Using openssl-native shared libraries correctly is hard. A number of environment variables need to be correctly set or the errors may be really confusing. openssl can be made to detect these paths automatically, but upstream has rejected these ideas. openssl-native provides a wrapper script for 'openssl' binary, but shared library users like python3-cryptgraphy-native need to have the shared libraries working directly. Thus follow example from python3native.bbclass and implement this via openssl-native.bbclass.
If full certificate checking is needed, then users also need to DEPEND on ca-certificates-native. See also: https://lists.openembedded.org/g/openembedded-core/topic/93651845#170562 https://github.com/openssl/openssl/issues/19242 Signed-off-by: Mikko Rapeli <mikko.rap...@linaro.org> --- documentation/ref-manual/classes.rst | 11 +++++++++++ meta/classes/openssl-native.bbclass | 7 +++++++ meta/recipes-connectivity/openssl/openssl_3.0.5.bb | 1 + 3 files changed, 19 insertions(+) create mode 100644 meta/classes/openssl-native.bbclass diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 11e0d472e8..5fc30f9233 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -1672,6 +1672,17 @@ one such example. However, being aware of this class can reduce the proliferation of different versions of similar classes across multiple layers. +.. _ref-classes-openssl-native: + +``openssl-native.bbclass`` +================== + +The ``openssl-native`` class supports using the native version of openssl +built by the build system rather than support of the version provided +by the build host. It helps setting environment variables for engines, +modules, certificates etc correctly. For full certificate checking +users should also add ``ca-certificates-native`` to :term:`DEPENDS`. + .. _ref-classes-overlayfs: ``overlayfs.bbclass`` diff --git a/meta/classes/openssl-native.bbclass b/meta/classes/openssl-native.bbclass new file mode 100644 index 0000000000..753f0b0fa4 --- /dev/null +++ b/meta/classes/openssl-native.bbclass @@ -0,0 +1,7 @@ +DEPENDS += "openssl-native" + +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" +export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3" +export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf" +export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs" +export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem" diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb index 04aff04fab..a0e63d7830 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb @@ -163,6 +163,7 @@ do_install () { ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf } +# Please keep openssl-native.bbclass in sync with this wrapper do_install:append:class-native () { create_wrapper ${D}${bindir}/openssl \ OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#171376): https://lists.openembedded.org/g/openembedded-core/message/171376 Mute This Topic: https://lists.openembedded.org/mt/94110195/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
