buildtools-tarball: fix unbound variable issues under 'set -u'

When Bash runs with 'set -u' (nounset), accessing an unset variable directly (e.g. [ -z "$SSL_CERT_FILE" ]) causes a fatal "unbound variable" error. As a result, the fallback logic to set SSL_CERT_FILE/SSL_CERT_DIR is never triggered and the script aborts. The current code assumes these variables may be unset or empty, but does not guard against 'set -u'. This breaks builds in stricter shell environments or when users explicitly enable 'set -u'. Fix this by using parameter expansion with a default value, e.g. "${SSL_CERT_FILE:-}", so that unset variables are treated as empty strings. This preserves the intended logic (respect host env first, then CAFILE/CAPATH, then buildtools defaults) and makes the script robust under 'set -u'. (From OE-Core rev: 4cf131ebd157b79226533b5a5074691dd0e1a4ab) Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4d880c2eccd534133a2a4e6579d955605c0956ec) Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Haixiao Yan <haixiao.yan.cn@windriver.com> 2025-09-16 21:19:18 +0800
committer: Steve Sakoman <steve@sakoman.com> 2025-09-22 13:17:52 -0700
commit: e3ce89324da1e33c17c9180ef846f41d92616254 (patch)
tree: c348dde127578a494b4acfb6cb5445cd1c10e519 /meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
parent: 54578cd03958c076f6113928fb60f882ada1e107 (diff)
download: poky-e3ce89324da1e33c17c9180ef846f41d92616254.tar.gz
1 files changed, 12 insertions, 12 deletions
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index c635be8aca..d72edcb5ed 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -4,20 +4,20 @@ export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
 # Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools
 # CAFILE/CAPATH is auto-deteced when source buildtools
-if [ -z "$SSL_CERT_FILE" ]; then
+if [ -z "${SSL_CERT_FILE:-}" ]; then
-   if [ -n "$CAFILE" ];then
+        if [ -n "${CAFILE:-}" ];then
-       export SSL_CERT_FILE="$CAFILE"
+                export SSL_CERT_FILE="$CAFILE"
-   elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
-       export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
+                export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
-   fi
+        fi
 fi
-if [ -z "$SSL_CERT_DIR" ]; then
+if [ -z "${SSL_CERT_DIR:-}" ]; then
-   if [ -n "$CAPATH" ];then
+        if [ -n "${CAPATH:-}" ];then
-       export SSL_CERT_DIR="$CAPATH"
+                export SSL_CERT_DIR="$CAPATH"
-   elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
+        elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
-       export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
+                export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
-   fi
+        fi
 fi
 export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"
author	Haixiao Yan <haixiao.yan.cn@windriver.com>	2025-09-16 21:19:18 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-09-22 13:17:52 -0700
commit	e3ce89324da1e33c17c9180ef846f41d92616254 (patch)
tree	c348dde127578a494b4acfb6cb5445cd1c10e519 /meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
parent	54578cd03958c076f6113928fb60f882ada1e107 (diff)
download	poky-e3ce89324da1e33c17c9180ef846f41d92616254.tar.gz

diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index c635be8aca..d72edcb5ed 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -4,20 +4,20 @@ export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
4		4
5	# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools	5	# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools
6	# CAFILE/CAPATH is auto-deteced when source buildtools	6	# CAFILE/CAPATH is auto-deteced when source buildtools
7	if [ -z "$SSL_CERT_FILE" ]; then	7	if [ -z "${SSL_CERT_FILE:-}" ]; then
8	if [ -n "$CAFILE" ];then	8	if [ -n "${CAFILE:-}" ];then
9	export SSL_CERT_FILE="$CAFILE"	9	export SSL_CERT_FILE="$CAFILE"
10	elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then	10	elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
11	export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"	11	export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
12	fi	12	fi
13	fi	13	fi
14		14
15	if [ -z "$SSL_CERT_DIR" ]; then	15	if [ -z "${SSL_CERT_DIR:-}" ]; then
16	if [ -n "$CAPATH" ];then	16	if [ -n "${CAPATH:-}" ];then
17	export SSL_CERT_DIR="$CAPATH"	17	export SSL_CERT_DIR="$CAPATH"
18	elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then	18	elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
19	export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"	19	export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
20	fi	20	fi
21	fi	21	fi
22		22
23	export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"	23	export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE"