* [PATCH 1/2] buildtools-tarball: move setting of envvars to respective envfile
@ 2025-04-08 9:38 changqing.li
2025-04-08 9:38 ` [PATCH 2/2] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS changqing.li
0 siblings, 1 reply; 3+ messages in thread
From: changqing.li @ 2025-04-08 9:38 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
* make git,curl,python3-requests align with openssl, move the setting of
envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
before export envvars
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
.../openssl/files/environment.d-openssl.sh | 9 ++++++---
meta/recipes-core/meta/buildtools-tarball.bb | 6 ------
meta/recipes-devtools/git/git/environment.d-git.sh | 3 +++
meta/recipes-devtools/git/git_2.49.0.bb | 9 +++++++++
.../environment.d-python3-requests.sh | 3 +++
.../python/python3-requests_2.32.3.bb | 11 +++++++++++
meta/recipes-support/curl/curl/environment.d-curl.sh | 3 +++
meta/recipes-support/curl/curl_8.12.1.bb | 9 +++++++++
8 files changed, 44 insertions(+), 9 deletions(-)
create mode 100644 meta/recipes-devtools/git/git/environment.d-git.sh
create mode 100644 meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
create mode 100644 meta/recipes-support/curl/curl/environment.d-curl.sh
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index d4b9047565..79b9bc77ec 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1,6 +1,9 @@
export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf"
-export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs"
-export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt"
+if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+ export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs"
+ export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt"
+ export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"
+fi
export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
-export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES"
+export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES"
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index e2ce5b3ecf..414c266663 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -73,12 +73,6 @@ create_sdk_files:append () {
touch $script
echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script
echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script
- if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then
- echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
- echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
- echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
- echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
- fi
echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script
echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script
echo 'unset HOST_PKG_PATH'
diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh
new file mode 100644
index 0000000000..18104f0528
--- /dev/null
+++ b/meta/recipes-devtools/git/git/environment.d-git.sh
@@ -0,0 +1,3 @@
+if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+ export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+fi
diff --git a/meta/recipes-devtools/git/git_2.49.0.bb b/meta/recipes-devtools/git/git_2.49.0.bb
index 2ca8711f75..3538170d08 100644
--- a/meta/recipes-devtools/git/git_2.49.0.bb
+++ b/meta/recipes-devtools/git/git_2.49.0.bb
@@ -12,6 +12,10 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \
"
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-git.sh \
+ "
+
S = "${WORKDIR}/git-${PV}"
LIC_FILES_CHKSUM = "\
@@ -112,6 +116,9 @@ do_install:append:class-nativesdk() {
GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \
GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR}
perl_native_fixup
+
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${UNPACKDIR}/environment.d-git.sh ${D}${SDKPATHNATIVE}/environment-setup.d/git.sh
}
FILES:${PN} += "${datadir}/git-core ${libexecdir}/git-core/"
@@ -152,6 +159,8 @@ FILES:${PN}-tk = " \
PACKAGES =+ "gitweb"
FILES:gitweb = "${datadir}/gitweb/"
+
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/git.sh"
RDEPENDS:gitweb = "perl"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
new file mode 100644
index 0000000000..f2eee203ca
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
@@ -0,0 +1,3 @@
+if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+ export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+fi
diff --git a/meta/recipes-devtools/python/python3-requests_2.32.3.bb b/meta/recipes-devtools/python/python3-requests_2.32.3.bb
index 4f0638b50c..bc9b2289f6 100644
--- a/meta/recipes-devtools/python/python3-requests_2.32.3.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.3.bb
@@ -3,10 +3,19 @@ HOMEPAGE = "https://requests.readthedocs.io"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-python3-requests.sh \
+"
+
SRC_URI[sha256sum] = "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"
inherit pypi python_setuptools_build_meta
+do_install:append:class-nativesdk() {
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${UNPACKDIR}/environment.d-python3-requests.sh ${D}${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh
+}
+
RDEPENDS:${PN} += " \
python3-certifi \
python3-email \
@@ -19,6 +28,8 @@ RDEPENDS:${PN} += " \
python3-compression \
"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh"
+
CVE_PRODUCT = "requests"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh
new file mode 100644
index 0000000000..0d53aabb8e
--- /dev/null
+++ b/meta/recipes-support/curl/curl/environment.d-curl.sh
@@ -0,0 +1,3 @@
+if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+ export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+fi
diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb
index dd1c89979a..4192693da8 100644
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -15,6 +15,11 @@ SRC_URI = " \
file://disable-tests \
file://no-test-timeout.patch \
"
+
+SRC_URI:append:class-nativesdk = " \
+ file://environment.d-curl.sh \
+"
+
SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c76de202"
# Curl has used many names over the years...
@@ -97,6 +102,9 @@ do_install:append:class-target() {
do_install:append:class-nativesdk() {
fix_absolute_paths
+
+ mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+ install -m 644 ${UNPACKDIR}/environment.d-curl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/curl.sh
}
do_compile_ptest() {
@@ -150,6 +158,7 @@ FILES:lib${BPN} = "${libdir}/lib*.so.*"
RRECOMMENDS:lib${BPN} += "ca-certificates"
FILES:${PN} += "${datadir}/zsh"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/curl.sh"
inherit multilib_script
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS
2025-04-08 9:38 [PATCH 1/2] buildtools-tarball: move setting of envvars to respective envfile changqing.li
@ 2025-04-08 9:38 ` changqing.li
2025-04-11 9:35 ` Changqing Li
0 siblings, 1 reply; 3+ messages in thread
From: changqing.li @ 2025-04-08 9:38 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
Here is one testcase:
For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1],
do_configure[network] = "1"
and it will git clone some repos in CMakeLists.txt
When buildtools is used and nativesdk-git is installed into sdk,
do_configure failed with error:
[1/9] Performing download step (git clone) for 'protobuf-populate'
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that
user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their
do_configure:prepend() to fix above do_configure failure
CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add
into BB_ENV_PASSTHROUGH_ADDITIONS
[1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
meta/recipes-devtools/git/git/environment.d-git.sh | 1 +
.../python/python3-requests/environment.d-python3-requests.sh | 1 +
meta/recipes-support/curl/curl/environment.d-curl.sh | 1 +
3 files changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh
index 18104f0528..f8e3221510 100644
--- a/meta/recipes-devtools/git/git/environment.d-git.sh
+++ b/meta/recipes-devtools/git/git/environment.d-git.sh
@@ -1,3 +1,4 @@
if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+ export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO"
fi
diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
index f2eee203ca..c7faec127d 100644
--- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
+++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh
@@ -1,3 +1,4 @@
if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+ export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE"
fi
diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh
index 0d53aabb8e..0ab83a267d 100644
--- a/meta/recipes-support/curl/curl/environment.d-curl.sh
+++ b/meta/recipes-support/curl/curl/environment.d-curl.sh
@@ -1,3 +1,4 @@
if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
+ export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE"
fi
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS
2025-04-08 9:38 ` [PATCH 2/2] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS changqing.li
@ 2025-04-11 9:35 ` Changqing Li
0 siblings, 0 replies; 3+ messages in thread
From: Changqing Li @ 2025-04-11 9:35 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]
Hi,
Following error is reported without this commit: "7ed9f4b7aa curl: only set CA bundle in target build"
Cloning into 'protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt
With commit "7ed9f4b7aa curl: only set CA bundle in target build", git clone still failed, but with another error:
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': SSL certificate problem: unable to get local issuer certificate
For native-curl, if we don't set --with-ca-bundle, since it is not cross-compile, it will detect the default CA cert bundle/path, that is host cert.
but for nativesdk-curl, it is detect as cross-compile(build=x86_64-linux, host=x86_64-pokysdk-linux), so no default CA cert bundle is detect. So report error "unable to get local issuer certificate".
I think we still need to add GIT_SSL_CAINFO/CURL_CA_BUNDLE/REQUESTS_CA_BUNDLE into BB_ENV_PASSTHROUGH_ADDITIONS.
But another patch is needed to try to make curl use host cert by default.
Regards
Changqing
[-- Attachment #2: Type: text/html, Size: 1320 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-04-11 9:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-08 9:38 [PATCH 1/2] buildtools-tarball: move setting of envvars to respective envfile changqing.li
2025-04-08 9:38 ` [PATCH 2/2] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS changqing.li
2025-04-11 9:35 ` Changqing Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox