opkg: add QA check for openssl feed verification

Feed signature checking with OpenSSL will be deprecated in the next
release of opkg.

Upstream ML Announcement:
https://groups.google.com/g/opkg-devel/c/drqw5_HuXuU

The opkg-0.4.5 configure.ac already throws a warning when
`--enable-openssl` is requested.

Add a temporary QA check to the opkg recipe, which will throw a warning
to the builder when they have `openssl` enabled in their opkg
PACKAGECONFIG. This will give builders some time to either change their
feed verification mechanism, or raise their use-case with upstream.

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/opkg/opkg_0.4.5.bb b/meta/recipes-devtools/opkg/opkg_0.4.5.bb
index bc948647c804f3f24800275289ef3fd7dee9335f..56d6211aeeee8a8112b4ae1afcd8987f950fcbcb 100644 (file)
--- a/meta/recipes-devtools/opkg/opkg_0.4.5.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.4.5.bb
@@ -60,6 +60,19 @@ do_install_ptest () {
        sed -i -e '/@PYTHONPATH=. $(PYTHON) $^/a\\t@if [ "$$?" != "0" ];then echo "FAIL:"$^;else echo "PASS:"$^;fi' ${D}${PTEST_PATH}/tests/Makefile
 }
 
+WARN_QA_append += "openssl-deprecation"
+QAPKGTEST[openssl-deprecation] = "package_qa_check_openssl_deprecation"
+def package_qa_check_openssl_deprecation (package, d, messages):
+    sane = True
+
+    pkgconfig = (d.getVar("PACKAGECONFIG") or "").split()
+    if pkgconfig and 'openssl' in pkgconfig:
+        package_qa_add_message(messages, 'openssl-deprecation', '"openssl" in opkg.bb PACKAGECONFIG. Feed signature checking with OpenSSL will be deprecated in the next opkg release. Consider using GPG checking instead.')
+        sane = False
+
+    return sane
+
+
 RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives} opkg-arch-config libarchive"
 RDEPENDS_${PN}_class-native = ""
 RDEPENDS_${PN}_class-nativesdk = ""