OpenSSL supports out-of-tree builds so we should use them. This makes builds
more reliable, and makes it easier to reduce the size of the ptest package.
(From OE-Core rev: e028b4457781f60d8491a99a23011996fa913013)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously the ptest installation was simply a copy of the entire build tree,
which is terribly ugly.
Instead copy just the pieces we need, symlink to /usr as appropriate, and add
missing dependencies. Remove PRIVATE_LIBS as we don't ship copies of the
libraries now.
Also remember to do 'set -x' in run-ptest, so if the tests fail the runner
knows!
[ YOCTO #12965 ]
[ YOCTO #12967 ]
(From OE-Core rev: 7831d2d3a1069b9d3a8d32e41f0a292e1add56ba)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use dhcpd6.conf for DHCP IPv6 and dhpcd.conf for DHCP IPv4.
(From OE-Core rev: 0772ed9acf96c53b05e6ac19e1af78bbb1192a3b)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The comment here stated that openssl is dual-licensed, but that would
mean that either of the two licenses could be used which is *not* the
case [1]. However LICENSE = "openssl" *is* correct because in OE that
maps to a generic license file which includes both licenses, which
makes sense because there isn't really any such thing as OpenSSL that
would be covered by the "OpenSSL license" and not the "SSLeay license".
Correct the comment to avoid any confusion.
[1] https://www.openssl.org/source/license.html
(From OE-Core rev: 6c821ce6ecae789320b31ec55c83907d6dd78359)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The generated key file should try to have bind group so that if
the named daemon is started via '-u bind' option, which is the
default in OE core, we will not get startup failure because of
'permission denied' error.
(From OE-Core rev: fc4c4f40dbcf558a48058d944eef21e588d64aa0)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. The building openssl requires to install perl Text::Template module(>=1.46),
but Text::Template is a non core Perl module, openssl chooses to bundle
Text::Template 1.46 into the source, for convenience.
8ff2af5483
2. While Text::Template < 1.46, the produced build files are gravely faulty.
https://github.com/openssl/openssl/pull/6682
3. If host has installed Text::Template < 1.46 (such as CentOS-7.5 has Text::
Template 1.45). The mismatched old module was used although the right one in
openssl source.
So set PERL5LIB to use deterministic perl Text::Template module bundled
by openssl source and ignore the one of host
(From OE-Core rev: 5e7a75c226d4df0c066f04eaea014b8888c6bed2)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These patches are all upstream now, so mark as Backport.
(From OE-Core rev: 9a84114a279000329c2878a35f197a09217cd1fc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstreamable include-tweaking patches contained fragments that should be in
the not-upstreamable musl-specific res_ninit replacement, so move them to the
right patch.
(From OE-Core rev: 18fd5bc97e6b061eec4be0738f20fcbace6bdafe)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The case in ptest use `nm -Pg libcrypto.so' to check symbol presence,
if library is stripped or debug split, the case will fail.
The test case needs debug symbols then we just disable that test.
(From OE-Core rev: 28d3a4cb1ffb508018faebf088eabfd14bcf3113)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It adds ${libdir} to linker options in scripts bind9-config and
isc-config.sh. And then causes install file conflicts when install bind
andl ib32-bind both.
Inherit multilib_script.bbclass to fix this issue.
(From OE-Core rev: d3baeaf09d5d3e7548e5b2ea1b565880ea6ce994)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configure script ended up creating Makefile with
LIBDIR=/lib
which got leaked into various places including all
pkg-config .pc files where lines like (note the
double slash //):
libdir=${exec_prefix}//lib
...
Libs: -L${libdir} -lcrypto
which causes pkg-config --libs to include the full absolute path
to the recipe specific sysroot. This isn't a big problem
until something like CMake projects start generating
their own .cmake modules using this absolute path and exposing
them to sysroots of other bitbake recipes thus escaping
their recipe specific sysroots.
Then the fun begins when these users of the .cmake module start
to randomly fail builds with error messages like:
/home/builder/src/base/build/tmp/work/corei7-64-linux/package/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-linux/../../libexec/x86_64-linux/gcc/x86_64-linux/7.3.0/ld: cannot find /lib/libpthread.so.0
/home/builder/src/base/build/tmp/work/corei7-64-linux/package/1.0-r0/recipe-sysroot-native/usr/bin/x86_64-linux/../../libexec/x86_64-linux/gcc/x86_64-linux/7.3.0/ld: cannot find /usr/lib/libpthread_nonshared.a
collect2: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
WARNING: exit code 1 from a shell command.
As luck has it, this problem goes away by recompiling the recipes
alone but repeats with multiple recipes here and there when full
images are build.
A careful inspection of multi page linker command lines shows
that some linker paramaters point to libraries in a different
recipes sysroot than what bitbake was building when the task
failed.
So, fix is to remove this one extra slash from openssl
library path configuration option. This changes openssl
Makefile to have:
LIBDIR=lib
and all users of LIBDIR variable in the Makefile are already
adding slashes as path separators if that is needed.
With this the generated .pc files have:
libdir=${exec_prefix}/lib
and pkg-config --libs knows to strip the already default
sysroot path away.
This then fixes the generated .cmake files to not include
these absolute paths and fixes the random build failures
when building images.
Thanks to Thomas, Michael and Ross for debugging support!
(From OE-Core rev: d286e91bbdcecef16153313fe5e1e0e0cb469612)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Cc: Thomas Witt <thomas.witt@bmw.de>
Cc: Michael Ho <michael.ho@bmw.de>
Cc: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes build for older versions of git which don't follow redirects
properly if the .git suffix is missing.
(From OE-Core rev: 77c353cc9bdfbf1b6453b2579b72726db05eb69c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Current configuration for debian-mips64 is not correct,
'SIXTY_FOUR_BIT_LONG' need to be specified. otherwise,
it will cause other recipe like crda compile failed since
use default THIRTY_TWO_BIT mode.
(From OE-Core rev: 68f82ceb289149885eb0b04547cb4f79a680183b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since openssh support oepnssl 1.1.x, there is no reason
to keep libressl.
(From OE-Core rev: 30121a78555574f49b321566fcab172417bdf3e3)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Convert from tarball to git repository which support
openssl 1.1.x
- There is no specific minor version that contains the
openssl fix (it was merged to master a few days agao),
rename recipe version to `7.8p1+git'
- Fix regression test binaries missing
In commit `1f7aaf7 openssh: build regression test binaries', it build
regression test binaries, since upstream add two binaries in commits
`c59aca8 Create control sockets in clean temp directories' and
`1acc058 Disable tests where fs perms are incorrect', we should update
do_compile_ptest.
[ptest log]
|/usr/lib/openssh/ptest/regress/test-exec.sh: line 330: /usr/lib/openssh/
ptest/regress/mkdtemp: No such file or directory
[ptest log]
(From OE-Core rev: 9d48cb3da696add33315cf129fe60102bd9756c9)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Match it to definitions in
arch/<ARCH>/include/uapi/asm/termbits.h
(From OE-Core rev: 3e222bf3e0631b385dc46b02b6ba890451c291b2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I pushed this upstream, so mark the patch as such.
(From OE-Core rev: d1cae876c68b5b4ab666f1860d2935634a1f69dd)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.
(From OE-Core rev: a5a07887e73ebf0aa6b3b1fa247e44743b39322e)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configuration files from 1.0 and 1.1 conflict:
"""
file /etc/ssl/openssl.cnf conflicts between attempted installs of openssl10-conf-1.0.2p-r0.i586 and openssl-conf-1.1.1+pre9-r0.i586
"""
Ensure that if 1.1 is present, it will overwrite the config file
from 1.0.
(From OE-Core rev: bd92ff5759809df2542ce1bcba2c45bbd11d1e10)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tweaking was not sufficient to prevent package dependency issues,
but there is a standard mechanism to do exactly that kind of prevention
which I wasn't aware of.
(From OE-Core rev: 1e75fead42f27723e720686f5a5233dc5acbe5b3)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
At the moment 1.1.1 is in pre-release stage, however the final release
should be available within a few weeks. The major selling point is that
it supports the new TLS 1.3 specification. It will also be the new long
term support version. More information:
https://www.openssl.org/policies/releasestrat.html
(From OE-Core rev: 9f14a32a3b47b83877fe4fa58b13caeeb38f183a)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I believe the time has come to do this: openssl 1.0 upstream support stops at the end
of 2019, and we do not want a situation where a supported YP release contains an
unsupported version of a critical security component.
Openssl 1.0 can still be utilized by depending on 'openssl10' recipe.
(From OE-Core rev: 876466145f2da93757ba3f92177d0f959f5fe975)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop the disable-ciphers patch since it has been integrated:
cec33896 Omit 3des-cbc if OpenSSL built without DES.
(From OE-Core rev: 7d35f5bb7b1700ae4bb7f55af8db7357a851c15a)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The below test hangs infinitely
$ ./run-ptest
Actually it stuck at test-gatt unit test and
the detailed test output as below:
$ unit/test-gatt -p /robustness/unkown-request -d
/robustness/unkown-request - init
/robustness/unkown-request - setup
/robustness/unkown-request - setup complete
/robustness/unkown-request - run
GATT: < 02 17 00 ...
bt_gatt_server:MTU exchange complete, with MTU: 23
GATT: > 03 00 02 ...
PDU: = 03 00 02 ...
GATT: < bf 00
Considering the /robustness/unkown-request test
actually does no action, update to raw_pdu() to
fix the hang issue.
(From OE-Core rev: b6801f95800bf37f4b960123ba649322fc5cd5d3)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Although the relative_symlinks class converts any absolute symlinks
in ${D} into relative symlinks automatically, it's a little clearer
to create relative symlinks directly where possible.
(From OE-Core rev: 959b4d30b5b11e4a098654b0d4469bbdf01b3812)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The aarch64 build issue in the afalg engine appears to have been
fixed upstream since openssl 1.1.0g:
a0c262644e
(From OE-Core rev: 3184de7f57c05f32682d0c00baf797074b137422)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A single version of the openssl.sh environment-setup script is
currently shared by both the openssl 1.0 and 1.1 recipes. The libdir
path in the script needs to be tweaked for openssl 1.1.
(From OE-Core rev: 950f89a5eb98edbd734247b4141e18e635ef4f91)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The openssl 1.0 recipe puts the libdir symlink to /etc/ssl/openssl.cnf
in the base openssl package (along with the libdir symlinks to
/etc/ssl/certs and /etc/ssl/private). Keep the openssl 1.1 recipe
aligned with that approach until there's a clear reason to do
something else. For more background, see comments in the following
thread:
http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html
(From OE-Core rev: 480335803928c95e7948f8c949127ccb5cbc7dbe)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The openssl 1.1 recipe doesn't have a PACKAGECONFIG option for perl,
so the RDEPENDS for openssl-misc shouldn't be conditional on it.
(From OE-Core rev: 6c6c3809b9db3a08eefabe06d3f35cee5f400d92)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Formatting and comment tweaks only, no functional changes.
(From OE-Core rev: 06da559b5becee1b5fcc2263f6edd95f6d305fc2)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
According to comments in Configurations/10-main.conf, the linux-elf
target is "... to be used on older Linux machines where gcc doesn't
understand -m32 and -m64".
The linux-x86 target appears to be the newer replacement (currently
the only difference between the two is that linux-x86 adds -m32 to
cflags).
(From OE-Core rev: 9e9d0045caa62f3dba2760460de4e6eac38b4628)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Merge duplicates + minor reformatting (no functional changes).
Note that the openssl 1.1 recipe still needs to be updated to handle
MIPS Release 6 ISA targets (e.g. linux-mipsisa32r6, etc).
(From OE-Core rev: bdc9e773c240716c2e2a60ca5d4313cfaa6188b1)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some packages have hard-coded path to /etc/ssl location.
Create a symlinks to correct location.
(From OE-Core rev: 87ae1f2de1b033172560e3c89caa06bd9e10d071)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The main idea is to have libssl and libcrypto in separate packages.
This saves space if only single library is needed and also some recipes
(in other layers) depend on these library packages.
Together with this other packages like in 1.0.x were created.
The only difference is that openssl 1.1 has additional package openssl-bin.
Add missing dependency to perl for openssl-bin pkg, c_rehash requires it.
(From OE-Core rev: b729cae26de23ac6df10cbf74bab0105580cc43d)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patch original c_rehash script with Debian patch instead
of overriding it with own version.
Error output from c_reshah without patching:
Unknown regexp modifier "/b" at ./c_rehash line 15, at end of line
Unknown regexp modifier "/W" at ./c_rehash line 28, at end of line
Unknown regexp modifier "/3" at ./c_rehash line 28, at end of line
Unknown regexp modifier "/2" at ./c_rehash line 28, at end of line
No such class installdir at ./c_rehash line 63, near "Prefix our
installdir"
(Might be a runaway multi-line // string starting on line 28)
syntax error at ./c_rehash line 63, near "Prefix our installdir"
Can't redeclare "my" in "my" at ./c_rehash line 68, near ""
Execution of ./c_rehash aborted due to compilation errors.
(From OE-Core rev: f8a826f497073533a3e4c390255ae197d65d6ef3)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Marko Peter <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The perlpath.pl script is used to patch the #! lines in all perl
scripts in the utils directory. However, as these scripts are run via
e.g. "perl foo.pl", they don't actually rely on the #! path to be
correct (which can be confirmed by the observation that the path is
currently being set to ${STAGING_BINDIR_NATIVE}/perl, which doesn't
exist).
(From OE-Core rev: ba88fe46d47846042518a5a1017d782ba548202c)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
