<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity/openssl/files, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-11-07T13:31:53+00:00</updated>
<entry>
<title>The poky repository master branch is no longer being updated.</title>
<updated>2025-11-07T13:31:53+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-11-07T13:31:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8c22ff0d8b70d9b12f0487ef696a7e915b9e3173'/>
<id>urn:sha1:8c22ff0d8b70d9b12f0487ef696a7e915b9e3173</id>
<content type='text'>
You can either:

a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs

b) use the new bitbake-setup

You can find information about either approach in our documentation:
https://docs.yoctoproject.org/

Note that "poky" the distro setting is still available in meta-yocto as
before and we continue to use and maintain that.

Long live Poky!

Some further information on the background of this change can be found
in: https://lists.openembedded.org/g/openembedded-architecture/message/2179

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: fix unbound variable issues under 'set -u'</title>
<updated>2025-09-15T16:57:23+00:00</updated>
<author>
<name>Haixiao Yan</name>
<email>haixiao.yan.cn@windriver.com</email>
</author>
<published>2025-09-12T01:59:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f5adf527f2e3279432800218986505f894167d3d'/>
<id>urn:sha1:f5adf527f2e3279432800218986505f894167d3d</id>
<content type='text'>
When Bash runs with 'set -u' (nounset), accessing an unset variable
directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable"
error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR
is never triggered and the script aborts.

The current code assumes these variables may be unset or empty, but does
not guard against 'set -u'. This breaks builds in stricter shell
environments or when users explicitly enable 'set -u'.

Fix this by using parameter expansion with a default value, e.g.
"${SSL_CERT_FILE:-}", so that unset variables are treated as empty
strings. This preserves the intended logic (respect host env first, then
CAFILE/CAPATH, then buildtools defaults) and makes the script robust
under 'set -u'.

(From OE-Core rev: 4d880c2eccd534133a2a4e6579d955605c0956ec)

Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: Make buildtools respects host CA certificates</title>
<updated>2025-04-24T10:27:06+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-04-15T10:56:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8dcd0f73eb9547b8daacc751141b8531fbbe4bf7'/>
<id>urn:sha1:8dcd0f73eb9547b8daacc751141b8531fbbe4bf7</id>
<content type='text'>
To adapt user network enviroment, buildtools should first try to use
the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these
envs is not set, then use the auto-detected ca file and ca path, and
finally use the CA certificates in buildtools.

nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work

nativesdk-curl don't set default ca file, need
SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work

nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO
also works

nativesdk-python3-requests will use cacert.pem under python module certifi by
default, need to set REQUESTS_CA_BUNDLE

(From OE-Core rev: 8a7ec52e9b35654bee48cd948c6c34c63db3e265)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>buildtools-tarball: move setting of envvars to respective envfile</title>
<updated>2025-04-11T10:49:59+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2025-04-08T09:38:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2a1eb07755871aaf1e3f35547b7315237592ea27'/>
<id>urn:sha1:2a1eb07755871aaf1e3f35547b7315237592ea27</id>
<content type='text'>
* make git,curl,python3-requests align with openssl, move the setting of
  envvars into respective envfile
* for environment.d-openssl.sh, also check if ca-certificates.crt exist
  before export envvars

(From OE-Core rev: 9d8ebfcd55ad274e79cb81f162397c8f39f4287b)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: fold result of sed invocation into environment file</title>
<updated>2025-02-27T10:55:16+00:00</updated>
<author>
<name>Rasmus Villemoes</name>
<email>ravi@prevas.dk</email>
</author>
<published>2025-02-24T21:16:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=de80844aa2200e45524d3a546c2f565410d81584'/>
<id>urn:sha1:de80844aa2200e45524d3a546c2f565410d81584</id>
<content type='text'>
A long time ago, the environment.d-openssl.sh file was shared between
openssl 1.0 and openssl 1.1 recipes, and sed was used to make the path
right for the 1.1 version. Nowadays, with only a single recipe, this
is a bit roundabout, so just use the proper path in the file directly.

(From OE-Core rev: 291fe7db623b0974e7831e908e91b1f1259e0506)

Signed-off-by: Rasmus Villemoes &lt;ravi@prevas.dk&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Fix SDK environment script to avoid unbound variable</title>
<updated>2024-11-01T11:53:26+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2024-10-31T07:52:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ce71947065101fb748164c3c2ce8f1a2764071b3'/>
<id>urn:sha1:ce71947065101fb748164c3c2ce8f1a2764071b3</id>
<content type='text'>
Avoid errors like:

buildtools/sysroots/x86_64-pokysdk-linux/environment-setup.d/openssl.sh: line 6: BB_ENV_PASSTHROUGH_ADDITIONS: unbound variable

by setting an explicit empty default value.

(From OE-Core rev: 5a2a4910a22668f25679a47deaa9e2ed28665efa)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Add passthrough variables to work with bitbake</title>
<updated>2024-06-04T20:37:13+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2024-05-27T22:06:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=06cba9abc4dcb630142be7606f5272be8bcb2e36'/>
<id>urn:sha1:06cba9abc4dcb630142be7606f5272be8bcb2e36</id>
<content type='text'>
Now that bitbake uses websockets over SSL as hashserv and is correctly
limiting hash equivalence only to things in the orginal SDK, bitbake builds
from buildtools can fail due to broken SSL from buildtools.

The issue is that the relocation variables are being removed from the
environment. This could be fixed within bitbake or it could be fixed
within the SDK environment. This patch does the latter for now. We
really need to improve openssl relocation within the SDK in general.

Fixing this has become more urgent to fix failing builds in automated
testing.

(From OE-Core rev: 6a20667c166fa3d7e2b6e8e8b442dec0fc75f349)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: Fix SSL_CERT_FILE to match ca-certs location</title>
<updated>2022-10-26T22:01:01+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2022-10-26T21:03:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6e166954841c926b9cd392799a1181101c2b1afa'/>
<id>urn:sha1:6e166954841c926b9cd392799a1181101c2b1afa</id>
<content type='text'>
In OE-Core d6b15d1e70b99185cf245d829ada5b6fb99ec1af,
"openssl: export necessary env vars in SDK", the value added for
SSL_CERT_FILE was in conflict with the value used elsewhere, such as
in buildtools. This makes them match and fixes buildtools testsdk
failures.

(From OE-Core rev: 7d383a7fc6da666c80f2fc037af5f49a3388eb2b)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: export necessary env vars in SDK</title>
<updated>2022-10-25T12:42:03+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2022-10-19T09:32:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a5e4b5d175d582af0454ee8ee626c901203447c7'/>
<id>urn:sha1:a5e4b5d175d582af0454ee8ee626c901203447c7</id>
<content type='text'>
In current SDK, when running the following command in python
shell, we get an error.

$ python3
&gt;&gt;&gt; from cryptography.hazmat.backends import openssl

The error message is as below:

  cryptography.exceptions.InternalError: Unknown OpenSSL error.

We could set OPENSSL_MODULES explicitly in nativesdk-openssl package
so that when SDK is set up, it's in environment and we can
get rid of the above error.

Also, there are other env vars that need to be exported. And we export
all of them to keep sync with openssl-native.bbclass.

(From OE-Core rev: d6b15d1e70b99185cf245d829ada5b6fb99ec1af)

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>openssl: rename openssl 1.0.x to openssl10 and make openssl 1.1.x the default version</title>
<updated>2018-09-04T10:03:56+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alexander.kanavin@linux.intel.com</email>
</author>
<published>2018-08-28T10:23:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=df15a4c914177024f1825aacb4701fd232e1dd58'/>
<id>urn:sha1:df15a4c914177024f1825aacb4701fd232e1dd58</id>
<content type='text'>
I believe the time has come to do this: openssl 1.0 upstream support stops at the end
of 2019, and we do not want a situation where a supported YP release contains an
unsupported version of a critical security component.

Openssl 1.0 can still be utilized by depending on 'openssl10' recipe.

(From OE-Core rev: 876466145f2da93757ba3f92177d0f959f5fe975)

Signed-off-by: Alexander Kanavin &lt;alexander.kanavin@linux.intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
