[OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[Piotr Łobacz]

By default curl is being configured with:

--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt

which causes an issue for native build, when calling
curl-native command, as certificates file is missing.

This commit fixes the issue.

Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
---
 meta/recipes-support/curl/curl_8.4.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/curl/curl_8.4.0.bb b/meta/recipes-support/curl/curl_8.4.0.bb
index 5f97730bf4..165a116139 100644
--- a/meta/recipes-support/curl/curl_8.4.0.bb
+++ b/meta/recipes-support/curl/curl_8.4.0.bb
@@ -130,7 +130,9 @@ PACKAGES =+ "lib${BPN}"
 
 FILES:lib${BPN} = "${libdir}/lib*.so.*"
 RRECOMMENDS:lib${BPN} += "ca-certificates"
+DEPENDS:append:class-native = " ca-certificates-native"
 
+SYSROOT_DIRS:append =" /etc/ssl/certs"
 FILES:${PN} += "${datadir}/zsh"
 
 inherit multilib_script
-- 
2.42.1

Re: [OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[Richard Purdie]

On Fri, 2023-11-10 at 20:37 +0100, Piotr Łobacz wrote:
> By default curl is being configured with:
> 
> --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> 
> which causes an issue for native build, when calling
> curl-native command, as certificates file is missing.
> 
> This commit fixes the issue.
> 
> Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> ---
>  meta/recipes-support/curl/curl_8.4.0.bb | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/meta/recipes-support/curl/curl_8.4.0.bb b/meta/recipes-support/curl/curl_8.4.0.bb
> index 5f97730bf4..165a116139 100644
> --- a/meta/recipes-support/curl/curl_8.4.0.bb
> +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> @@ -130,7 +130,9 @@ PACKAGES =+ "lib${BPN}"
>  
>  FILES:lib${BPN} = "${libdir}/lib*.so.*"
>  RRECOMMENDS:lib${BPN} += "ca-certificates"
> +DEPENDS:append:class-native = " ca-certificates-native"
>  
> +SYSROOT_DIRS:append =" /etc/ssl/certs"
>  FILES:${PN} += "${datadir}/zsh"
>  
>  inherit multilib_script

Adding the dependency I can understand but the SYSROOT_DIRS append
would need to be in the ca-certificates recipe to be of any use as I
understand it?

Also, wouldn't a += instead of a append work for SYSROOT_DIRS?

Cheers,

Richard

Re: [OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[Piotr Łobacz]

Dnia poniedziałek, 13 listopada 2023 12:35:23 CET Richard Purdie pisze:
> On Fri, 2023-11-10 at 20:37 +0100, Piotr Łobacz wrote:
> > By default curl is being configured with:
> > 
> > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> > 
> > which causes an issue for native build, when calling
> > curl-native command, as certificates file is missing.
> > 
> > This commit fixes the issue.
> > 
> > Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> > ---
> > 
> >  meta/recipes-support/curl/curl_8.4.0.bb | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
> > b/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..165a116139
> > 100644
> > --- a/meta/recipes-support/curl/curl_8.4.0.bb
> > +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> > @@ -130,7 +130,9 @@ PACKAGES =+ "lib${BPN}"
> > 
> >  FILES:lib${BPN} = "${libdir}/lib*.so.*"
> >  RRECOMMENDS:lib${BPN} += "ca-certificates"
> > 
> > +DEPENDS:append:class-native = " ca-certificates-native"
> > 
> > +SYSROOT_DIRS:append =" /etc/ssl/certs"
> > 
> >  FILES:${PN} += "${datadir}/zsh"
> >  
> >  inherit multilib_script
> 
> Adding the dependency I can understand but the SYSROOT_DIRS append
> would need to be in the ca-certificates recipe to be of any use as I
> understand it?

Yeah, my mistake ca-certificates recipe needs this sorry haven't noticed.
> 
> Also, wouldn't a += instead of a append work for SYSROOT_DIRS?

It should I can change it and test.

> 
> Cheers,
> 
> Richard

BR
Piotr

Re: [OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[Ross Burton]

On 10 Nov 2023, at 19:37, Piotr Łobacz via lists.openembedded.org <p.lobacz=welotec.com@lists.openembedded.org> wrote:
> 
> By default curl is being configured with:
> 
> --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> 
> which causes an issue for native build, when calling
> curl-native command, as certificates file is missing.
> 
> This commit fixes the issue.

I’m not sure what issue this is actually solving, unless something has changed in how curl is built.

curl-native has a hard-coded ca-bundle path to $sysconfdir/ssl/certs/ca-certificates.crt.  We can know exactly what this path is when curl-native is built:

$ bitbake-getvar -r curl-native sysconfdir
export sysconfdir="/yocto/ross/build-poky/tmp/work/aarch64-linux/curl-native/8.4.0/recipe-sysroot-native/etc”

This is the *work directory* of curl-native.

If you then link to curl-native in another native recipe and run the binary, that libcurl will continue to look in the curl-native work directory which does not exist if rm_work is being used or curl-native was taken from sstate.  This change does not solve that problem.

Ross

ODP: [OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[Piotr Łobacz]

[-- Attachment #1: Type: text/plain, Size: 1879 bytes --]

As Richard has noticed it was wrong, meaning part of the fix should be placed in ca-certificates and I even dunno why it was still working... Nevertheless I'm sending v2 patchest.

BR
Piotr
________________________________
Od: Ross Burton <Ross.Burton@arm.com>
Wysłane: poniedziałek, 13 listopada 2023 18:44
Do: Piotr Łobacz <p.lobacz@welotec.com>
DW: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Temat: Re: [OE-Core][PATCH] curl-native: add missing ca-certificates.crt file

[ross.burton@arm.com przypomina osobę, która wcześniej wysłała ci wiadomość e-mail, ale może nie być tą osobą. Dowiedz się, dlaczego może to stanowić zagrożenie dla https://aka.ms/LearnAboutSenderIdentification ]

On 10 Nov 2023, at 19:37, Piotr Łobacz via lists.openembedded.org <p.lobacz=welotec.com@lists.openembedded.org> wrote:
>
> By default curl is being configured with:
>
> --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
>
> which causes an issue for native build, when calling
> curl-native command, as certificates file is missing.
>
> This commit fixes the issue.

I’m not sure what issue this is actually solving, unless something has changed in how curl is built.

curl-native has a hard-coded ca-bundle path to $sysconfdir/ssl/certs/ca-certificates.crt.  We can know exactly what this path is when curl-native is built:

$ bitbake-getvar -r curl-native sysconfdir
export sysconfdir="/yocto/ross/build-poky/tmp/work/aarch64-linux/curl-native/8.4.0/recipe-sysroot-native/etc”

This is the *work directory* of curl-native.

If you then link to curl-native in another native recipe and run the binary, that libcurl will continue to look in the curl-native work directory which does not exist if rm_work is being used or curl-native was taken from sstate.  This change does not solve that problem.

Ross

[-- Attachment #2: Type: text/html, Size: 3412 bytes --]