[meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature

[meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature

[Zhixiong Chi]

Since libvirt was upgraded to v12.1.0, the new systemd service file
virt-secret-init-encryption.service has been introduced, and it requires
systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
command will be executed in the service file, which depends on openssl
is enabled.

Meanwhile this service was added into the dependency chain of the main service
libvirtd.service, and will be enabled by default by libvirtd service without
any build dependency detection according to the original upstream commit
https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89

In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
Finally the service file virt-secret-init-encryption.service and libvirtd will
be failed as the following error:
> # systemctl status libvirtd -l
 * libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
     Active: inactive (dead)
 TriggeredBy: * libvirtd.socket
              * libvirtd-ro.socket
              * libvirtd-admin.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/

 systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
 systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'

> # journalctl -xe

   A start job for unit virt-secret-init-encryption.service has begun execution.

 systemd-creds[1251]: Support for encrypted credentials not available.
 systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE

The above error info "Support for encrypted credentials not available." comes
from systemd-creds command provided by systemd without HAVE_OPENSSL option at
the source code src/shared/creds-utils.c

Here we enable openssl for systemd when 'virtualization' is in distro feature.

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
 recipes-core/systemd/systemd_%.bbappend         | 1 +
 recipes-core/systemd/systemd_virtualization.inc | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 recipes-core/systemd/systemd_%.bbappend
 create mode 100644 recipes-core/systemd/systemd_virtualization.inc

diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
new file mode 100644
index 00000000..617caccb
--- /dev/null
+++ b/recipes-core/systemd/systemd_%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', '${BPN}_virtualization.inc', '', d)}
diff --git a/recipes-core/systemd/systemd_virtualization.inc b/recipes-core/systemd/systemd_virtualization.inc
new file mode 100644
index 00000000..585f4c35
--- /dev/null
+++ b/recipes-core/systemd/systemd_virtualization.inc
@@ -0,0 +1,2 @@
+# libvirt acquires systemd enable openssl PACKAGECONFIG
+PACKAGECONFIG:append = " openssl"
-- 
2.53.0

Re: [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature

[Khem Raj]

On 4/21/26 12:46 AM, Zhixiong Chi via lists.yoctoproject.org wrote:
> Since libvirt was upgraded to v12.1.0, the new systemd service file
> virt-secret-init-encryption.service has been introduced, and it requires
> systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
> command will be executed in the service file, which depends on openssl
> is enabled.
> 
> Meanwhile this service was added into the dependency chain of the main service
> libvirtd.service, and will be enabled by default by libvirtd service without
> any build dependency detection according to the original upstream commit
> https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89
> 
> In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
> Finally the service file virt-secret-init-encryption.service and libvirtd will
> be failed as the following error:
>> # systemctl status libvirtd -l
>   * libvirtd.service - libvirt legacy monolithic daemon
>       Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
>       Active: inactive (dead)
>   TriggeredBy: * libvirtd.socket
>                * libvirtd-ro.socket
>                * libvirtd-admin.socket
>         Docs: man:libvirtd(8)
>               https://libvirt.org/
> 
>   systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
>   systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'
> 
>> # journalctl -xe
> 
>     A start job for unit virt-secret-init-encryption.service has begun execution.
> 
>   systemd-creds[1251]: Support for encrypted credentials not available.
>   systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE
> 
> The above error info "Support for encrypted credentials not available." comes
> from systemd-creds command provided by systemd without HAVE_OPENSSL option at
> the source code src/shared/creds-utils.c
> 
> Here we enable openssl for systemd when 'virtualization' is in distro feature.
> 
> Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
> ---
>   recipes-core/systemd/systemd_%.bbappend         | 1 +
>   recipes-core/systemd/systemd_virtualization.inc | 2 ++
>   2 files changed, 3 insertions(+)
>   create mode 100644 recipes-core/systemd/systemd_%.bbappend
>   create mode 100644 recipes-core/systemd/systemd_virtualization.inc
> 
> diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
> new file mode 100644
> index 00000000..617caccb
> --- /dev/null
> +++ b/recipes-core/systemd/systemd_%.bbappend
> @@ -0,0 +1 @@
> +require ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', '${BPN}_virtualization.inc', '', d)}
> diff --git a/recipes-core/systemd/systemd_virtualization.inc b/recipes-core/systemd/systemd_virtualization.inc
> new file mode 100644
> index 00000000..585f4c35
> --- /dev/null
> +++ b/recipes-core/systemd/systemd_virtualization.inc
> @@ -0,0 +1,2 @@
> +# libvirt acquires systemd enable openssl PACKAGECONFIG
> +PACKAGECONFIG:append = " openssl"
> 

Can this be all in the bbappend. something like below

PACKAGECONFIG:append = "${@bb.utils.contains('DISTRO_FEATURES', 
'virtualization', ' openssl', '', d)}"

> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9718): https://lists.yoctoproject.org/g/meta-virtualization/message/9718
> Mute This Topic: https://lists.yoctoproject.org/mt/118934409/1997914
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature

[Bruce Ashfield]

In message: Re: [meta-virtualization][PATCH] systemd: add openssl PACKAGECONFIG for virtualization distro feature
on 21/04/2026 Khem Raj via lists.yoctoproject.org wrote:

> 
> 
> On 4/21/26 12:46 AM, Zhixiong Chi via lists.yoctoproject.org wrote:
> > Since libvirt was upgraded to v12.1.0, the new systemd service file
> > virt-secret-init-encryption.service has been introduced, and it requires
> > systemd to add openssl to PACKAGECONFIG. Because systemd-creds encrypt
> > command will be executed in the service file, which depends on openssl
> > is enabled.
> > 
> > Meanwhile this service was added into the dependency chain of the main service
> > libvirtd.service, and will be enabled by default by libvirtd service without
> > any build dependency detection according to the original upstream commit
> > https://github.com/libvirt/libvirt/commit/97758bc9a0b1fccf8c0009308658f1204b113b89
> > 
> > In systemd oe-core recipe, the openssl PACKAGECONFIG is disabled at default.
> > Finally the service file virt-secret-init-encryption.service and libvirtd will
> > be failed as the following error:
> > > # systemctl status libvirtd -l
> >   * libvirtd.service - libvirt legacy monolithic daemon
> >       Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: enabled)
> >       Active: inactive (dead)
> >   TriggeredBy: * libvirtd.socket
> >                * libvirtd-ro.socket
> >                * libvirtd-admin.socket
> >         Docs: man:libvirtd(8)
> >               https://libvirt.org/
> > 
> >   systemd[1]: Dependency failed for libvirt legacy monolithic daemon.
> >   systemd[1]: libvirtd.service: Job libvirtd.service/start failed with result 'dependency'
> > 
> > > # journalctl -xe
> > 
> >     A start job for unit virt-secret-init-encryption.service has begun execution.
> > 
> >   systemd-creds[1251]: Support for encrypted credentials not available.
> >   systemd[1]: virt-secret-init-encryption.service: Main process exited, code=exited, status=1/FAILURE
> > 
> > The above error info "Support for encrypted credentials not available." comes
> > from systemd-creds command provided by systemd without HAVE_OPENSSL option at
> > the source code src/shared/creds-utils.c
> > 
> > Here we enable openssl for systemd when 'virtualization' is in distro feature.
> > 
> > Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
> > ---
> >   recipes-core/systemd/systemd_%.bbappend         | 1 +
> >   recipes-core/systemd/systemd_virtualization.inc | 2 ++
> >   2 files changed, 3 insertions(+)
> >   create mode 100644 recipes-core/systemd/systemd_%.bbappend
> >   create mode 100644 recipes-core/systemd/systemd_virtualization.inc
> > 
> > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend
> > new file mode 100644
> > index 00000000..617caccb
> > --- /dev/null
> > +++ b/recipes-core/systemd/systemd_%.bbappend
> > @@ -0,0 +1 @@
> > +require ${@bb.utils.contains('DISTRO_FEATURES', 'virtualization', '${BPN}_virtualization.inc', '', d)}
> > diff --git a/recipes-core/systemd/systemd_virtualization.inc b/recipes-core/systemd/systemd_virtualization.inc
> > new file mode 100644
> > index 00000000..585f4c35
> > --- /dev/null
> > +++ b/recipes-core/systemd/systemd_virtualization.inc
> > @@ -0,0 +1,2 @@
> > +# libvirt acquires systemd enable openssl PACKAGECONFIG
> > +PACKAGECONFIG:append = " openssl"
> > 
> 
> Can this be all in the bbappend. something like below
> 
> PACKAGECONFIG:append = "${@bb.utils.contains('DISTRO_FEATURES',
> 'virtualization', ' openssl', '', d)}"

I could absolutely be like that. I had already merged the
change before I saw your comment, so I've left it as-is for now
as it follows the patterns of other meta-virtualization conditional
includes (that are more complex and actually need the .inc file)

I have a feeling that we'll need more systemd overrides in the
future, so let's see if anything else comes in, and if not, I'll
make it simpler in the next update cycle.

Bruce

> 
> > 
> > 
> > 
> > 
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9721): https://lists.yoctoproject.org/g/meta-virtualization/message/9721
> Mute This Topic: https://lists.yoctoproject.org/mt/118934409/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>