From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: buildroot@busybox.net, Nicola Di Lieto <nicola.dilieto@gmail.com>
Subject: Re: [Buildroot] [RFC PATCH v2] package/uacme: requires TLS support in libcurl
Date: Sun, 17 Jul 2022 12:09:15 +0300 [thread overview]
Message-ID: <87pmi4xfph.fsf@tarshish> (raw)
In-Reply-To: <20220717090719.GE2543@scaer>
Hi Yann,
On Sun, Jul 17 2022, Yann E. MORIN wrote:
> On 2022-07-14 08:49 +0300, Baruch Siach via buildroot spake thusly:
>> uacme configure script fails when libcurl does not support TLS. This
>> means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme. But
>> there is no way to change the choice to something other than
>> BR2_PACKAGE_LIBCURL_TLS_NONE. So instead make uacme depend on libcurl
>> and !BR2_PACKAGE_LIBCURL_TLS_NONE.
>>
>> As a result we can no longer select BR2_PACKAGE_OPENSSL since it causes
>> recursive dependency. Use 'depend on' instead, and add a comment to
>> explain this uncommon choice.
>>
>> Fixes:
>> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
>> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
>> http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
>>
>> Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
>> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> ---
>> v2:
>> Add dependency on crypto back end for uacme itself (Nicola Di Lieto)
>> ---
>> package/uacme/Config.in | 12 ++++++++++--
>> 1 file changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/package/uacme/Config.in b/package/uacme/Config.in
>> index 58b7c534e73d..815ab5da7d61 100644
>> --- a/package/uacme/Config.in
>> +++ b/package/uacme/Config.in
>> @@ -1,8 +1,9 @@
>> config BR2_PACKAGE_UACME
>> bool "uacme"
>> depends on BR2_USE_MMU # fork()
>> - select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
>> - select BR2_PACKAGE_LIBCURL
>> + # We can not use select here as it causes recursive dependency
>> + depends on BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS
>> + depends on BR2_PACKAGE_LIBCURL && !BR2_PACKAGE_LIBCURL_TLS_NONE
>
> I don't think this is correct. Indeed, even with one of those packages
> enabled, there is nothing that prevents libcurl to be linked with
> another TLS provider, as that is decided with the choice entries, not
> with the packages being enabled.
>
> Instead, what about:
>
> depends on BR2_PACKAGE_LIBCURL_OPENSSL \
> || BR2_PACKAGE_LIBCURL_GNUTLS \
> || BR2_PACKAGE_LIBCURL_MBEDTLS
>
> That way, it encodes both the fact that libcurl is enabled, *and* that
> is has the proper TLS support enabled.
As Nicola explained on v1, uacme does not care which crypto back end
libcurl uses, as long as there is one.
https://lore.kernel.org/all/Ys5vPCrxDXWvj+ok@einstein.dilieto.eu/
Regardless of that, uacme requires one of these crypt back ends for its
own use. So I think these dependencies are correct.
>> help
>> uacme is a client for the ACMEv2 protocol described in
>> RFC8555, written in plain C with minimal dependencies
>> @@ -14,6 +15,13 @@ config BR2_PACKAGE_UACME
>>
>> https://github.com/ndilieto/uacme
>>
>> +comment "uacme needs one of openssl, gnutls or mbedtls"
>> + depends on !BR2_PACKAGE_OPENSSL && !BR2_PACKAGE_GNUTLS && !BR2_PACKAGE_MBEDTLS
>
> That's not correct. It would be better to phrase it, as Nicola suggested
> in their review of v1:
>
> comment "uacme needs libcurl with openssl, gnutls or mbedtls"
> depends on BR2_USE_MMU
> depends on !BR2_PACKAGE_LIBCURL_OPENSSL \
> && !BR2_PACKAGE_LIBCURL_GNUTLS \
> && !BR2_PACKAGE_LIBCURL_MBEDTLS
This is overly restrictive. See above.
>> +comment "uacme needs libcurl with TLS support"
>> + depends on BR2_USE_MMU
>> + depends on !BR2_PACKAGE_LIBCURL || BR2_PACKAGE_LIBCURL_TLS_NONE
>
> ... then this comment is no longer needed.
>
> Also, comments about packages being not available should go either
> before the main symbol, or after the conditional options. Otherwise, the
> sub-options are not indented below the main symbol. With your code:
>
> [*] uacme
> [ ] enable ualpn
>
> while we want:
>
> [*] uacme
> [ ] enable ualpn
>
> I'd have fixed that when applying, but I prefer to get some feedback
> about my proposal on the dependendcy condition.
I'll fix that if I send another iteration.
baruch
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-07-17 9:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 5:49 [Buildroot] [RFC PATCH v2] package/uacme: requires TLS support in libcurl Baruch Siach via buildroot
2022-07-14 8:05 ` Nicola Di Lieto
2022-07-17 9:07 ` Yann E. MORIN
2022-07-17 9:09 ` Baruch Siach via buildroot [this message]
2022-07-17 9:49 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmi4xfph.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=buildroot@busybox.net \
--cc=nicola.dilieto@gmail.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox