From 0ccd4149881113f5c8344ab0cefcf984ade50b1c Mon Sep 17 00:00:00 2001 From: Alex Stewart Date: Wed, 9 Jun 2021 16:10:44 -0500 Subject: [PATCH] opkg: add QA check for openssl feed verification Feed signature checking with OpenSSL will be deprecated in the next release of opkg. Upstream ML Announcement: https://groups.google.com/g/opkg-devel/c/drqw5_HuXuU The opkg-0.4.5 configure.ac already throws a warning when `--enable-openssl` is requested. Add a temporary QA check to the opkg recipe, which will throw a warning to the builder when they have `openssl` enabled in their opkg PACKAGECONFIG. This will give builders some time to either change their feed verification mechanism, or raise their use-case with upstream. Signed-off-by: Alex Stewart Signed-off-by: Richard Purdie --- meta/recipes-devtools/opkg/opkg_0.4.5.bb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta/recipes-devtools/opkg/opkg_0.4.5.bb b/meta/recipes-devtools/opkg/opkg_0.4.5.bb index bc948647c8..56d6211aee 100644 --- a/meta/recipes-devtools/opkg/opkg_0.4.5.bb +++ b/meta/recipes-devtools/opkg/opkg_0.4.5.bb @@ -60,6 +60,19 @@ do_install_ptest () { sed -i -e '/@PYTHONPATH=. $(PYTHON) $^/a\\t@if [ "$$?" != "0" ];then echo "FAIL:"$^;else echo "PASS:"$^;fi' ${D}${PTEST_PATH}/tests/Makefile } +WARN_QA_append += "openssl-deprecation" +QAPKGTEST[openssl-deprecation] = "package_qa_check_openssl_deprecation" +def package_qa_check_openssl_deprecation (package, d, messages): + sane = True + + pkgconfig = (d.getVar("PACKAGECONFIG") or "").split() + if pkgconfig and 'openssl' in pkgconfig: + package_qa_add_message(messages, 'openssl-deprecation', '"openssl" in opkg.bb PACKAGECONFIG. Feed signature checking with OpenSSL will be deprecated in the next opkg release. Consider using GPG checking instead.') + sane = False + + return sane + + RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives} opkg-arch-config libarchive" RDEPENDS_${PN}_class-native = "" RDEPENDS_${PN}_class-nativesdk = "" -- 2.40.1