* [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency
@ 2023-11-15 21:52 Piotr Łobacz
2023-11-15 21:52 ` [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE Piotr Łobacz
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Piotr Łobacz @ 2023-11-15 21:52 UTC (permalink / raw)
To: openembedded-core; +Cc: Piotr Łobacz
By default curl is being configured with:
--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
which causes an issue for native build, when calling
curl-native command, as certificates file is missing.
Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
---
meta/recipes-support/curl/curl_8.4.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-support/curl/curl_8.4.0.bb b/meta/recipes-support/curl/curl_8.4.0.bb
index 5f97730bf4..f0e09868f6 100644
--- a/meta/recipes-support/curl/curl_8.4.0.bb
+++ b/meta/recipes-support/curl/curl_8.4.0.bb
@@ -130,6 +130,7 @@ PACKAGES =+ "lib${BPN}"
FILES:lib${BPN} = "${libdir}/lib*.so.*"
RRECOMMENDS:lib${BPN} += "ca-certificates"
+DEPENDS:append:class-native = " ca-certificates-native"
FILES:${PN} += "${datadir}/zsh"
--
2.42.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE
2023-11-15 21:52 [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Piotr Łobacz
@ 2023-11-15 21:52 ` Piotr Łobacz
2023-11-15 22:19 ` Richard Purdie
2023-11-15 22:17 ` [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Richard Purdie
2023-11-16 12:00 ` Ross Burton
2 siblings, 1 reply; 8+ messages in thread
From: Piotr Łobacz @ 2023-11-15 21:52 UTC (permalink / raw)
To: openembedded-core; +Cc: Piotr Łobacz
As curl-native needs CA bundle for establishing secure connection,
its installation is required in native environment.
Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
---
.../recipes-support/ca-certificates/ca-certificates_20211016.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
index 99abe60613..0d55bae845 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
@@ -86,4 +86,6 @@ RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
RDEPENDS:${PN}:append:class-native = " openssl-native"
RDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
+SYSROOT_DIRS_NATIVE += "${sysconfdir}/ssl/certs"
+
BBCLASSEXTEND = "native nativesdk"
--
2.42.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency
2023-11-15 21:52 [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Piotr Łobacz
2023-11-15 21:52 ` [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE Piotr Łobacz
@ 2023-11-15 22:17 ` Richard Purdie
2023-11-15 22:43 ` Piotr Łobacz
[not found] ` <1797ED345C35561D.20281@lists.openembedded.org>
2023-11-16 12:00 ` Ross Burton
2 siblings, 2 replies; 8+ messages in thread
From: Richard Purdie @ 2023-11-15 22:17 UTC (permalink / raw)
To: Piotr Łobacz, openembedded-core
On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> By default curl is being configured with:
>
> --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
>
> which causes an issue for native build, when calling
> curl-native command, as certificates file is missing.
>
> Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> ---
> meta/recipes-support/curl/curl_8.4.0.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-support/curl/curl_8.4.0.bb b/meta/recipes-support/curl/curl_8.4.0.bb
> index 5f97730bf4..f0e09868f6 100644
> --- a/meta/recipes-support/curl/curl_8.4.0.bb
> +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> @@ -130,6 +130,7 @@ PACKAGES =+ "lib${BPN}"
>
> FILES:lib${BPN} = "${libdir}/lib*.so.*"
> RRECOMMENDS:lib${BPN} += "ca-certificates"
> +DEPENDS:append:class-native = " ca-certificates-native"
>
> FILES:${PN} += "${datadir}/zsh"
>
I think this can be an RDEPENDS:${PN}:append:class-native which would
have the advantage of not blocking the build of curl-native on ca-certs
and only require it at runtime for running it?
I suspect bitbake is struggling to "see" the RRECOMENDS on a non-PN
package for the native recipe extension.
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE
2023-11-15 21:52 ` [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE Piotr Łobacz
@ 2023-11-15 22:19 ` Richard Purdie
2023-11-15 22:45 ` Piotr Łobacz
0 siblings, 1 reply; 8+ messages in thread
From: Richard Purdie @ 2023-11-15 22:19 UTC (permalink / raw)
To: Piotr Łobacz, openembedded-core
On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> As curl-native needs CA bundle for establishing secure connection,
> its installation is required in native environment.
>
> Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> ---
> .../recipes-support/ca-certificates/ca-certificates_20211016.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> index 99abe60613..0d55bae845 100644
> --- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> +++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> @@ -86,4 +86,6 @@ RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
> RDEPENDS:${PN}:append:class-native = " openssl-native"
> RDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
>
> +SYSROOT_DIRS_NATIVE += "${sysconfdir}/ssl/certs"
> +
> BBCLASSEXTEND = "native nativesdk"
If I look at SYSROOT_DIRS_NATIVE in staging.bbclass, it has
${sysconfdir} already listed in it. That makes me wonder if this is
really needed?
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency
2023-11-15 22:17 ` [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Richard Purdie
@ 2023-11-15 22:43 ` Piotr Łobacz
[not found] ` <1797ED345C35561D.20281@lists.openembedded.org>
1 sibling, 0 replies; 8+ messages in thread
From: Piotr Łobacz @ 2023-11-15 22:43 UTC (permalink / raw)
To: openembedded-core@lists.openembedded.org, Richard Purdie
Dnia środa, 15 listopada 2023 23:17:40 CET Richard Purdie pisze:
> On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> > By default curl is being configured with:
> >
> > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> >
> > which causes an issue for native build, when calling
> > curl-native command, as certificates file is missing.
> >
> > Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> > ---
> >
> > meta/recipes-support/curl/curl_8.4.0.bb | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
> > b/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..f0e09868f6
> > 100644
> > --- a/meta/recipes-support/curl/curl_8.4.0.bb
> > +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> > @@ -130,6 +130,7 @@ PACKAGES =+ "lib${BPN}"
> >
> > FILES:lib${BPN} = "${libdir}/lib*.so.*"
> > RRECOMMENDS:lib${BPN} += "ca-certificates"
> >
> > +DEPENDS:append:class-native = " ca-certificates-native"
> >
> > FILES:${PN} += "${datadir}/zsh"
>
> I think this can be an RDEPENDS:${PN}:append:class-native which would
> have the advantage of not blocking the build of curl-native on ca-certs
> and only require it at runtime for running it?
I can test it and get back to you with answer if it is working for me
>
> I suspect bitbake is struggling to "see" the RRECOMENDS on a non-PN
> package for the native recipe extension.
curl-native has already RRECOMMENDS:lib${BPN} += "ca-certificates" but it was
not working for me without DEPENDS:append:class-native = " ca-certificates-
native"
>
> Cheers,
>
> Richard
BR
Piotr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE
2023-11-15 22:19 ` Richard Purdie
@ 2023-11-15 22:45 ` Piotr Łobacz
0 siblings, 0 replies; 8+ messages in thread
From: Piotr Łobacz @ 2023-11-15 22:45 UTC (permalink / raw)
To: openembedded-core@lists.openembedded.org, Richard Purdie
Dnia środa, 15 listopada 2023 23:19:40 CET Richard Purdie pisze:
> On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> > As curl-native needs CA bundle for establishing secure connection,
> > its installation is required in native environment.
> >
> > Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> > ---
> >
> > .../recipes-support/ca-certificates/ca-certificates_20211016.bb | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git
> > a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> > b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb index
> > 99abe60613..0d55bae845 100644
> > --- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> > +++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
> > @@ -86,4 +86,6 @@ RDEPENDS:${PN}:append:class-target = " openssl-bin
> > openssl">
> > RDEPENDS:${PN}:append:class-native = " openssl-native"
> > RDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin
> > nativesdk-openssl">
> > +SYSROOT_DIRS_NATIVE += "${sysconfdir}/ssl/certs"
> > +
> >
> > BBCLASSEXTEND = "native nativesdk"
>
> If I look at SYSROOT_DIRS_NATIVE in staging.bbclass, it has
> ${sysconfdir} already listed in it. That makes me wonder if this is
> really needed?
Yeah, I see it but somehow it was not working without it, need to test it
more...
>
> Cheers,
>
> Richard
BR
Piotr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency
2023-11-15 21:52 [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Piotr Łobacz
2023-11-15 21:52 ` [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE Piotr Łobacz
2023-11-15 22:17 ` [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Richard Purdie
@ 2023-11-16 12:00 ` Ross Burton
2 siblings, 0 replies; 8+ messages in thread
From: Ross Burton @ 2023-11-16 12:00 UTC (permalink / raw)
To: p.lobacz@welotec.com; +Cc: OE Core mailing list
On 15 Nov 2023, at 21:52, Piotr Łobacz via lists.openembedded.org <p.lobacz=welotec.com@lists.openembedded.org> wrote:
>
> By default curl is being configured with:
>
> --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
>
> which causes an issue for native build, when calling
> curl-native command, as certificates file is missing.
I still don’t think this is the correct fix and simply works for you in testing as the curl-native build tree exists.
What’s your reproducer for the bug you’re seeing?
Ross
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency
[not found] ` <1797ED345C35561D.20281@lists.openembedded.org>
@ 2023-11-17 14:15 ` Piotr Łobacz
0 siblings, 0 replies; 8+ messages in thread
From: Piotr Łobacz @ 2023-11-17 14:15 UTC (permalink / raw)
To: openembedded-core@lists.openembedded.org, Richard Purdie
Cc: Piotr Łobacz
Dnia środa, 15 listopada 2023 23:43:06 CET Piotr Łobacz via
lists.openembedded.org pisze:
> Dnia środa, 15 listopada 2023 23:17:40 CET Richard Purdie pisze:
> > On Wed, 2023-11-15 at 22:52 +0100, Piotr Łobacz wrote:
> > > By default curl is being configured with:
> > >
> > > --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt
> > >
> > > which causes an issue for native build, when calling
> > > curl-native command, as certificates file is missing.
> > >
> > > Signed-off-by: Piotr Łobacz <p.lobacz@welotec.com>
> > > ---
> > >
> > > meta/recipes-support/curl/curl_8.4.0.bb | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/meta/recipes-support/curl/curl_8.4.0.bb
> > > b/meta/recipes-support/curl/curl_8.4.0.bb index 5f97730bf4..f0e09868f6
> > > 100644
> > > --- a/meta/recipes-support/curl/curl_8.4.0.bb
> > > +++ b/meta/recipes-support/curl/curl_8.4.0.bb
> > > @@ -130,6 +130,7 @@ PACKAGES =+ "lib${BPN}"
> > >
> > > FILES:lib${BPN} = "${libdir}/lib*.so.*"
> > > RRECOMMENDS:lib${BPN} += "ca-certificates"
> > >
> > > +DEPENDS:append:class-native = " ca-certificates-native"
> > >
> > > FILES:${PN} += "${datadir}/zsh"
> >
> > I think this can be an RDEPENDS:${PN}:append:class-native which would
> > have the advantage of not blocking the build of curl-native on ca-certs
> > and only require it at runtime for running it?
>
> I can test it and get back to you with answer if it is working for me
OK this will not work as I expected, because as written in patch's comment,
the --with-ca-bundle is being set to:
${sysconfdir}/ssl/certs/ca-certificates.crt
and this expands on native to:
build/tmp-glibc/work/x86_64-linux/curl-native/7.82.0-r0/recipe-sysroot-native/
etc/ssl/certs/ca-certificates.crt
So in general I need to use DEPENDS instead of RDEPENDS or just set --with-ca-
bundle with different path in case of EXTRA_OECONF::class-native.
Unfortunately as I already checked the ${sysconfdir} in --with-ca-bundle is
being converted to value before passing to --with-ca-bundle and thus it always
equals:
build/tmp-glibc/work/x86_64-linux/curl-native/7.82.0-r0/recipe-sysroot-native/
etc
meaning that even if I run curl-native from different recipe sysroot native it
is already set with it and searches for it in that path.
The other option is to unset --with-ca-bundle for native and than it will
search for it in common places set in the source code, which works but still
it may/will use ca-certificate.crt stored not in recipe sysroot native but from
the host system which is obviously not the way we want it to.
My propousal would be to somehow pass a different variable than ${sysconfdir}
into --with-ca-bundle which will be set in sysroot native instead of bitbake
and when curl-native is being run expanded to proper path, but I dunno if
there is such?
BR
Piotr
>
> > I suspect bitbake is struggling to "see" the RRECOMENDS on a non-PN
> > package for the native recipe extension.
>
> curl-native has already RRECOMMENDS:lib${BPN} += "ca-certificates" but it
> was not working for me without DEPENDS:append:class-native = "
> ca-certificates- native"
>
> > Cheers,
> >
> > Richard
>
> BR
> Piotr
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-11-17 14:15 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-15 21:52 [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Piotr Łobacz
2023-11-15 21:52 ` [OE-Core][PATCH v2 2/2] ca-certificates-native: add certs path to SYSROOT_DIRS_NATIVE Piotr Łobacz
2023-11-15 22:19 ` Richard Purdie
2023-11-15 22:45 ` Piotr Łobacz
2023-11-15 22:17 ` [OE-Core][PATCH v2 1/2] curl-native: add missing ca-certificates-native dependency Richard Purdie
2023-11-15 22:43 ` Piotr Łobacz
[not found] ` <1797ED345C35561D.20281@lists.openembedded.org>
2023-11-17 14:15 ` Piotr Łobacz
2023-11-16 12:00 ` Ross Burton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox