[PATCH 2/3] openssl: Add legacy packageconfig option

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Colin Pinnell McAllister <colinmca242@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Colin Pinnell McAllister <colinmca242@gmail.com>
Subject: [PATCH 2/3] openssl: Add legacy packageconfig option
Date: Wed, 11 Feb 2026 12:49:16 -0600	[thread overview]
Message-ID: <20260211184917.1045939-3-colinmca242@gmail.com> (raw)
In-Reply-To: <20260211184917.1045939-1-colinmca242@gmail.com>

Add packageconfig option to enable legacy support (disabled by default).
The legacy module includes deprecated and unmaintained OpenSSL
components. The openssl-ossl-module-legacy package that includes the
module is now conditional on the packageconfig option being enabled.
Packages that depend on this package are also now conditional on the
packageconfig option.

Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
---
 meta/recipes-connectivity/openssl/openssl_3.5.5.bb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
index 6b9ccef0b5..c9d74002a7 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.5.bb
@@ -29,6 +29,7 @@ PACKAGECONFIG:class-native = ""
 PACKAGECONFIG:class-nativesdk = ""
 
 PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[legacy] = ",no-legacy"
 PACKAGECONFIG[tls1] = ",no-tls1"
 PACKAGECONFIG[tls1_1] = ",no-tls1_1"
 PACKAGECONFIG[manpages] = ""
@@ -257,7 +258,8 @@ pkg_postinst_ontarget:${PN}-ossl-module-fips () {
 # file to be installed for both the openssl-bin package and the libcrypto
 # package since the openssl-bin package depends on the libcrypto package.
 
-PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy ${PN}-ossl-module-fips"
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-fips"
+PACKAGES =+ "${@bb.utils.contains("PAKCAGECONFIG", "legacy", "${PN}-ossl-module-legacy", "", d)}"
 
 FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
 FILES:libssl = "${libdir}/libssl${SOLIBS}"
@@ -275,9 +277,11 @@ FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/open
 
 CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 
-RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
+RRECOMMENDS:libcrypto += "openssl-conf"
+RRECOMMENDS:libcrypto += "${@bb.utils.contains("PAKCAGECONFIG", "legacy", "${PN}-ossl-module-legacy", "", d)}"
 RDEPENDS:${PN}-misc = "perl"
-RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines"
+RDEPENDS:${PN}-ptest += "${@bb.utils.contains("PAKCAGECONFIG", "legacy", "${PN}-ossl-module-legacy", "", d)}"
 
 RDEPENDS:${PN}-bin += "openssl-conf"
 
-- 
2.53.0

next prev parent reply	other threads:[~2026-02-11 18:51 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-11 18:49 [PATCH 0/3] Disable OpenSSL and Python3-cryptography legacy features by default Colin Pinnell McAllister
2026-02-11 18:49 ` [PATCH 1/3] openssl: Disable TLS 1.x " Colin Pinnell McAllister
2026-02-11 18:49 ` Colin Pinnell McAllister [this message]
2026-02-13 18:23   ` [OE-core] [PATCH 2/3] openssl: Add legacy packageconfig option Peter Kjellerstedt
2026-02-11 18:49 ` [PATCH 3/3] python3-cryptography: Disable legacy-openssl by default Colin Pinnell McAllister
2026-02-12 16:38 ` [OE-core] [PATCH 0/3] Disable OpenSSL and Python3-cryptography legacy features " Mathieu Dubois-Briand
2026-02-13 15:36   ` Colin
2026-02-13 23:01 ` [PATCH v2 0/4] " Colin Pinnell McAllister
2026-02-13 23:01   ` [PATCH v2 1/4] python3: Backport TLS test fix Colin Pinnell McAllister
2026-02-13 23:01   ` [PATCH v2 2/4] openssl: Disable TLS 1.0/1.1 by default Colin Pinnell McAllister
2026-02-13 23:01   ` [PATCH v2 3/4] openssl: Add legacy packageconfig option Colin Pinnell McAllister
2026-02-13 23:01   ` [PATCH v2 4/4] python3-cryptography: Disable legacy-openssl by default Colin Pinnell McAllister
2026-02-15 16:43   ` [OE-core] [PATCH v2 0/4] Disable OpenSSL and Python3-cryptography legacy features " Mathieu Dubois-Briand
2026-02-15 18:03     ` Mathieu Dubois-Briand

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6b9ccef0b dfblob:c9d74002a )
 OR (
bs:"[PATCH 2/3] openssl: Add legacy packageconfig option" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260211184917.1045939-3-colinmca242@gmail.com \
    --to=colinmca242@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox