb11ecc428f6"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
file://openssl-c_rehash.sh \
- file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
"
S = "${WORKDIR}/openssl-${PV}"
@@ -114,20 +113,20 @@ do_configure () {
if [ "x$useprefix" = "x" ]; then
useprefix=/
fi
- libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
- perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
}
-#| engines/afalg/e_afalg.c: In function 'eventfd':
-#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
-#| return syscall(__NR_eventfd, n);
-#| ^~~~~~~~~~~~
-EXTRA_OECONF_aarch64 += "no-afalgeng"
+# This prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF_class-native += "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-nativesdk += "--with-rand-seed=devrandom"
#| ./libcrypto.so: undefined reference to `getcontext'
#| ./libcrypto.so: undefined reference to `setcontext'
#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
+CPPFLAGS_libc-musl += "-DOPENSSL_NO_ASYNC"
do_install () {
oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
--
2.16.1
next prev parent reply other threads:[~2018-04-10 12:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-10 12:07 [RFC][PATCH 1/5] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version Alexander Kanavin
2018-04-10 12:07 ` [RFC][PATCH 2/5] cryptodev-tests: port to openssl 1.1 Alexander Kanavin
2018-04-10 12:07 ` Alexander Kanavin [this message]
2018-04-10 21:20 ` [RFC][PATCH 3/5] openssl: update to 1.1.1 Andre McCurdy
2018-04-11 10:09 ` Alexander Kanavin
2018-04-11 18:56 ` Andre McCurdy
2018-04-10 12:07 ` [RFC][PATCH 4/5] libressl: add a recipe to support openssh Alexander Kanavin
2018-04-11 8:38 ` Andre McCurdy
2018-04-11 10:03 ` Alexander Kanavin
2018-04-11 19:07 ` Andre McCurdy
2018-04-10 12:07 ` [RFC][PATCH 5/5] openssh: update to 7.7p1 and depend on libressl Alexander Kanavin
2018-04-10 12:34 ` ✗ patchtest: failure for "[RFC] openssl: rename openssl ..." and 4 more Patchwork
2018-04-10 12:43 ` [RFC][PATCH 1/5] openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version Martin Jansa
2018-04-10 12:39 ` Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180410120747.41814-3-alexander.kanavin@linux.intel.com \
--to=alexander.kanavin@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.