* openssl10 in warrior
@ 2019-06-18 20:29 Jonathan Richardson
2019-06-18 20:57 ` Alexander Kanavin
2019-06-18 21:29 ` Martin Jansa
0 siblings, 2 replies; 4+ messages in thread
From: Jonathan Richardson @ 2019-06-18 20:29 UTC (permalink / raw)
To: poky
Hello,
How do you set the version of openssl back to openssl10? There is no
PROVIDES
openssl in openssl10 so I can't set PREFERRED_PROVIDER_openssl. If I
change my
DEPENDS in the my recipe to openssl10-native eventually another native
recipe that
depends on openssl tries to populate a library to sysroot and fails
because its already
there.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl10 in warrior
2019-06-18 20:29 openssl10 in warrior Jonathan Richardson
@ 2019-06-18 20:57 ` Alexander Kanavin
2019-06-18 21:29 ` Martin Jansa
1 sibling, 0 replies; 4+ messages in thread
From: Alexander Kanavin @ 2019-06-18 20:57 UTC (permalink / raw)
To: Jonathan Richardson; +Cc: Poky Project
[-- Attachment #1: Type: text/plain, Size: 961 bytes --]
On Tue, 18 Jun 2019 at 22:29, Jonathan Richardson <
jonathan.richardson@broadcom.com> wrote:
> How do you set the version of openssl back to openssl10? There is no
> PROVIDES
> openssl in openssl10 so I can't set PREFERRED_PROVIDER_openssl. If I
> change my
> DEPENDS in the my recipe to openssl10-native eventually another native
> recipe that
> depends on openssl tries to populate a library to sysroot and fails
> because its already
> there.
>
Before asking how, you should explain why. What is your need for it?
Openssl 1.0 is no longer supported by upstream at the end of 2019, so Yocto
project no longer provides that version as the default or preferred one.
The recipe has been removed altogether in the master branch. Openssl is a
critical security component with a history of major vulnerabilities, so we
don't want to endorse extending the lifespan of a version that no longer
gets any kind of fixes from upstream.
Alex
[-- Attachment #2: Type: text/html, Size: 1381 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl10 in warrior
2019-06-18 20:29 openssl10 in warrior Jonathan Richardson
2019-06-18 20:57 ` Alexander Kanavin
@ 2019-06-18 21:29 ` Martin Jansa
2019-06-18 22:58 ` Jonathan Richardson
1 sibling, 1 reply; 4+ messages in thread
From: Martin Jansa @ 2019-06-18 21:29 UTC (permalink / raw)
To: Jonathan Richardson; +Cc: poky
[-- Attachment #1: Type: text/plain, Size: 2099 bytes --]
On Tue, Jun 18, 2019 at 01:29:00PM -0700, Jonathan Richardson wrote:
> Hello,
>
> How do you set the version of openssl back to openssl10? There is no
> PROVIDES
> openssl in openssl10 so I can't set PREFERRED_PROVIDER_openssl. If I
> change my
> DEPENDS in the my recipe to openssl10-native eventually another native
> recipe that
> depends on openssl tries to populate a library to sysroot and fails
> because its already
> there.
Hi,
it never worked with both openssl versions being pulled into the same
RSS (which is quite common for bigger components like qtbase).
If you really need to use openssl10 and have components which require
it, then you can temporary rename openssl10 recipe as openssl in our
layer to overlay 1.1 version from oe-core and use this openssl-1.0
everywhere (there aren't many packages which would be compatible with
openssl-1.1 and incompatible with openssl-1.0 - from the layers I have
included in my world build I know about these:
PNBLACKLIST[wvstreams] ?= "not compatible with openssl-1.0 since https://github.com/apenwarr/wvstreams/commit/5506a74e1b033776ad441b4554716cdcfa88fe03 which was backported to meta-oe and later reverted in upstream"
PNBLACKLIST[wvdial] ?= "depends on blacklisted wvstreams"
PNBLACKLIST[python3-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[python-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtmpdump] ?= "not compatible with openssl-1.0"
PNBLACKLIST[libtorrent] ?= "not compatible with openssl-1.0"
PNBLACKLIST[freeradius] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtorrent] ?= "depends on blacklisted libtorrent"
PNBLACKLIST[openlmi-tools] ?= "depends on blacklisted python-m2crypto"
PNBLACKLIST[python-pywbem] ?= "depends on blacklisted python-m2crypto"
and in all these cases it's simple to revert them to older from which
was compatible with openssl-1.0 before big bang.
But this work around should be only temporary and you should really try
to get rid of openssl10 soon.
Cheers,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: openssl10 in warrior
2019-06-18 21:29 ` Martin Jansa
@ 2019-06-18 22:58 ` Jonathan Richardson
0 siblings, 0 replies; 4+ messages in thread
From: Jonathan Richardson @ 2019-06-18 22:58 UTC (permalink / raw)
To: Martin Jansa; +Cc: poky
-----Original Message-----
From: Martin Jansa [mailto:martin.jansa@gmail.com]
Sent: Tuesday, June 18, 2019 2:30 PM
To: Jonathan Richardson
Cc: poky@yoctoproject.org
Subject: Re: [poky] openssl10 in warrior
On Tue, Jun 18, 2019 at 01:29:00PM -0700, Jonathan Richardson wrote:
> Hello,
>
> How do you set the version of openssl back to openssl10? There is no
> PROVIDES openssl in openssl10 so I can't set
> PREFERRED_PROVIDER_openssl. If I change my DEPENDS in the my recipe to
> openssl10-native eventually another native recipe that depends on
> openssl tries to populate a library to sysroot and fails because its
> already there.
Hi,
it never worked with both openssl versions being pulled into the same RSS
(which is quite common for bigger components like qtbase).
If you really need to use openssl10 and have components which require it,
then you can temporary rename openssl10 recipe as openssl in our layer to
overlay 1.1 version from oe-core and use this openssl-1.0 everywhere
(there aren't many packages which would be compatible with
openssl-1.1 and incompatible with openssl-1.0 - from the layers I have
included in my world build I know about these:
PNBLACKLIST[wvstreams] ?= "not compatible with openssl-1.0 since
https://github.com/apenwarr/wvstreams/commit/5506a74e1b033776ad441b4554716
cdcfa88fe03 which was backported to meta-oe and later reverted in
upstream"
PNBLACKLIST[wvdial] ?= "depends on blacklisted wvstreams"
PNBLACKLIST[python3-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[python-m2crypto] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtmpdump] ?= "not compatible with openssl-1.0"
PNBLACKLIST[libtorrent] ?= "not compatible with openssl-1.0"
PNBLACKLIST[freeradius] ?= "not compatible with openssl-1.0"
PNBLACKLIST[rtorrent] ?= "depends on blacklisted libtorrent"
PNBLACKLIST[openlmi-tools] ?= "depends on blacklisted python-m2crypto"
PNBLACKLIST[python-pywbem] ?= "depends on blacklisted python-m2crypto"
and in all these cases it's simple to revert them to older from which was
compatible with openssl-1.0 before big bang.
But this work around should be only temporary and you should really try to
get rid of openssl10 soon.
Cheers,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
Ok thanks Martin/Alex. I'm aware of eol coming up. It's just a matter of
getting all projects upgraded
and leaving one behind (that doesn't yet compile on 1.1) rather than
advancing none of them. I thought
if there was a simple way to move forward then that would be best. But it
sounds like it's better to just
get it upgraded.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-06-18 22:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-18 20:29 openssl10 in warrior Jonathan Richardson
2019-06-18 20:57 ` Alexander Kanavin
2019-06-18 21:29 ` Martin Jansa
2019-06-18 22:58 ` Jonathan Richardson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.