summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorAlexander Kanavin <alex.kanavin@gmail.com>2020-01-14 14:59:48 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-01-16 22:33:09 +0000
commit8f2f1af3630264f34f454dab71861e64c820f6db (patch)
treedcd12e08e80aa494829e1e47d32259ab0bf66600 /meta/recipes-devtools
parentb11fc7795cd1a6d74c9bb50b922d928f4a17722d (diff)
downloadpoky-8f2f1af3630264f34f454dab71861e64c820f6db.tar.gz
rpm: switch to openssl from nss
nss is a problematic library in many ways, but openssl seems to work just fine. rpm was the only user of nss in oe-core, which opens the possibility of moving it out. Add a backported patch to enable builds with latest openssl. (From OE-Core rev: 8c35a01dc771bf48f74129daa58d365100d18081) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch81
-rw-r--r--meta/recipes-devtools/rpm/rpm_4.14.2.1.bb5
2 files changed, 84 insertions, 2 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch
new file mode 100644
index 0000000000..734e38bb39
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch
@@ -0,0 +1,81 @@
1From 2d53d1e308a5bd15a16cc289fa7e1f264ea706be Mon Sep 17 00:00:00 2001
2From: Panu Matilainen <pmatilai@redhat.com>
3Date: Tue, 26 Jun 2018 10:46:14 +0300
4Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests
5
6Inspired by #453, adding configure-checks for unused digests algorithms
7seems nonsensical, at no point in rpm history have these algorithms been
8used for anything in rpm so there's not even backward compatibility to
9care about. So the question becomes why do we appear to have (some)
10support for those unused algorithms? So lets don't, problem solved...
11
12Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0]
13Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
14---
15 rpmio/digest_beecrypt.c | 7 -------
16 rpmio/digest_nss.c | 2 --
17 rpmio/digest_openssl.c | 6 ------
18 3 files changed, 15 deletions(-)
19
20diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c
21index 597027e25..653a39491 100644
22--- a/rpmio/digest_beecrypt.c
23+++ b/rpmio/digest_beecrypt.c
24@@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
25 ctx->Digest = (void *) sha512Digest;
26 break;
27 #endif
28- case PGPHASHALGO_RIPEMD160:
29- case PGPHASHALGO_MD2:
30- case PGPHASHALGO_TIGER192:
31- case PGPHASHALGO_HAVAL_5_160:
32 default:
33 free(ctx);
34 return NULL;
35@@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si
36 case PGPHASHALGO_SHA1:
37 prefix = "3021300906052b0e03021a05000414";
38 break;
39- case PGPHASHALGO_MD2:
40- prefix = "3020300c06082a864886f70d020205000410";
41- break;
42 case PGPHASHALGO_SHA256:
43 prefix = "3031300d060960864801650304020105000420";
44 break;
45diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c
46index e11920e3e..b3d2b5595 100644
47--- a/rpmio/digest_nss.c
48+++ b/rpmio/digest_nss.c
49@@ -117,7 +117,6 @@ static HASH_HashType getHashType(int hashalgo)
50 {
51 switch (hashalgo) {
52 case PGPHASHALGO_MD5: return HASH_AlgMD5;
53- case PGPHASHALGO_MD2: return HASH_AlgMD2;
54 case PGPHASHALGO_SHA1: return HASH_AlgSHA1;
55 #ifdef SHA224_LENGTH
56 case PGPHASHALGO_SHA224: return HASH_AlgSHA224;
57@@ -217,7 +216,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo)
58 {
59 switch (hashalgo) {
60 case PGPHASHALGO_MD5: return SEC_OID_MD5;
61- case PGPHASHALGO_MD2: return SEC_OID_MD2;
62 case PGPHASHALGO_SHA1: return SEC_OID_SHA1;
63 #ifdef SHA224_LENGTH
64 case PGPHASHALGO_SHA224: return SEC_OID_SHA224;
65diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c
66index 18e52a724..0ae48dd1d 100644
67--- a/rpmio/digest_openssl.c
68+++ b/rpmio/digest_openssl.c
69@@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo)
70 case PGPHASHALGO_SHA1:
71 return EVP_sha1();
72
73- case PGPHASHALGO_RIPEMD160:
74- return EVP_ripemd160();
75-
76- case PGPHASHALGO_MD2:
77- return EVP_md2();
78-
79 case PGPHASHALGO_SHA256:
80 return EVP_sha256();
81
diff --git a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
index c37330eb4c..339bd7b834 100644
--- a/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.14.2.1.bb
@@ -42,6 +42,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.14.x \
42 file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \ 42 file://0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch \
43 file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ 43 file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \
44 file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \ 44 file://0001-mono-find-provides-requires-do-not-use-monodis-from-.patch \
45 file://0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch \
45 " 46 "
46 47
47PE = "1" 48PE = "1"
@@ -49,7 +50,7 @@ SRCREV = "4a9440006398646583f0d9ae1837dad2875013aa"
49 50
50S = "${WORKDIR}/git" 51S = "${WORKDIR}/git"
51 52
52DEPENDS = "nss libarchive db file popt xz bzip2 dbus elfutils python3" 53DEPENDS = "openssl libarchive db file popt xz bzip2 dbus elfutils python3"
53DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native" 54DEPENDS_append_class-native = " file-replacement-native bzip2-replacement-native"
54 55
55inherit autotools gettext pkgconfig python3native 56inherit autotools gettext pkgconfig python3native
@@ -58,7 +59,7 @@ export PYTHON_ABI
58# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe 59# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe
59EXTRA_AUTORECONF_append = " --exclude=gnu-configize" 60EXTRA_AUTORECONF_append = " --exclude=gnu-configize"
60 61
61EXTRA_OECONF_append = " --without-lua --enable-python" 62EXTRA_OECONF_append = " --without-lua --enable-python --with-crypto=openssl"
62EXTRA_OECONF_append_libc-musl = " --disable-nls" 63EXTRA_OECONF_append_libc-musl = " --disable-nls"
63 64
64# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs 65# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs