diff options
| author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2023-09-20 16:33:41 +0200 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-10-09 09:38:49 -0700 |
| commit | 4ad790c7334b02d6d150285a952d84a02645773f (patch) | |
| tree | 1b3b186701c1e9e7387d186834d8f27af680cbb9 /meta-oe/classes | |
| parent | a76f0b1f7c9fc7ecb4ebaaf9862fff3624fdef53 (diff) | |
| download | meta-openembedded-4ad790c7334b02d6d150285a952d84a02645773f.tar.gz | |
signing.bbclass: don't export OPENSSL environment variables globally
OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.
This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/classes')
| -rw-r--r-- | meta-oe/classes/signing.bbclass | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 5c74a319e..79944e3fe 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
| @@ -224,6 +224,12 @@ signing_import_install() { | |||
| 224 | } | 224 | } |
| 225 | 225 | ||
| 226 | signing_prepare() { | 226 | signing_prepare() { |
| 227 | export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" | ||
| 228 | export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" | ||
| 229 | export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" | ||
| 230 | export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" | ||
| 231 | export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" | ||
| 232 | |||
| 227 | if [ -f ${OPENSSL_CONF} ]; then | 233 | if [ -f ${OPENSSL_CONF} ]; then |
| 228 | echo "Using '${OPENSSL_CONF}' for OpenSSL configuration" | 234 | echo "Using '${OPENSSL_CONF}' for OpenSSL configuration" |
| 229 | else | 235 | else |
| @@ -308,9 +314,3 @@ signing_get_module() { | |||
| 308 | python () { | 314 | python () { |
| 309 | signing_class_prepare(d) | 315 | signing_class_prepare(d) |
| 310 | } | 316 | } |
| 311 | |||
| 312 | export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" | ||
| 313 | export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" | ||
| 314 | export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" | ||
| 315 | export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" | ||
| 316 | export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" | ||