summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2018-08-28 12:23:15 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-04 11:03:56 +0100
commit729445340a904a201fad9add26ded8e4913c8bf8 (patch)
treef390094cb68fdb6936e937094ce26ad15acc3792
parentd9704260def0c2058ea62398cefff2e7574fba37 (diff)
downloadpoky-729445340a904a201fad9add26ded8e4913c8bf8.tar.gz
libressl: add a recipe to support openssh
After reading through this: https://github.com/openssh/openssh-portable/pull/48 and this thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036344.html I've concluded that this is the best of the three not-great options. The alternatives: - bundle libressl inside openssh packages - keep openssh dependent on openssl 1.0 and wait until upstream does something are both inferior. Libressl is used with openssh in OpenBSD and in OS X, so it did get at least some testing in the real world. (From OE-Core rev: e7ac137bfc59bc67e17d5372b59d20bdbfcc2550) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/maintainers.inc1
-rw-r--r--meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch73
-rw-r--r--meta/recipes-connectivity/libressl/libressl_2.8.0.bb35
3 files changed, 109 insertions, 0 deletions
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index c76f81fb63..de4f9af47f 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -344,6 +344,7 @@ RECIPE_MAINTAINER_pn-libpng = "Maxin B. John <maxin.john@intel.com>"
344RECIPE_MAINTAINER_pn-libproxy = "Maxin B. John <maxin.john@intel.com>" 344RECIPE_MAINTAINER_pn-libproxy = "Maxin B. John <maxin.john@intel.com>"
345RECIPE_MAINTAINER_pn-libpthread-stubs = "Alexander Kanavin <alex.kanavin@gmail.com>" 345RECIPE_MAINTAINER_pn-libpthread-stubs = "Alexander Kanavin <alex.kanavin@gmail.com>"
346RECIPE_MAINTAINER_pn-librepo = "Alexander Kanavin <alex.kanavin@gmail.com>" 346RECIPE_MAINTAINER_pn-librepo = "Alexander Kanavin <alex.kanavin@gmail.com>"
347RECIPE_MAINTAINER_pn-libressl = "Alexander Kanavin <alex.kanavin@gmail.com>"
347RECIPE_MAINTAINER_pn-librsvg = "Maxin B. John <maxin.john@intel.com>" 348RECIPE_MAINTAINER_pn-librsvg = "Maxin B. John <maxin.john@intel.com>"
348RECIPE_MAINTAINER_pn-libsamplerate0 = "Tanu Kaskinen <tanuk@iki.fi>" 349RECIPE_MAINTAINER_pn-libsamplerate0 = "Tanu Kaskinen <tanuk@iki.fi>"
349RECIPE_MAINTAINER_pn-libsdl = "Yi Zhao <yi.zhao@windriver.com>" 350RECIPE_MAINTAINER_pn-libsdl = "Yi Zhao <yi.zhao@windriver.com>"
diff --git a/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch b/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
new file mode 100644
index 0000000000..50b795d6d9
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch
@@ -0,0 +1,73 @@
1From 0dd486ba596fea07742a9317542bce27e18fd830 Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex.kanavin@gmail.com>
3Date: Mon, 9 Apr 2018 18:02:56 +0300
4Subject: [PATCH] Link dynamic libraries with their library dependencies.
5
6It does seem like outside of OpenBSD, no one has actually used libressl yet.
7
8Upstream-Status: Pending
9Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
10
11---
12 CMakeLists.txt | 5 +++++
13 crypto/CMakeLists.txt | 1 +
14 ssl/CMakeLists.txt | 2 +-
15 3 files changed, 7 insertions(+), 1 deletion(-)
16
17diff --git a/CMakeLists.txt b/CMakeLists.txt
18index 549849f..0f9d8f5 100644
19--- a/CMakeLists.txt
20+++ b/CMakeLists.txt
21@@ -266,15 +266,19 @@ set(OPENSSL_LIBS tls ssl crypto)
22
23 # Add additional required libs
24 if(WIN32)
25+ set(OPENSSL_LIB_LIBS ws2_32)
26 set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
27 endif()
28 if(CMAKE_SYSTEM_NAME MATCHES "Linux")
29+ set(OPENSSL_LIB_LIBS pthread)
30 set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
31 endif()
32 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
33+ set(OPENSSL_LIB_LIBS pthread)
34 set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
35 endif()
36 if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
37+ set(OPENSSL_LIB_LIBS nsl socket)
38 set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
39 endif()
40
41@@ -282,6 +286,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
42 # Check if we need -lrt to get clock_gettime on Linux
43 check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
44 if (HAVE_CLOCK_GETTIME)
45+ set(OPENSSL_LIB_LIBS ${OPENSSL_LIB_LIBS} rt)
46 set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
47 endif()
48 else()
49diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
50index 90e127e..08eceda 100644
51--- a/crypto/CMakeLists.txt
52+++ b/crypto/CMakeLists.txt
53@@ -813,6 +813,7 @@ target_include_directories(crypto
54 ../include)
55
56 if (BUILD_SHARED_LIBS)
57+ target_link_libraries(crypto ${OPENSSL_LIB_LIBS})
58 export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
59 if (WIN32)
60 target_link_libraries(crypto Ws2_32.lib)
61diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
62index 1a559e6..ed17223 100644
63--- a/ssl/CMakeLists.txt
64+++ b/ssl/CMakeLists.txt
65@@ -51,7 +51,7 @@ target_include_directories(ssl
66
67 if (BUILD_SHARED_LIBS)
68 export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
69- target_link_libraries(ssl crypto)
70+ target_link_libraries(ssl crypto ${OPENSSL_LIB_LIBS})
71 if (WIN32)
72 target_link_libraries(ssl Ws2_32.lib)
73 set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
diff --git a/meta/recipes-connectivity/libressl/libressl_2.8.0.bb b/meta/recipes-connectivity/libressl/libressl_2.8.0.bb
new file mode 100644
index 0000000000..b45f16a705
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl_2.8.0.bb
@@ -0,0 +1,35 @@
1SUMMARY = "Drop-in replacement for openssl 1.0.x, maintained by OpenBSD"
2DESCRIPTION = "LibreSSL is a version of the TLS/crypto stack forked from \
3 OpenSSL in 2014, with goals of modernizing the codebase, \
4 improving security, and applying best practice development processes. "
5HOMEPAGE = "http://www.libressl.org/"
6
7LICENSE = "openssl"
8LIC_FILES_CHKSUM = "file://COPYING;md5=01f9bb4d275f5eeea905377bef3de622"
9
10SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${PV}.tar.gz \
11 file://0001-Link-dynamic-libraries-with-their-library-dependenci.patch \
12 "
13SRC_URI[md5sum] = "d922be6690e7de8949948aaec42a4563"
14SRC_URI[sha256sum] = "af2bba965b06063518eec6f192d411631dfe1d07713760c67c3c29d348789dc3"
15
16inherit cmake
17
18EXTRA_OECMAKE = "-DOPENSSLDIR=${sysconfdir}/libressl -DBUILD_SHARED_LIBS=ON"
19
20PACKAGE_PREPROCESS_FUNCS += "libressl_package_preprocess"
21
22# libressl development files and executable binaries clash with openssl 1.1
23# files when installed into target rootfs. So we don't put them into
24# packages, but they continue to be provided via target sysroot for
25# cross-compilation on the host, if some software needs specifically libressl.
26libressl_package_preprocess () {
27 for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
28 rm $file
29 done
30}
31
32# {standard input}: Assembler messages:
33# {standard input}:303: Error: selected processor does not support `rev r0,r0' in ARM mode
34# {standard input}:303: Error: selected processor does not support `rev ip,ip' in ARM mode
35OECMAKE_C_FLAGS_append_arm = " -D__STRICT_ALIGNMENT"