]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: e14b9f2)
openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>
Tue, 28 Aug 2018 10:23:12 +0000 (12:23 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 4 Sep 2018 10:03:31 +0000 (11:03 +0100)
I believe the time has come to do this: openssl 1.0 upstream support stops at the end
of 2019, and we do not want a situation where a supported YP release contains an
unsupported version of a critical security component.

Openssl 1.0 can still be utilized by depending on 'openssl10' recipe.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
34 files changed:
meta/conf/distro/include/default-versions.inc patch | blob | history
meta/conf/distro/include/maintainers.inc patch | blob | history
meta/recipes-connectivity/openssl/files/environment.d-openssl.sh [moved from meta/recipes-connectivity/openssl/openssl/environment.d-openssl.sh with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-Fix-build-with-clang-using-external-assembler.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-allow-manpages-to-be-disabled.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/0001-openssl-force-soft-link-to-avoid-rare-race.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/Makefiles-ptest.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/Use-SHA256-not-MD5-as-default-digest.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-musl-target.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/configure-targets.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/configure-targets.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/c_rehash-compat.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/debian-targets.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-dir.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/man-section.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-rpath.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/no-symbolic.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian/pic.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian/pic.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_digicert_malaysia.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/block_diginotar.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/soname.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/debian1.0.2/version-script.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/engines-install-in-libdir-ssl.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/oe-ldflags.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-c_rehash.sh with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl-fix-des.pod-error.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/openssl_fix_for_x32.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/parallel.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/parallel.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest-deps.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/ptest_makefile_deps.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-cflags.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/reproducible-mkbuildinf.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/run-ptest [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/run-ptest with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10/shared-libs.patch [moved from meta/recipes-connectivity/openssl/openssl-1.0.2p/shared-libs.patch with 100% similarity] patch | blob | history
meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb [moved from meta/recipes-connectivity/openssl/openssl_1.0.2p.bb with 91% similarity] patch | blob | history

diff --git a/meta/conf/distro/include/default-versions.inc b/meta/conf/distro/include/default-versions.inc
index 3d88e8f656a8290a1713d199869a875436ef4703..a6f331350eb00f3c4414a0d7ba3f373bd5e4e885 100644 (file)
--- a/meta/conf/distro/include/default-versions.inc
+++ b/meta/conf/distro/include/default-versions.inc
@@ -2,6 +2,3 @@
 # Default preferred versions
 #
 
-PREFERRED_VERSION_openssl ?= "1.0.%"
-PREFERRED_VERSION_openssl-native ?= "1.0.%"
-PREFERRED_VERSION_nativesdk-openssl ?= "1.0.%"
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 98b661d91116aa3cffe8898dd7734b7de460745f..c76f81fb63e13167948f44bd0d0a5851257b14fd 100644 (file)
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -503,6 +503,7 @@ RECIPE_MAINTAINER_pn-nss-myhostname = "Maxin B. John <maxin.john@intel.com>"
 RECIPE_MAINTAINER_pn-ofono = "Maxin B. John <maxin.john@intel.com>"
 RECIPE_MAINTAINER_pn-openssh = "Armin Kuster <akuster808@gmail.com>"
 RECIPE_MAINTAINER_pn-openssl = "Alexander Kanavin <alex.kanavin@gmail.com>"
+RECIPE_MAINTAINER_pn-openssl10 = "Alexander Kanavin <alex.kanavin@gmail.com>"
 RECIPE_MAINTAINER_pn-opkg = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
 RECIPE_MAINTAINER_pn-opkg-arch-config = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
 RECIPE_MAINTAINER_pn-opkg-keyrings = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb
similarity index 91%
rename from meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
rename to meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb
index dbcb000a265e2a832db6e8f95aaf5f4906dc867f..b7297fce021396e69c6015657756b6ad7131f0db 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2p.bb
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb
@@ -11,8 +11,6 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
 DEPENDS = "hostperl-runtime-native"
 DEPENDS_append_class-target = " openssl-native"
 
-PROVIDES += "openssl10"
-
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
@@ -56,6 +54,8 @@ SRC_URI_append_class-nativesdk = " \
 SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df"
 SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00"
 
+S = "${WORKDIR}/openssl-${PV}"
+
 UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
 
 inherit pkgconfig siteinfo multilib_header ptest manpages
@@ -326,20 +326,35 @@ do_install_ptest () {
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
 
-PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
 
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
+FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
 FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
 FILES_${PN}-misc = "${libdir}/ssl/misc"
 FILES_${PN} =+ "${libdir}/ssl/*"
 FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
 
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
 
-RRECOMMENDS_libcrypto += "openssl-conf"
+RRECOMMENDS_libcrypto10 += "openssl10-conf"
 RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 
 BBCLASSEXTEND = "native nativesdk"
+PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
+
+# openssl 1.0 development files and executable binaries clash with openssl 1.1
+# files when installed into target rootfs. So we don't put them into
+# packages, but they continue to be provided via target sysroot for
+# cross-compilation on the host, if some software still depends on openssl 1.0.
+openssl_package_preprocess () {
+        for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
+                rm $file
+        done
+        rm ${PKGD}/usr/bin/openssl
+        rm ${PKGD}/usr/bin/c_rehash
+        rmdir ${PKGD}/usr/bin
+
+}
Mirror of the official openembedded-core repository