| Message ID | 1399445635-29373-1-git-send-email-koen.kooi@linaro.org |
|---|---|
| State | New |
| Headers | show |
On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
> ++ TLS_LIBS="-lgnutls -lgcrypt"
Does this mean we need something more in DEPENDS or DEPENDS part of
PACKAGECONFIG too ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Khem Raj schreef op 07-05-14 09:47: > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote: >> ++ TLS_LIBS="-lgnutls -lgcrypt" > > Does this mean we need something more in DEPENDS or DEPENDS part of > PACKAGECONFIG too ? Should be automatic since gnutls depends on it. It's not a new dependency. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: GPGTools - http://gpgtools.org iD8DBQFTae7hMkyGM64RGpERAlsXAJ46k4UMzSXDOuDVC5j4o/5gCpXN4ACaAjif 2fplxwMdF1anRHDfNJDNt2I= =bGia -----END PGP SIGNATURE-----
On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote: > Khem Raj schreef op 07-05-14 09:47: > > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote: > >> ++ TLS_LIBS="-lgnutls -lgcrypt" > > > > Does this mean we need something more in DEPENDS or DEPENDS part of > > PACKAGECONFIG too ? > > Should be automatic since gnutls depends on it. It's not a new dependency. BitBake does not automatically ensure dependencies-of-dependencies are in the sysroot. They almost always will be, but I have seen failures in these kinds of situations before. Since it explicitly wants to link against libgcrypt, libgcrypt should be in its DEPENDS. Cheers, Paul
Op 7 mei 2014, om 10:57 heeft Paul Eggleton <paul.eggleton@linux.intel.com> het volgende geschreven: > On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote: >> Khem Raj schreef op 07-05-14 09:47: >>> On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote: >>>> ++ TLS_LIBS="-lgnutls -lgcrypt" >>> >>> Does this mean we need something more in DEPENDS or DEPENDS part of >>> PACKAGECONFIG too ? >> >> Should be automatic since gnutls depends on it. It's not a new dependency. > > BitBake does not automatically ensure dependencies-of-dependencies are in the > sysroot. They almost always will be, but I have seen failures in these kinds > of situations before. Since it explicitly wants to link against libgcrypt, > libgcrypt should be in its DEPENDS. You are completely right! And my original explanation was bogus since the patch was needed since gnutls *stopped* needing gcrypt. regards, Koen
On Wed, May 07, 2014 at 09:57:52AM +0100, Paul Eggleton wrote: > On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote: > > Khem Raj schreef op 07-05-14 09:47: > > > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote: > > >> ++ TLS_LIBS="-lgnutls -lgcrypt" > > > > > > Does this mean we need something more in DEPENDS or DEPENDS part of > > > PACKAGECONFIG too ? > > > > Should be automatic since gnutls depends on it. It's not a new dependency. > > BitBake does not automatically ensure dependencies-of-dependencies are in the > sysroot. They almost always will be, but I have seen failures in these kinds Are you sure it doesn't? But I'm also in favor of specifying dependencies-of-dependencies in cases where the recipe configure task explicitly check for them (so that when the required dependency is no longer included in "parent" dependency, e.g. after moving it to PACKAGECONFIG).
On Wednesday 07 May 2014 18:48:44 Martin Jansa wrote: > On Wed, May 07, 2014 at 09:57:52AM +0100, Paul Eggleton wrote: > > On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote: > > > Khem Raj schreef op 07-05-14 09:47: > > > > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote: > > > >> ++ TLS_LIBS="-lgnutls -lgcrypt" > > > > > > > > Does this mean we need something more in DEPENDS or DEPENDS part of > > > > PACKAGECONFIG too ? > > > > > > Should be automatic since gnutls depends on it. It's not a new > > > dependency. > > > > BitBake does not automatically ensure dependencies-of-dependencies are in > > the sysroot. They almost always will be, but I have seen failures in > > these kinds > > Are you sure it doesn't? Pretty sure, yes. > But I'm also in favor of specifying dependencies-of-dependencies in > cases where the recipe configure task explicitly check for them (so that > when the required dependency is no longer included in "parent" > dependency, e.g. after moving it to PACKAGECONFIG). If the recipe's configure task explicitly checks for them then to my mind they cease to be dependencies of dependencies and become just dependencies. Cheers, Paul
diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch new file mode 100644 index 0000000..dffd3ca --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch @@ -0,0 +1,44 @@ +From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Sat, 7 Sep 2013 09:39:24 -0700 +Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function + +Upstream-status: Backport + +--- + libraries/libldap/tls_g.c | 12 ++++++++++++ + 1 files changed, 12 insertions(+), 0 deletions(-) + +diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c +index 9acffaf..c793828 100644 +--- a/libraries/libldap/tls_g.c ++++ b/libraries/libldap/tls_g.c +@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) + * then we have to build the cert chain. + */ + if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { ++#if GNUTLS_VERSION_NUMBER >= 0x020c00 ++ unsigned int i; ++ for ( i = 1; i<VERIFY_DEPTH; i++ ) { ++ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 )) ++ break; ++ max++; ++ /* If this CA is self-signed, we're done */ ++ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] )) ++ break; ++ } ++#else + gnutls_x509_crt_t *cas; + unsigned int i, j, ncas; + +@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) + if ( j == ncas ) + break; + } ++#endif + } + rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); + if ( rc ) return -1; +-- +1.7.4.2 + diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch new file mode 100644 index 0000000..c7b1552 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch @@ -0,0 +1,17 @@ +From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/ + +Upstream-status: Unknown + +-- + +--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000 ++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000 +@@ -1214,7 +1214,7 @@ + ol_with_tls=gnutls + ol_link_tls=yes + +- TLS_LIBS="-lgnutls" ++ TLS_LIBS="-lgnutls -lgcrypt" + + AC_DEFINE(HAVE_GNUTLS, 1, + [define if you have GNUtls]) diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb index 5c6f9ea..d85de03 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb @@ -16,6 +16,8 @@ LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}" SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \ file://openldap-m4-pthread.patch \ file://kill-icu.patch \ + file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \ + file://openldap-2.4.28-gnutls-gcrypt.patch \ file://initscript \ " SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"
OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> --- .../0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch | 44 ++++++++++++++++++++++ .../openldap-2.4.28-gnutls-gcrypt.patch | 17 +++++++++ .../recipes-support/openldap/openldap_2.4.23.bb | 2 + 3 files changed, 63 insertions(+) create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch