[Buildroot] [PATCH 1/2 v2] package/libssh: fix dependency on libgcrypt

Yann E. MORIN yann.morin.1998 at free.fr
Fri Sep 9 21:11:44 UTC 2016


Arnout, All,

On 2016-09-09 22:58 +0200, Arnout Vandecappelle spake thusly:
> On 08-09-16 23:11, Yann E. MORIN wrote:
> > Since 2f89476 (package/libgpg-error: bump to version 1.23), libssh has
> > inherited the dependency from libgcrypt (propagated from libgpg-error).
> > 
> > However, since libssh can use either openssl or libgcrypt as a backend,
> > the dependency should be relaxed when openssl is available.
> > 
> > But the test is broken and inverted: it will make libssh unavailable as
> > soon as openssl is enabled.
> > 
> > This in itself is already incorrect, but that can cause further issues,
> > as some packages (e.g. Kodi) will select (indirectly) openssl, and has
> > an option to select libssh; enabling that option causes unmet direct
> > dependencies of libssh:
> > 
> >     warning: (BR2_PACKAGE_KODI_LIBSSH) selects BR2_PACKAGE_LIBSSH which
> >     has unmet direct dependencies (BR2_USE_MMU && !BR2_STATIC_LIBS &&
> >     BR2_TOOLCHAIN_HAS_THREADS && BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS
> >     && !BR2_PACKAGE_OPENSSL)
> > 
> > Fix this dependency byt doing what other similar packages do: select
>                         ^
> 
> > openssl if the other crypto backend (here libgcrypt) is not enabled.
> 
>  Well, there are still some that prefer a different crypto backend: mosh prefers
> nettle over openssl, shairport-sync prefers polarssl. But those packages don't
> depend on anything so no problem.

Depending is not a problem; it's the select that is a problem.

What we must be very careful is to always do the select-if in the same
order for all packages.

For example, the following is wrong:

    config BR2_PKG_FOO
        select BR2_PKG_OPENSSL if !BR2_PKG_NETTLE

    config BR2_PKG_BAR
        select BR2_PKG_NETTLE if !BR2_PKG_OPENSSL

This would cause quite some issue for Kconfig...

And I don't know how I did my previous check, but we have quite a few
different ordering:

    $ git grep -E 'select (.*BR2_PACKAGE_(OPENSSL|NETTLE|GNUTLS|LIBGCRYPT|LIBNSS)){2,}'
    package/flickcurl/Config.in:select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_LIBNSS)
    package/gstreamer1/gst1-plugins-bad/Config.in:select BR2_PACKAGE_NETTLE if !(BR2_PACKAGE_LIBGCRYPT || BR2_PACKAGE_OPENSSL)
    package/lftp/Config.in:select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_GNUTLS
    package/libssh/Config.in:select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
    package/libssh2/Config.in:select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
    package/mosh/Config.in:select BR2_PACKAGE_NETTLE if !BR2_PACKAGE_OPENSSL
    package/x11r7/xserver_xorg-server/Config.in:select BR2_PACKAGE_LIBSHA1 if (!BR2_PACKAGE_OPENSSL && !BR2_PACKAGE_LIBGCRYPT)

We should fix that, I think...

My proposal is that, unless a "better" backend is selected, we always
fallback to openssl, in Kconfig at least.

Then in the .mk, we can order the if-blocks to start with the prefered
backend, in case more than one are enabled.

Regards,
Yann E. MORIN.

> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
> 
>  Regards,
>  Arnout
> 
> > This also allows us to drop the propagated dependency on the arch
> > condition.
> > 
> > Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> > Cc: Arnout Vandecappelle <arnout at mind.be>
> > Cc: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
> > Cc: Jörg Krause <joerg.krause at embedded.rocks>
> > Cc: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
> > Cc: Maxime Hadjinlian <maxime.hadjinlian at gmail.com>
> > Cc: Romain Naour <romain.naour at openwide.fr>
> > 
> > ---
> > Changes v1 -> v2:
> >   - invert the selection to use openssl as a fallback  (Thomas)
> >   - drop the arch dependency  (Thomas)
> > ---
> >  package/libssh/Config.in | 3 +--
> >  package/libssh/libssh.mk | 4 ++--
> >  2 files changed, 3 insertions(+), 4 deletions(-)
> > 
> > diff --git a/package/libssh/Config.in b/package/libssh/Config.in
> > index 6029f45..3dbfa7d 100644
> > --- a/package/libssh/Config.in
> > +++ b/package/libssh/Config.in
> > @@ -4,8 +4,7 @@ config BR2_PACKAGE_LIBSSH
> >  	depends on !BR2_STATIC_LIBS
> >  	depends on BR2_TOOLCHAIN_HAS_THREADS
> >  	# Either OpenSSL or libgcrypt are mandatory
> > -	depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS && !BR2_PACKAGE_OPENSSL # libgcrypt
> > -	select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
> > +	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBGCRYPT
> >  	help
> >  	  libssh is a multiplatform C library implementing the SSHv2
> >  	  and SSHv1 protocol on client and server side. With libssh,
> > diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
> > index 29bbf4e..429e3c1 100644
> > --- a/package/libssh/libssh.mk
> > +++ b/package/libssh/libssh.mk
> > @@ -23,14 +23,14 @@ else
> >  LIBSSH_CONF_OPTS += -DWITH_ZLIB=OFF
> >  endif
> >  
> > +# Dependency is either on libgcrypt or openssl, guaranteed in Config.in.
> > +# Favour libgcrypt.
> >  ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> >  LIBSSH_CONF_OPTS += -DWITH_GCRYPT=ON
> >  LIBSSH_DEPENDENCIES += libgcrypt
> >  else
> >  LIBSSH_CONF_OPTS += -DWITH_GCRYPT=OFF
> > -ifeq ($(BR2_PACKAGE_OPENSSL),y)
> >  LIBSSH_DEPENDENCIES += openssl
> >  endif
> > -endif
> >  
> >  $(eval $(cmake-package))
> > 
> 
> -- 
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list