On Wed, 2017-07-05 at 15:58 +0800, [email protected] wrote: > From: Kai Kang <[email protected]> > > Distro feature 'openssl-no-weak-ciphers' is introduced to disable > openssl weak ciphers support which include ecdsa. So configure bind > without ecdsa if openssl doesn't support it. > > Signed-off-by: Kai Kang <[email protected]> > --- > meta/recipes-connectivity/bind/bind_9.10.3-P3.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb > b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb > index 7eb79b0..e10cffc 100644 > --- a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb > +++ b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb > @@ -41,6 +41,7 @@ ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains(' > DISTRO_FEATURES', 'ipv6', 'ye > EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \ > --disable-devpoll --enable-epoll --with-gost=no \ > --with-gssapi=no --with-ecdsa=yes \ > + --with-ecdsa=${@bb.utils.contains('DISTRO_FEATURES' > , 'openssl-no-weak-ciphers', 'no', 'yes', d)} \ > --sysconfdir=${sysconfdir}/bind \ > --with-openssl=${STAGING_LIBDIR}/.. \ > " >
I think there are a few more questions that need answering about this, like why ecdsa is considered weak but this patch leaves --with- ecdsa=yes in there which is confusing at best. I do think these are best controlled as individual PACKAGECONFIG options rather than a distro setting which is ambigous (what is 'weak'). Cheers, Richard -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
