Re: [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl

[Baruch Siach via buildroot <buildroot@buildroot.org>]

Hi Yann,

On Mon, Jul 18 2022, Yann E. MORIN wrote:
> From: Baruch Siach <baruch@tkos.co.il>
>
> uacme configure script fails when libcurl does not support TLS. This
> means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme.
>
> Add a kconfig knob to libcurl, BR2_PACKAGE_LIBCURL_FORCE_TLS, so that
> _TLS_NONE is not an option. Select that from uacme.
>
> Note that, beside selecting BR2_PACKAGE_LIBCURL_FORCE_TLS, packages will
> have to also select a package that can be used as a crypto backend by
> libcurl. Use of BR2_PACKAGE_LIBCURL_FORCE_TLS is unlikely to become very
> common in the foreseeable future, so we don't need to optimize for this
> corner case.

This sentence is not clear without its original email discussion
context. So I'd add in its end: "... with automatic selection of crypto
backend".

>
> uacme already needs a crypto package for itself, so the above
> requirement is naturally met for uacme.
>
> Fixes:
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
>
> Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> [yann.morin.1998@free.fr:
>   - keep the current forward select
>   - add the kconfig knob
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

LGTM. Not this is the right tag since I'm technically the patch
author. But FWIW here it is anyway.

Reviewed-by: Baruch Siach <baruch@tkos.co.il>

Thanks,
baruch

> ---
> v5 (Yann E. MORIN):
>   Rename knob to _FORCE_TLS (Baruch)
>   _FORCE_TLS needs a crypto package to be selected (Baruch)
>   Expand commit log to explain that (Baruch)
>
> v4 (Yann E. MORIN):
>   Restore forward select
>   Add the _FORCE_SSL_TLS kconfig knob; use it from uacme
>
> v3:
>   Move comments up to fix suboption indentation (Yann)
>   Add missing MMU comment dependency (Yann)
>
> v2:
>   Add dependency on crypto back end for uacme itself (Nicola Di Lieto)
> ---
>  package/libcurl/Config.in | 7 +++++++
>  package/uacme/Config.in   | 1 +
>  2 files changed, 8 insertions(+)
>
> diff --git a/package/libcurl/Config.in b/package/libcurl/Config.in
> index 3381decca8..bc2f8f47f2 100644
> --- a/package/libcurl/Config.in
> +++ b/package/libcurl/Config.in
> @@ -45,6 +45,12 @@ config BR2_PACKAGE_LIBCURL_EXTRA_PROTOCOLS_FEATURES
>  	  - DICT
>  	  - Gopher
>  
> +# Packages must select that if they require a SSL/TLS-enabled libcurl.
> +# Those packages must also select one crypto package that can be used
> +# as a backend below.
> +config BR2_PACKAGE_LIBCURL_FORCE_TLS
> +	bool
> +
>  choice
>  	prompt "SSL/TLS library to use"
>  
> @@ -77,6 +83,7 @@ comment "WolfSSL needs a toolchain w/ dynamic library"
>  
>  config BR2_PACKAGE_LIBCURL_TLS_NONE
>  	bool "None"
> +	depends on !BR2_PACKAGE_LIBCURL_FORCE_SSL_TLS
>  
>  endchoice
>  
> diff --git a/package/uacme/Config.in b/package/uacme/Config.in
> index 58b7c534e7..796f54754e 100644
> --- a/package/uacme/Config.in
> +++ b/package/uacme/Config.in
> @@ -3,6 +3,7 @@ config BR2_PACKAGE_UACME
>  	depends on BR2_USE_MMU # fork()
>  	select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
>  	select BR2_PACKAGE_LIBCURL
> +	select BR2_PACKAGE_LIBCURL_FORCE_TLS
>  	help
>  	  uacme is a client for the ACMEv2 protocol described in
>  	  RFC8555, written in plain C with minimal dependencies


-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot