[Buildroot] [PATCH 1/2 v2] package/libssh: fix dependency on libgcrypt

Arnout Vandecappelle arnout at mind.be
Fri Sep 9 23:01:29 UTC 2016 

On 09-09-16 23:11, Yann E. MORIN wrote:
> Arnout, All,
>
> On 2016-09-09 22:58 +0200, Arnout Vandecappelle spake thusly:
[snip]
> >  Well, there are still some that prefer a different crypto backend: mosh prefers
> > nettle over openssl, shairport-sync prefers polarssl. But those packages don't
> > depend on anything so no problem.
>
> Depending is not a problem; it's the select that is a problem.
>
> What we must be very careful is to always do the select-if in the same
> order for all packages.
>
> For example, the following is wrong:
>
>     config BR2_PKG_FOO
>         select BR2_PKG_OPENSSL if !BR2_PKG_NETTLE
>
>     config BR2_PKG_BAR
>         select BR2_PKG_NETTLE if !BR2_PKG_OPENSSL
>
> This would cause quite some issue for Kconfig...

 Yes, that kind of situation should be avoided.

>
> And I don't know how I did my previous check, but we have quite a few
> different ordering:
>
>     $ git grep -E 'select
> (.*BR2_PACKAGE_(OPENSSL|NETTLE|GNUTLS|LIBGCRYPT|LIBNSS)){2,}'
 Great regexp! But you missed polarssl. And libtomcrypt but nobody uses that.
And beecrypt but only rpm uses it.

>     package/flickcurl/Config.in:select BR2_PACKAGE_OPENSSL if
> !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_LIBNSS)
>     package/gstreamer1/gst1-plugins-bad/Config.in:select BR2_PACKAGE_NETTLE if
> !(BR2_PACKAGE_LIBGCRYPT || BR2_PACKAGE_OPENSSL)
>     package/lftp/Config.in:select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_GNUTLS
>     package/libssh/Config.in:select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
>     package/libssh2/Config.in:select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
>     package/mosh/Config.in:select BR2_PACKAGE_NETTLE if !BR2_PACKAGE_OPENSSL
package/shairport-sync/Config.in:select BR2_PACKAGE_POLARSSL if !BR2_PACKAGE_OPENSSL
>     package/x11r7/xserver_xorg-server/Config.in:select BR2_PACKAGE_LIBSHA1 if
> (!BR2_PACKAGE_OPENSSL && !BR2_PACKAGE_LIBGCRYPT)
>
> We should fix that, I think...
>
> My proposal is that, unless a "better" backend is selected, we always
> fallback to openssl, in Kconfig at least.

 I disagree. openssl is big. So something like this, rather:

nettle < polarssl < openssl < gnutls < libgcrypt < libnss

(nettle has an LGPLv3 option, polarssl is only GPLv2, gnutls needs wchar, libnss
a lot more).

Oh, and libsha1 is a special case of course.

 So actually, the current situation is OK except for libssh{,2}.

 Regards,
 Arnout


>
> Then in the .mk, we can order the if-blocks to start with the prefered
> backend, in case more than one are enabled.
>
> Regards,
> Yann E. MORIN.
>
> > Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
> >
> >  Regards,
> >  Arnout
> >
> >> This also allows us to drop the propagated dependency on the arch
> >> condition.
> >>
> >> Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> >> Cc: Arnout Vandecappelle <arnout at mind.be>
> >> Cc: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
> >> Cc: Jörg Krause <joerg.krause at embedded.rocks>
> >> Cc: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
> >> Cc: Maxime Hadjinlian <maxime.hadjinlian at gmail.com>
> >> Cc: Romain Naour <romain.naour at openwide.fr>
> >>
> >> ---
> >> Changes v1 -> v2:
> >>   - invert the selection to use openssl as a fallback  (Thomas)
> >>   - drop the arch dependency  (Thomas)
> >> ---
> >>  package/libssh/Config.in | 3 +--
> >>  package/libssh/libssh.mk | 4 ++--
> >>  2 files changed, 3 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/package/libssh/Config.in b/package/libssh/Config.in
> >> index 6029f45..3dbfa7d 100644
> >> --- a/package/libssh/Config.in
> >> +++ b/package/libssh/Config.in
> >> @@ -4,8 +4,7 @@ config BR2_PACKAGE_LIBSSH
> >>      depends on !BR2_STATIC_LIBS
> >>      depends on BR2_TOOLCHAIN_HAS_THREADS
> >>      # Either OpenSSL or libgcrypt are mandatory
> >> -    depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS &&
> !BR2_PACKAGE_OPENSSL # libgcrypt
> >> -    select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_OPENSSL
> >> +    select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBGCRYPT
> >>      help
> >>        libssh is a multiplatform C library implementing the SSHv2
> >>        and SSHv1 protocol on client and server side. With libssh,
> >> diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
> >> index 29bbf4e..429e3c1 100644
> >> --- a/package/libssh/libssh.mk
> >> +++ b/package/libssh/libssh.mk
> >> @@ -23,14 +23,14 @@ else
> >>  LIBSSH_CONF_OPTS += -DWITH_ZLIB=OFF
> >>  endif
> >>  
> >> +# Dependency is either on libgcrypt or openssl, guaranteed in Config.in.
> >> +# Favour libgcrypt.
> >>  ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> >>  LIBSSH_CONF_OPTS += -DWITH_GCRYPT=ON
> >>  LIBSSH_DEPENDENCIES += libgcrypt
> >>  else
> >>  LIBSSH_CONF_OPTS += -DWITH_GCRYPT=OFF
> >> -ifeq ($(BR2_PACKAGE_OPENSSL),y)
> >>  LIBSSH_DEPENDENCIES += openssl
> >>  endif
> >> -endif
> >>  
> >>  $(eval $(cmake-package))
> >>
> >
> > --
> > Arnout Vandecappelle                          arnout at mind be
> > Senior Embedded Software Architect            +32-16-286500
> > Essensium/Mind                                http://www.mind.be
> > G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> > LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> > GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
>

-- 
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

More information about the buildroot mailing list