diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2020-01-14 14:59:48 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-16 22:33:09 +0000 |
commit | 8f2f1af3630264f34f454dab71861e64c820f6db (patch) | |
tree | dcd12e08e80aa494829e1e47d32259ab0bf66600 /meta/recipes-devtools | |
parent | b11fc7795cd1a6d74c9bb50b922d928f4a17722d (diff) | |
download | poky-8f2f1af3630264f34f454dab71861e64c820f6db.tar.gz |
rpm: switch to openssl from nss
nss is a problematic library in many ways, but openssl
seems to work just fine.
rpm was the only user of nss in oe-core, which opens
the possibility of moving it out.
Add a backported patch to enable builds with latest openssl.
(From OE-Core rev: 8c35a01dc771bf48f74129daa58d365100d18081)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch | 81 | ||||
-rw-r--r-- | meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | 5 |
2 files changed, 84 insertions, 2 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch new file mode 100644 index 0000000000..734e38bb39 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch | |||
@@ -0,0 +1,81 @@ | |||
1 | From 2d53d1e308a5bd15a16cc289fa7e1f264ea706be Mon Sep 17 00:00:00 2001 | ||
2 | From: Panu Matilainen <pmatilai@redhat.com> | ||
3 | Date: Tue, 26 Jun 2018 10:46:14 +0300 | ||
4 | Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests | ||
5 | |||
6 | Inspired by #453, adding configure-checks for unused digests algorithms | ||
7 | seems nonsensical, at no point in rpm history have these algorithms been | ||
8 | used for anything in rpm so there's not even backward compatibility to | ||
9 | care about. So the question becomes why do we appear to have (some) | ||
10 | support for those unused algorithms? So lets don't, problem solved... | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0] | ||
13 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||
14 | --- | ||
15 | rpmio/digest_beecrypt.c | 7 ------- | ||
16 | rpmio/digest_nss.c | 2 -- | ||
17 | rpmio/digest_openssl.c | 6 ------ | ||
18 | 3 files changed, 15 deletions(-) | ||
19 | |||
20 | diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c | ||
21 | index 597027e25..653a39491 100644 | ||
22 | --- a/rpmio/digest_beecrypt.c | ||
23 | +++ b/rpmio/digest_beecrypt.c | ||
24 | @@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags) | ||
25 | ctx->Digest = (void *) sha512Digest; | ||
26 | break; | ||
27 | #endif | ||
28 | - case PGPHASHALGO_RIPEMD160: | ||
29 | - case PGPHASHALGO_MD2: | ||
30 | - case PGPHASHALGO_TIGER192: | ||
31 | - case PGPHASHALGO_HAVAL_5_160: | ||
32 | default: | ||
33 | free(ctx); | ||
34 | return NULL; | ||
35 | @@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si | ||
36 | case PGPHASHALGO_SHA1: | ||
37 | prefix = "3021300906052b0e03021a05000414"; | ||
38 | break; | ||
39 | - case PGPHASHALGO_MD2: | ||
40 | - prefix = "3020300c06082a864886f70d020205000410"; | ||
41 | - break; | ||
42 | case PGPHASHALGO_SHA256: | ||
43 | prefix = "3031300d060960864801650304020105000420"; | ||
44 | break; | ||
45 | diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c | ||
46 | index e11920e3e..b3d2b5595 100644 | ||
47 | --- a/rpmio/digest_nss.c | ||
48 | +++ b/rpmio/digest_nss.c | ||
49 | @@ -117,7 +117,6 @@ static HASH_HashType getHashType(int hashalgo) | ||
50 | { | ||
51 | switch (hashalgo) { | ||
52 | case PGPHASHALGO_MD5: return HASH_AlgMD5; | ||
53 | - case PGPHASHALGO_MD2: return HASH_AlgMD2; | ||
54 | case PGPHASHALGO_SHA1: return HASH_AlgSHA1; | ||
55 | #ifdef SHA224_LENGTH | ||
56 | case PGPHASHALGO_SHA224: return HASH_AlgSHA224; | ||
57 | @@ -217,7 +216,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo) | ||
58 | { | ||
59 | switch (hashalgo) { | ||
60 | case PGPHASHALGO_MD5: return SEC_OID_MD5; | ||
61 | - case PGPHASHALGO_MD2: return SEC_OID_MD2; | ||
62 | case PGPHASHALGO_SHA1: return SEC_OID_SHA1; | ||
63 | #ifdef SHA224_LENGTH | ||
64 | case PGPHASHALGO_SHA224: return SEC_OID_SHA224; | ||
65 | diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c | ||
66 | index 18e52a724..0ae48dd1d 100644 | ||
67 | --- a/rpmio/digest_openssl.c | ||
68 | +++ b/rpmio/digest_openssl.c | ||
69 | @@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo) | ||
70 | case PGPHASHALGO_SHA1: | ||
71 | return EVP_sha1(); | ||
72 | |||
73 | - case PGPHASHALGO_RIPEMD160: | ||
74 | - return EVP_ripemd160(); | ||
75 | - | ||
76 | - case PGPHASHALGO_MD2: | ||
77 | - return EVP_md2(); | ||
78 | - | ||
79 | case PGPHASHALGO_SHA256: | ||
80 | return EVP_sha256(); | ||
81 | |||
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb index c37330eb4c..339bd7b834 100644 --- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb | |||
@@ -42,6 +42,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \ | |||
42 | file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \ | 42 | file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \ |
43 | file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ | 43 | file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ |
44 | file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \ | 44 | file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \ |
45 | file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \ | ||
45 | " | 46 | " |
46 | 47 | ||
47 | PE = "1" | 48 | PE = "1" |
@@ -49,7 +50,7 @@ SRCREV = "4a9440006398646583f0d9ae1837dad2875013aa" | |||
49 | 50 | ||
50 | S = "${WORKDIR}/git" | 51 | S = "${WORKDIR}/git" |
51 | 52 | ||
52 | DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3" | 53 | DEPENDS = "openssl libarchive db file popt xz bzip2 dbus elfutils python3" |
53 | DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native" | 54 | DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native" |
54 | 55 | ||
55 | inherit autotools gettext pkgconfig python3native | 56 | inherit autotools gettext pkgconfig python3native |
@@ -58,7 +59,7 @@ export PYTHON_ABI | |||
58 | # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe | 59 | # OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe |
59 | EXTRA_AUTORECONF_append = " --exclude=gnu-configize" | 60 | EXTRA_AUTORECONF_append = " --exclude=gnu-configize" |
60 | 61 | ||
61 | EXTRA_OECONF_append = " --without-lua --enable-python" | 62 | EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=openssl" |
62 | EXTRA_OECONF_append_libc-musl = " --disable-nls" | 63 | EXTRA_OECONF_append_libc-musl = " --disable-nls" |
63 | 64 | ||
64 | # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs | 65 | # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs |