From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: raj.khem@gmail.com
Cc: zhixiong.chi@windriver.com, meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature
Date: Tue, 28 Apr 2026 11:40:18 +0000 [thread overview]
Message-ID: <afCcov9P-GuAYNmX@gmail.com> (raw)
In-Reply-To: <7ecfecca-4b96-49e9-b259-0370f38eafa8@gmail.com>
In message: Re: [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature
on 21/04/2026 Khem Raj via lists.yoctoproject.org wrote:
>
>
> On 4/21/26 12:46 AM, Zhixiong Chi via lists.yoctoproject.org wrote:
> > Since libvirt was upgraded to v12.1.0, the new systemd service file
> > virt-secret-init-encryption.service has been introduced, and it requires
> > systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
> > command will be executed in the service file, which depends on openssl
> > is enabled.
> >
> > Meanwhile this service was added into the dependency chain of the main service
> > libvirtd.service, and will be enabled by default by libvirtd service without
> > any build dependency detection according to the original upstream commit
> > https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89
> >
> > In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
> > Finally the service file virt-secret-init-encryption.service and libvirtd will
> > be failed as the following error:
> > > # systemctl status libvirtd -l
> > * libvirtd.service - libvirt legacy monolithic daemon
> > Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
> > Active: inactive (dead)
> > TriggeredBy: * libvirtd.socket
> > * libvirtd-ro.socket
> > * libvirtd-admin.socket
> > Docs: man:libvirtd(8)
> > https://libvirt.org/
> >
> > systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
> > systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'
> >
> > > # journalctl -xe
> >
> > A start job for unit virt-secret-init-encryption.service has begun execution.
> >
> > systemd-creds[1251]: Support for encrypted credentials not available.
> > systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE
> >
> > The above error info "Support for encrypted credentials not available." comes
> > from systemd-creds command provided by systemd without HAVE_OPENSSL option at
> > the source code src/shared/creds-utils.c
> >
> > Here we enable openssl for systemd when 'virtualization' is in distro feature.
> >
> > Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
> > ---
> > recipes-core/systemd/systemd_%.bbappend | 1 +
> > recipes-core/systemd/systemd_virtualization.inc | 2 ++
> > 2 files changed, 3 insertions(+)
> > create mode 100644 recipes-core/systemd/systemd_%.bbappend
> > create mode 100644 recipes-core/systemd/systemd_virtualization.inc
> >
> > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
> > new file mode 100644
> > index 00000000..617caccb
> > --- /dev/null
> > +++ b/recipes-core/systemd/systemd_%.bbappend
> > @@ -0,0 +1 @@
> > +require ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', '${BPN}_virtualization.inc', '', d)}
> > diff --git a/recipes-core/systemd/systemd_virtualization.inc b/recipes-core/systemd/systemd_virtualization.inc
> > new file mode 100644
> > index 00000000..585f4c35
> > --- /dev/null
> > +++ b/recipes-core/systemd/systemd_virtualization.inc
> > @@ -0,0 +1,2 @@
> > +# libvirt acquires systemd enable openssl PACKAGECONFIG
> > +PACKAGECONFIG:append = " openssl"
> >
>
> Can this be all in the bbappend. something like below
>
> PACKAGECONFIG:append = "${@bb.utils.contains('DISTRO_FEATURES',
> 'virtualization', ' openssl', '', d)}"
I could absolutely be like that. I had already merged the
change before I saw your comment, so I've left it as-is for now
as it follows the patterns of other meta-virtualization conditional
includes (that are more complex and actually need the .inc file)
I have a feeling that we'll need more systemd overrides in the
future, so let's see if anything else comes in, and if not, I'll
make it simpler in the next update cycle.
Bruce
>
> >
> >
> >
> >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9721): https://lists.yoctoproject.org/g/meta-virtualization/message/9721
> Mute This Topic: https://lists.yoctoproject.org/mt/118934409/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2026-04-28 11:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 7:46 [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature Zhixiong Chi
2026-04-22 3:26 ` Khem Raj
2026-04-28 11:40 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afCcov9P-GuAYNmX@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=raj.khem@gmail.com \
--cc=zhixiong.chi@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.