Re: [Buildroot] [RFC PATCH] package/uacme: requires TLS support in libcurl

From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Nicola Di Lieto <nicola.dilieto@gmail.com>
Cc: buildroot@busybox.net
Subject: Re: [Buildroot] [RFC PATCH] package/uacme: requires TLS support in libcurl
Date: Wed, 13 Jul 2022 09:43:11 +0300	[thread overview]
Message-ID: <87bkttec55.fsf@tarshish> (raw)
In-Reply-To: <Ys5oV/gCnSknmvtJ@einstein.dilieto.eu>

Hi Nicola,

On Wed, Jul 13 2022, Nicola Di Lieto wrote:
> I am afraid this won't work because unlike curl, uacme only supports OpenSSL,
> GnuTLS and mbedTLS. If either BearSSL or WolfSSL are chosen as the SSL
> library, uacme will fail at configure stage.

This issue is already in current code. The line

  select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)

does not guarantee that libcurl uses any of these as crypt back
end. libcurl might still have BR2_PACKAGE_LIBCURL_BEARSSL or
BR2_PACKAGE_LIBCURL_WOLFSSL set.

This patch only fixes the BR2_PACKAGE_LIBCURL_TLS_NONE case, but we can
easily add others for something like

  depends on BR2_PACKAGE_LIBCURL && !BR2_PACKAGE_LIBCURL_TLS_NONE
          && !BR2_PACKAGE_LIBCURL_BEARSSL && !BR2_PACKAGE_LIBCURL_WOLFSSL

The reason I marked this patch RFC is because we usually do not 'depend'
on non obvious dependencies like libcurl, but 'select' them
automatically to make it easier for the user. But I could not find a way
to avoid build failure using only 'select'.

What do you think?

Thanks,
baruch

> On Thu, Jun 09, 2022 at 10:21:56PM +0300, Baruch Siach wrote:
>>uacme configure script fails when libcurl does not support TLS. This
>>means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme. But
>>there is no way to change the choice to something other than
>>BR2_PACKAGE_LIBCURL_TLS_NONE. So instead make uacme depend on libcurl
>>and !BR2_PACKAGE_LIBCURL_TLS_NONE.
>>
>>As a result we can no longer select BR2_PACKAGE_OPENSSL since it causes
>>recursive dependency. The existence of encryption library is implied
>>when !BR2_PACKAGE_LIBCURL_TLS_NONE. So we can drop that 'select'
>>entirely.
>>
>>Fixes:
>>http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
>>http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
>>http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
>>
>>Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
>>Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>>---
>> package/uacme/Config.in | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>
>>diff --git a/package/uacme/Config.in b/package/uacme/Config.in
>>index d69343611557..4b20cbcdfe4b 100644
>>--- a/package/uacme/Config.in
>>+++ b/package/uacme/Config.in
>>@@ -1,8 +1,7 @@
>> config BR2_PACKAGE_UACME
>> 	bool "uacme"
>> 	depends on BR2_USE_MMU # fork()
>>-	select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
>>-	select BR2_PACKAGE_LIBCURL
>>+	depends on BR2_PACKAGE_LIBCURL && !BR2_PACKAGE_LIBCURL_TLS_NONE
>> 	help
>> 	  uacme is a client for the ACMEv2 protocol described in
>> 	  RFC8555, written in plain C with minimal dependencies
>>@@ -14,6 +13,10 @@ config BR2_PACKAGE_UACME
>>
>> 	  https://github.com/ndilieto/uacme
>>
>>+comment "uacme needs libcurl with TLS support"
>>+	depends on BR2_USE_MMU
>>+	depends on !BR2_PACKAGE_LIBCURL || BR2_PACKAGE_LIBCURL_TLS_NONE
>>+
>> if BR2_PACKAGE_UACME
>>
>> config BR2_PACKAGE_UACME_UALPN
>> -- 2.35.1
>>

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot