diff options
| author | Haixiao Yan <haixiao.yan.cn@windriver.com> | 2025-09-12 09:59:33 +0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-09-22 12:21:23 -0700 |
| commit | 619c00830682737a830dc79c48131e3767fb4c7c (patch) | |
| tree | 56281165a33912b80bd026f227e433a4fecf3414 /meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | |
| parent | 51fbf6f908fab4d18f369f0dff1710ee69e54f63 (diff) | |
| download | poky-619c00830682737a830dc79c48131e3767fb4c7c.tar.gz | |
buildtools-tarball: fix unbound variable issues under 'set -u'
When Bash runs with 'set -u' (nounset), accessing an unset variable
directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable"
error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR
is never triggered and the script aborts.
The current code assumes these variables may be unset or empty, but does
not guard against 'set -u'. This breaks builds in stricter shell
environments or when users explicitly enable 'set -u'.
Fix this by using parameter expansion with a default value, e.g.
"${SSL_CERT_FILE:-}", so that unset variables are treated as empty
strings. This preserves the intended logic (respect host env first, then
CAFILE/CAPATH, then buildtools defaults) and makes the script robust
under 'set -u'.
(From OE-Core rev: 3d161e94ad532f660d4a0259a32e26a32ea0c75d)
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d880c2eccd534133a2a4e6579d955605c0956ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/files/environment.d-openssl.sh')
| -rw-r--r-- | meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index 71d378734c..0e75e34f9d 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | |||
| @@ -5,16 +5,16 @@ export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_C | |||
| 5 | 5 | ||
| 6 | # Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools | 6 | # Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools |
| 7 | # CAFILE/CAPATH is auto-deteced when source buildtools | 7 | # CAFILE/CAPATH is auto-deteced when source buildtools |
| 8 | if [ -z "$SSL_CERT_FILE" ]; then | 8 | if [ -z "${SSL_CERT_FILE:-}" ]; then |
| 9 | if [ -n "$CAFILE" ];then | 9 | if [ -n "${CAFILE:-}" ];then |
| 10 | export SSL_CERT_FILE="$CAFILE" | 10 | export SSL_CERT_FILE="$CAFILE" |
| 11 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | 11 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then |
| 12 | export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" | 12 | export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" |
| 13 | fi | 13 | fi |
| 14 | fi | 14 | fi |
| 15 | 15 | ||
| 16 | if [ -z "$SSL_CERT_DIR" ]; then | 16 | if [ -z "${SSL_CERT_DIR:-}" ]; then |
| 17 | if [ -n "$CAPATH" ];then | 17 | if [ -n "${CAPATH:-}" ];then |
| 18 | export SSL_CERT_DIR="$CAPATH" | 18 | export SSL_CERT_DIR="$CAPATH" |
| 19 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | 19 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then |
| 20 | export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" | 20 | export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" |