diff options
author | Ahmad Fatoum <a.fatoum@pengutronix.de> | 2023-09-20 16:33:41 +0200 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2023-10-09 09:38:49 -0700 |
commit | 4ad790c7334b02d6d150285a952d84a02645773f (patch) | |
tree | 1b3b186701c1e9e7387d186834d8f27af680cbb9 /meta-oe/classes | |
parent | a76f0b1f7c9fc7ecb4ebaaf9862fff3624fdef53 (diff) | |
download | meta-openembedded-4ad790c7334b02d6d150285a952d84a02645773f.tar.gz |
signing.bbclass: don't export OPENSSL environment variables globally
OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.
This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/classes')
-rw-r--r-- | meta-oe/classes/signing.bbclass | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass index 5c74a319e..79944e3fe 100644 --- a/meta-oe/classes/signing.bbclass +++ b/meta-oe/classes/signing.bbclass | |||
@@ -224,6 +224,12 @@ signing_import_install() { | |||
224 | } | 224 | } |
225 | 225 | ||
226 | signing_prepare() { | 226 | signing_prepare() { |
227 | export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" | ||
228 | export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" | ||
229 | export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" | ||
230 | export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" | ||
231 | export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" | ||
232 | |||
227 | if [ -f ${OPENSSL_CONF} ]; then | 233 | if [ -f ${OPENSSL_CONF} ]; then |
228 | echo "Using '${OPENSSL_CONF}' for OpenSSL configuration" | 234 | echo "Using '${OPENSSL_CONF}' for OpenSSL configuration" |
229 | else | 235 | else |
@@ -308,9 +314,3 @@ signing_get_module() { | |||
308 | python () { | 314 | python () { |
309 | signing_class_prepare(d) | 315 | signing_class_prepare(d) |
310 | } | 316 | } |
311 | |||
312 | export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" | ||
313 | export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" | ||
314 | export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" | ||
315 | export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" | ||
316 | export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" | ||