* [Buildroot] [PATCH 1/1] package/libjwt: require openssl
@ 2025-08-16 19:55 Florian Larysch
2025-08-16 20:17 ` Peter Korsgaard
2025-09-08 10:56 ` Thomas Perale via buildroot
0 siblings, 2 replies; 5+ messages in thread
From: Florian Larysch @ 2025-08-16 19:55 UTC (permalink / raw)
To: buildroot; +Cc: Florian Larysch
Ever since upstream commit 01dd6da ("Rework the entire API"), first
introduced as part of release v3.0.0, openssl is a hard requirement for
building libjwt. As such, "-DWITH_OPENSSL=ON" also has become a no-op.
In Buildroot, this has been masked somewhat by the implicit select when
gnutls is disabled, but a failure can be reproduced using test-pkg with
a config like:
BR2_PACKAGE_GNUTLS=y
BR2_PACKAGE_LIBJWT=y
Fix this by requiring openssl. Furthermore, building against libressl
does not work because libjwt requires API surface that is not present
there[1], so we need to force libopenssl.
libjwt still supports linking against additional crypto providers, so we
can still link against gnutls if it is present.
[1] https://autobuild.buildroot.org/results/463/4638a7d46c149ca0f46d3fe5f5f90dc5ee9d1e03
Signed-off-by: Florian Larysch <fl@n621.de>
---
package/libjwt/Config.in | 3 ++-
package/libjwt/libjwt.mk | 7 ++-----
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/package/libjwt/Config.in b/package/libjwt/Config.in
index 39d1665e0e..47eb0882a3 100644
--- a/package/libjwt/Config.in
+++ b/package/libjwt/Config.in
@@ -1,6 +1,7 @@
config BR2_PACKAGE_LIBJWT
bool "libjwt"
- select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_GNUTLS
+ select BR2_PACKAGE_OPENSSL
+ select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
select BR2_PACKAGE_JANSSON
help
JSON Web Tokens are an open, industry standard RFC 7519
diff --git a/package/libjwt/libjwt.mk b/package/libjwt/libjwt.mk
index 29ca9cebf4..687432142f 100644
--- a/package/libjwt/libjwt.mk
+++ b/package/libjwt/libjwt.mk
@@ -7,7 +7,7 @@
LIBJWT_VERSION = 3.2.0
LIBJWT_SITE = https://github.com/benmcollins/libjwt/releases/download/v$(LIBJWT_VERSION)
LIBJWT_SOURCE = libjwt-$(LIBJWT_VERSION).tar.xz
-LIBJWT_DEPENDENCIES = host-pkgconf jansson
+LIBJWT_DEPENDENCIES = host-pkgconf jansson openssl
LIBJWT_INSTALL_STAGING = YES
LIBJWT_LICENSE = MPL-2.0
LIBJWT_LICENSE_FILES = LICENSE
@@ -16,10 +16,7 @@ LIBJWT_CPE_ID_PRODUCT = jwt_c_library
LIBJWT_CONF_OPTS += -DWITH_TESTS=OFF
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-LIBJWT_CONF_OPTS += -DWITH_OPENSSL=ON
-LIBJWT_DEPENDENCIES += openssl
-else
+ifeq ($(BR2_PACKAGE_GNUTLS),y)
LIBJWT_CONF_OPTS += -DWITH_GNUTLS=ON
LIBJWT_DEPENDENCIES += gnutls
endif
--
2.50.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/libjwt: require openssl
2025-08-16 19:55 [Buildroot] [PATCH 1/1] package/libjwt: require openssl Florian Larysch
@ 2025-08-16 20:17 ` Peter Korsgaard
2025-08-16 20:43 ` Florian Larysch
2025-09-08 10:56 ` Thomas Perale via buildroot
1 sibling, 1 reply; 5+ messages in thread
From: Peter Korsgaard @ 2025-08-16 20:17 UTC (permalink / raw)
To: Florian Larysch; +Cc: buildroot
>>>>> "Florian" == Florian Larysch <fl@n621.de> writes:
> Ever since upstream commit 01dd6da ("Rework the entire API"), first
> introduced as part of release v3.0.0, openssl is a hard requirement for
> building libjwt. As such, "-DWITH_OPENSSL=ON" also has become a no-op.
> In Buildroot, this has been masked somewhat by the implicit select when
> gnutls is disabled, but a failure can be reproduced using test-pkg with
> a config like:
> BR2_PACKAGE_GNUTLS=y
> BR2_PACKAGE_LIBJWT=y
> Fix this by requiring openssl. Furthermore, building against libressl
> does not work because libjwt requires API surface that is not present
> there[1], so we need to force libopenssl.
> libjwt still supports linking against additional crypto providers, so we
> can still link against gnutls if it is present.
> [1] https://autobuild.buildroot.org/results/463/4638a7d46c149ca0f46d3fe5f5f90dc5ee9d1e03
While it can work with the combination gnutls + libopenssl, would there
be any advantage over just using openssl for everything?
> Signed-off-by: Florian Larysch <fl@n621.de>
> ---
> package/libjwt/Config.in | 3 ++-
> package/libjwt/libjwt.mk | 7 ++-----
> 2 files changed, 4 insertions(+), 6 deletions(-)
> diff --git a/package/libjwt/Config.in b/package/libjwt/Config.in
> index 39d1665e0e..47eb0882a3 100644
> --- a/package/libjwt/Config.in
> +++ b/package/libjwt/Config.in
> @@ -1,6 +1,7 @@
> config BR2_PACKAGE_LIBJWT
> bool "libjwt"
> - select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_GNUTLS
> + select BR2_PACKAGE_OPENSSL
> + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
> select BR2_PACKAGE_JANSSON
> help
> JSON Web Tokens are an open, industry standard RFC 7519
> diff --git a/package/libjwt/libjwt.mk b/package/libjwt/libjwt.mk
> index 29ca9cebf4..687432142f 100644
> --- a/package/libjwt/libjwt.mk
> +++ b/package/libjwt/libjwt.mk
> @@ -7,7 +7,7 @@
> LIBJWT_VERSION = 3.2.0
> LIBJWT_SITE = https://github.com/benmcollins/libjwt/releases/download/v$(LIBJWT_VERSION)
> LIBJWT_SOURCE = libjwt-$(LIBJWT_VERSION).tar.xz
> -LIBJWT_DEPENDENCIES = host-pkgconf jansson
> +LIBJWT_DEPENDENCIES = host-pkgconf jansson openssl
> LIBJWT_INSTALL_STAGING = YES
> LIBJWT_LICENSE = MPL-2.0
> LIBJWT_LICENSE_FILES = LICENSE
> @@ -16,10 +16,7 @@ LIBJWT_CPE_ID_PRODUCT = jwt_c_library
> LIBJWT_CONF_OPTS += -DWITH_TESTS=OFF
> -ifeq ($(BR2_PACKAGE_OPENSSL),y)
> -LIBJWT_CONF_OPTS += -DWITH_OPENSSL=ON
> -LIBJWT_DEPENDENCIES += openssl
> -else
> +ifeq ($(BR2_PACKAGE_GNUTLS),y)
> LIBJWT_CONF_OPTS += -DWITH_GNUTLS=ON
> LIBJWT_DEPENDENCIES += gnutls
> endif
> --
> 2.50.1
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/libjwt: require openssl
2025-08-16 20:17 ` Peter Korsgaard
@ 2025-08-16 20:43 ` Florian Larysch
2025-08-21 21:05 ` Peter Korsgaard
0 siblings, 1 reply; 5+ messages in thread
From: Florian Larysch @ 2025-08-16 20:43 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
On Sat, Aug 16, 2025 at 10:17:47PM +0200, Peter Korsgaard wrote:
> While it can work with the combination gnutls + libopenssl, would there
> be any advantage over just using openssl for everything?
I've been wondering about this as well. It seems that applications using
libjwt can select between backends using an API call[1]. There don't
seem to be any feature differences between gnutls and openssl in my
cursory reading of the code. Furthermore, I could find no public use of
the backend switching API beyond libjwt's own test cases.
There seem to have been differences in feature completeness in the past
though[2][3], so it's possible that this is vestigial and/or the author
doesn't want to break existing applications more than necessary.
We could remove it from Buildroot entirely (though libjwt will still
automatically link to it when it detects gnutls in its sysroot via
pkg-config[4]), but it also doesn't hurt much as it doesn't enable the
gnutls dependency itself, so the overhead just is linking another object
file into the library
Florian
[1] https://github.com/benmcollins/libjwt/blob/7363e617457f83d46186b3ae56407aa7ca1a02e5/include/jwt.h#L1693-L1703
[2] https://github.com/benmcollins/libjwt/blob/0f2f95310232a290c7672cdaf0d8003533013b5c/libjwt/jwt-gnutls.c#L160
[3] https://github.com/benmcollins/libjwt/blob/0f2f95310232a290c7672cdaf0d8003533013b5c/libjwt/jwt-openssl.c#L452
[4] https://github.com/benmcollins/libjwt/blob/7363e617457f83d46186b3ae56407aa7ca1a02e5/CMakeLists.txt#L37
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libjwt: require openssl
2025-08-16 20:43 ` Florian Larysch
@ 2025-08-21 21:05 ` Peter Korsgaard
0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2025-08-21 21:05 UTC (permalink / raw)
To: Florian Larysch; +Cc: buildroot
>>>>> "Florian" == Florian Larysch <fl@n621.de> writes:
> On Sat, Aug 16, 2025 at 10:17:47PM +0200, Peter Korsgaard wrote:
>> While it can work with the combination gnutls + libopenssl, would there
>> be any advantage over just using openssl for everything?
> I've been wondering about this as well. It seems that applications using
> libjwt can select between backends using an API call[1]. There don't
> seem to be any feature differences between gnutls and openssl in my
> cursory reading of the code. Furthermore, I could find no public use of
> the backend switching API beyond libjwt's own test cases.
> There seem to have been differences in feature completeness in the past
> though[2][3], so it's possible that this is vestigial and/or the author
> doesn't want to break existing applications more than necessary.
> We could remove it from Buildroot entirely (though libjwt will still
> automatically link to it when it detects gnutls in its sysroot via
> pkg-config[4]), but it also doesn't hurt much as it doesn't enable the
> gnutls dependency itself, so the overhead just is linking another object
> file into the library
OK. Committed after dropping the gnutls support, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libjwt: require openssl
2025-08-16 19:55 [Buildroot] [PATCH 1/1] package/libjwt: require openssl Florian Larysch
2025-08-16 20:17 ` Peter Korsgaard
@ 2025-09-08 10:56 ` Thomas Perale via buildroot
1 sibling, 0 replies; 5+ messages in thread
From: Thomas Perale via buildroot @ 2025-09-08 10:56 UTC (permalink / raw)
To: Florian Larysch; +Cc: Thomas Perale, buildroot
In reply of:
> Ever since upstream commit 01dd6da ("Rework the entire API"), first
> introduced as part of release v3.0.0, openssl is a hard requirement for
> building libjwt. As such, "-DWITH_OPENSSL=ON" also has become a no-op.
>
> In Buildroot, this has been masked somewhat by the implicit select when
> gnutls is disabled, but a failure can be reproduced using test-pkg with
> a config like:
>
> BR2_PACKAGE_GNUTLS=y
> BR2_PACKAGE_LIBJWT=y
>
> Fix this by requiring openssl. Furthermore, building against libressl
> does not work because libjwt requires API surface that is not present
> there[1], so we need to force libopenssl.
>
> libjwt still supports linking against additional crypto providers, so we
> can still link against gnutls if it is present.
>
> [1] https://autobuild.buildroot.org/results/463/4638a7d46c149ca0f46d3fe5f5f90dc5ee9d1e03
>
> Signed-off-by: Florian Larysch <fl@n621.de>
Applied to 2025.05.x. Thanks
> ---
> package/libjwt/Config.in | 3 ++-
> package/libjwt/libjwt.mk | 7 ++-----
> 2 files changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/package/libjwt/Config.in b/package/libjwt/Config.in
> index 39d1665e0e..47eb0882a3 100644
> --- a/package/libjwt/Config.in
> +++ b/package/libjwt/Config.in
> @@ -1,6 +1,7 @@
> config BR2_PACKAGE_LIBJWT
> bool "libjwt"
> - select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_GNUTLS
> + select BR2_PACKAGE_OPENSSL
> + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
> select BR2_PACKAGE_JANSSON
> help
> JSON Web Tokens are an open, industry standard RFC 7519
> diff --git a/package/libjwt/libjwt.mk b/package/libjwt/libjwt.mk
> index 29ca9cebf4..687432142f 100644
> --- a/package/libjwt/libjwt.mk
> +++ b/package/libjwt/libjwt.mk
> @@ -7,7 +7,7 @@
> LIBJWT_VERSION = 3.2.0
> LIBJWT_SITE = https://github.com/benmcollins/libjwt/releases/download/v$(LIBJWT_VERSION)
> LIBJWT_SOURCE = libjwt-$(LIBJWT_VERSION).tar.xz
> -LIBJWT_DEPENDENCIES = host-pkgconf jansson
> +LIBJWT_DEPENDENCIES = host-pkgconf jansson openssl
> LIBJWT_INSTALL_STAGING = YES
> LIBJWT_LICENSE = MPL-2.0
> LIBJWT_LICENSE_FILES = LICENSE
> @@ -16,10 +16,7 @@ LIBJWT_CPE_ID_PRODUCT = jwt_c_library
>
> LIBJWT_CONF_OPTS += -DWITH_TESTS=OFF
>
> -ifeq ($(BR2_PACKAGE_OPENSSL),y)
> -LIBJWT_CONF_OPTS += -DWITH_OPENSSL=ON
> -LIBJWT_DEPENDENCIES += openssl
> -else
> +ifeq ($(BR2_PACKAGE_GNUTLS),y)
> LIBJWT_CONF_OPTS += -DWITH_GNUTLS=ON
> LIBJWT_DEPENDENCIES += gnutls
> endif
> --
> 2.50.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-08 10:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-16 19:55 [Buildroot] [PATCH 1/1] package/libjwt: require openssl Florian Larysch
2025-08-16 20:17 ` Peter Korsgaard
2025-08-16 20:43 ` Florian Larysch
2025-08-21 21:05 ` Peter Korsgaard
2025-09-08 10:56 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox