[PATCH 1/5] libressl: new package

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/5] libressl: new package

Adam Duskett
    Libressl is a fork of openssl from OpenSSL in 2014.  It's goal is to
    modernize the OpenSSL codebase, improve security, and apply best practice
    development processes.

    Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
    include all new APIs from OpenSSL 1.0.2 and later.

    The main source is libressl-portable, which "Includes the build scaffold
    and compatibility layer that builds portable LibreSSL from the OpenBSD
    source code."

    Before the build process can begin, autogen.sh must be ran manually,
    as it pulls from the upstream OpenBSD source which adds several
    directories to the source, along with several other steps necessary
    before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
    with several "No such file or directory" errors as well.

    This package has been tested with the following architectures and c libraries:
    - armv4
    - aarch64
    - ppc
    - ppc64
    - ppc64le
    - x86_64
    - uClibc-ng
    - glibc 2.24
    - musl

Signed-off-by: Adam Duskett <[hidden email]>
---
 package/Config.in              |  1 +
 package/libressl/Config.in     | 20 ++++++++++++++++++++
 package/libressl/libressl.hash |  2 ++
 package/libressl/libressl.mk   | 31 +++++++++++++++++++++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 package/libressl/Config.in
 create mode 100644 package/libressl/libressl.hash
 create mode 100644 package/libressl/libressl.mk

diff --git a/package/Config.in b/package/Config.in
index 529bd96..1674444 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -963,6 +963,7 @@ menu "Crypto"
  source "package/libmcrypt/Config.in"
  source "package/libmhash/Config.in"
  source "package/libnss/Config.in"
+ source "package/libressl/Config.in"
  source "package/libscrypt/Config.in"
  source "package/libsecret/Config.in"
  source "package/libsha1/Config.in"
diff --git a/package/libressl/Config.in b/package/libressl/Config.in
new file mode 100644
index 0000000..035176a
--- /dev/null
+++ b/package/libressl/Config.in
@@ -0,0 +1,20 @@
+config BR2_PACKAGE_LIBRESSL
+ bool "libressl"
+ help
+  LibreSSL is a version of the TLS/crypto stack forked from
+  OpenSSL in 2014, with goals of modernizing the codebase,
+  improving security, and applying best practice development
+  processes.
+
+  http://www.libressl.org/
+
+if BR2_PACKAGE_LIBRESSL
+
+config BR2_PACKAGE_LIBRESSL_BIN
+ bool "openssl binary"
+ help
+  Install the openssl binary and the associated helper scripts
+  to the target file system. This is a command line tool for
+  doing various cryptographic stuff.
+
+endif
diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
new file mode 100644
index 0000000..9c478de
--- /dev/null
+++ b/package/libressl/libressl.hash
@@ -0,0 +1,2 @@
+# Locally computed
+sha256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c libressl-v2.5.4.tar.gz
diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
new file mode 100644
index 0000000..940ca22
--- /dev/null
+++ b/package/libressl/libressl.mk
@@ -0,0 +1,31 @@
+################################################################################
+#
+# libressl
+#
+################################################################################
+
+LIBRESSL_VERSION = v2.5.4
+LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
+LIBRESSL_SITE_METHOD = git
+LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
+LIBRESSL_LICENSE_FILES = COPYING
+LIBRESSL_INSTALL_STAGING = YES
+
+# autogen.sh needs to be ran manually as it pulls from the upstream
+# OpenBSD source which adds several directories to the source.
+# Setting LIBRESSL_AUTORECONF = YES fails with several
+# "No such file or directory" errors.
+define LIBRESSL_RUN_AUTOGEN
+ cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
+endef
+LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN
+
+ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
+define LIBRESSL_REMOVE_BIN
+ $(RM) -f $(TARGET_DIR)/usr/bin/openssl
+endef
+LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
+endif
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))
--
2.9.4

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/5] libssl: new virtual package.

Adam Duskett
    libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
    with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
    having both libressl and openssl.

Signed-off-by: Adam Duskett <[hidden email]>
---
 package/Config.in        | 1 +
 package/libssl/Config.in | 6 ++++++
 package/libssl/libssl.mk | 7 +++++++
 3 files changed, 14 insertions(+)
 create mode 100644 package/libssl/Config.in
 create mode 100644 package/libssl/libssl.mk

diff --git a/package/Config.in b/package/Config.in
index 1674444..a7af71e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -967,6 +967,7 @@ menu "Crypto"
  source "package/libscrypt/Config.in"
  source "package/libsecret/Config.in"
  source "package/libsha1/Config.in"
+ source "package/libssl/Config.in"
  source "package/libsodium/Config.in"
  source "package/libssh/Config.in"
  source "package/libssh2/Config.in"
diff --git a/package/libssl/Config.in b/package/libssl/Config.in
new file mode 100644
index 0000000..71347de
--- /dev/null
+++ b/package/libssl/Config.in
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_HAS_LIBSSL
+ bool
+
+config BR2_PACKAGE_PROVIDES_LIBSSL
+ string
+ depends on BR2_PACKAGE_HAS_LIBSSL
diff --git a/package/libssl/libssl.mk b/package/libssl/libssl.mk
new file mode 100644
index 0000000..6e89bcc
--- /dev/null
+++ b/package/libssl/libssl.mk
@@ -0,0 +1,7 @@
+################################################################################
+#
+# libssl
+#
+################################################################################
+
+$(eval $(virtual-package))
--
2.9.4

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

[PATCH 3/5] libressl: add libssl virtual package support.

Adam Duskett
In reply to this post by Adam Duskett
libressl can provide libssl.

Signed-off-by: Adam Duskett <[hidden email]>
---
 package/libressl/Config.in   | 4 ++++
 package/libressl/libressl.mk | 1 +
 2 files changed, 5 insertions(+)

diff --git a/package/libressl/Config.in b/package/libressl/Config.in
index 035176a..2cc87d0 100644
--- a/package/libressl/Config.in
+++ b/package/libressl/Config.in
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_LIBRESSL
  bool "libressl"
+ select BR2_PACKAGE_HAS_LIBSSL
  help
   LibreSSL is a version of the TLS/crypto stack forked from
   OpenSSL in 2014, with goals of modernizing the codebase,
@@ -10,6 +11,9 @@ config BR2_PACKAGE_LIBRESSL
 
 if BR2_PACKAGE_LIBRESSL
 
+config BR2_PACKAGE_PROVIDES_LIBSSL
+ default "libressl"
+
 config BR2_PACKAGE_LIBRESSL_BIN
  bool "openssl binary"
  help
diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
index 940ca22..e057662 100644
--- a/package/libressl/libressl.mk
+++ b/package/libressl/libressl.mk
@@ -10,6 +10,7 @@ LIBRESSL_SITE_METHOD = git
 LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
 LIBRESSL_LICENSE_FILES = COPYING
 LIBRESSL_INSTALL_STAGING = YES
+LIBRESSL_PROVIDES = libssl
 
 # autogen.sh needs to be ran manually as it pulls from the upstream
 # OpenBSD source which adds several directories to the source.
--
2.9.4

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

[PATCH 4/5] openssl: add libssl virtual package support.

Adam Duskett
In reply to this post by Adam Duskett
openssl can provide libssl.

Signed-off-by: Adam Duskett <[hidden email]>
---
 package/openssl/Config.in  | 3 +++
 package/openssl/openssl.mk | 1 +
 2 files changed, 4 insertions(+)

diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index e08b648..4871f43 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_OPENSSL
  bool "openssl"
  select BR2_PACKAGE_ZLIB
+ select BR2_PACKAGE_HAS_LIBSSL
  help
   A collaborative effort to develop a robust, commercial-grade, fully
   featured, and Open Source toolkit implementing the Secure Sockets
@@ -13,6 +14,8 @@ config BR2_PACKAGE_OPENSSL
 
 if BR2_PACKAGE_OPENSSL
 
+config BR2_PACKAGE_PROVIDES_LIBSSL
+ default "openssl"
 config BR2_PACKAGE_OPENSSL_BIN
  bool "openssl binary"
  help
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 5f56b44..c028290 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -10,6 +10,7 @@ OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE
 OPENSSL_INSTALL_STAGING = YES
 OPENSSL_DEPENDENCIES = zlib
+OPENSSL_PROVIDES = libssl
 HOST_OPENSSL_DEPENDENCIES = host-zlib
 OPENSSL_TARGET_ARCH = generic32
 OPENSSL_CFLAGS = $(TARGET_CFLAGS)
--
2.9.4

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

[PATCH 5/5] DEVELOPERS: Add Adam Duskett for libressl

Adam Duskett
In reply to this post by Adam Duskett
Signed-off-by: Adam Duskett <[hidden email]>
---
 DEVELOPERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/DEVELOPERS b/DEVELOPERS
index 9a11f8b..6fc5079 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -33,6 +33,7 @@ N: Adam Duskett <[hidden email]>
 F: package/audit/
 F: package/checkpolicy/
 F: package/gstreamer1/gst1-vaapi/
+F: package/libressl/
 F: package/libselinux/
 F: package/libsemanage/
 F: package/libsepol/
--
2.9.4

_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] libressl: new package

Thomas Petazzoni-2
In reply to this post by Adam Duskett
Hello Adam,

Thanks for working on the libressl topic, definitely a useful change.
See some comments below.

On Thu, 15 Jun 2017 10:29:24 -0400, Adam Duskett wrote:

>     Libressl is a fork of openssl from OpenSSL in 2014.  It's goal is to
>     modernize the OpenSSL codebase, improve security, and apply best practice
>     development processes.
>
>     Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
>     include all new APIs from OpenSSL 1.0.2 and later.
>
>     The main source is libressl-portable, which "Includes the build scaffold
>     and compatibility layer that builds portable LibreSSL from the OpenBSD
>     source code."
>
>     Before the build process can begin, autogen.sh must be ran manually,
>     as it pulls from the upstream OpenBSD source which adds several
>     directories to the source, along with several other steps necessary
>     before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
>     with several "No such file or directory" errors as well.
>
>     This package has been tested with the following architectures and c libraries:
>     - armv4
>     - aarch64
>     - ppc
>     - ppc64
>     - ppc64le
>     - x86_64
>     - uClibc-ng
>     - glibc 2.24
>     - musl

Why is this entire commit log indented with 4 spaces? Could you just
start the lines, well, at the beginning of the lines?


> +LIBRESSL_VERSION = v2.5.4
> +LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
> +LIBRESSL_SITE_METHOD = git

Please use the "github" helper function instead.

Or even better, use release tarballs from
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/. This way, you don't need
to call autogen.sh.

> +LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay

Where do this license list comes from?

> +LIBRESSL_LICENSE_FILES = COPYING

I don't see any file named "COPYING" in the repository at
https://github.com/libressl-portable/portable/tree/v2.5.4.

> +LIBRESSL_INSTALL_STAGING = YES
> +
> +# autogen.sh needs to be ran manually as it pulls from the upstream
> +# OpenBSD source which adds several directories to the source.
> +# Setting LIBRESSL_AUTORECONF = YES fails with several
> +# "No such file or directory" errors.
> +define LIBRESSL_RUN_AUTOGEN
> + cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
> +endef
> +LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN

Not needed if you use the release tarballs, as suggested above.

> +
> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
> +define LIBRESSL_REMOVE_BIN
> + $(RM) -f $(TARGET_DIR)/usr/bin/openssl
> +endef
> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
> +endif
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))

Thanks!

Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Thomas Petazzoni-2
In reply to this post by Adam Duskett
Hello,

Nit: don't use a final "." in the commit titles.

On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>     having both libressl and openssl.

No indentation of 4 spaces for the commit log.

> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
> new file mode 100644
> index 0000000..71347de
> --- /dev/null
> +++ b/package/libssl/Config.in
> @@ -0,0 +1,6 @@
> +config BR2_PACKAGE_HAS_LIBSSL
> + bool
> +
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> + string
> + depends on BR2_PACKAGE_HAS_LIBSSL

Should it be named "libssl" or "ssl". I think Arnout suggested just
"ssl" on IRC, didn't he?

Also, I believe for this package we should use the jpeg/jpeg-turbo
model instead of the conventional virtual package model, because we
want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
which is a bit annoying.

Again, see the libjpeg virtual package.

Best regards,

Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 5/5] DEVELOPERS: Add Adam Duskett for libressl

Thomas Petazzoni-2
In reply to this post by Adam Duskett
Hello,

On Thu, 15 Jun 2017 10:29:28 -0400, Adam Duskett wrote:
> Signed-off-by: Adam Duskett <[hidden email]>
> ---
>  DEVELOPERS | 1 +
>  1 file changed, 1 insertion(+)

Should be part of the patch adding the package.

Thanks!

Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] libressl: new package

Arnout Vandecappelle (Essensium/Mind)
In reply to this post by Adam Duskett


On 15-06-17 16:29, Adam Duskett wrote:
>     Libressl is a fork of openssl from OpenSSL in 2014.  It's goal is to
                                                           ^^^^ Its

>     modernize the OpenSSL codebase, improve security, and apply best practice
>     development processes.
>
>     Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
>     include all new APIs from OpenSSL 1.0.2 and later.
>
>     The main source is libressl-portable, which "Includes the build scaffold
>     and compatibility layer that builds portable LibreSSL from the OpenBSD
>     source code."
>
>     Before the build process can begin, autogen.sh must be ran manually,
>     as it pulls from the upstream OpenBSD source which adds several

 That is not acceptable: it must be possible to do the build offline, after
doing 'make source'. If a configure scripts starts downloading things, that
won't work. But as Thomas pointed out, the release tarball fixes that.

>     directories to the source, along with several other steps necessary
>     before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
>     with several "No such file or directory" errors as well.

 Please wrap the commit message at 72 columns.

>
>     This package has been tested with the following architectures and c libraries:
>     - armv4
>     - aarch64
>     - ppc
>     - ppc64
>     - ppc64le
>     - x86_64
>     - uClibc-ng
>     - glibc 2.24
>     - musl
>
> Signed-off-by: Adam Duskett <[hidden email]>
> ---
>  package/Config.in              |  1 +
>  package/libressl/Config.in     | 20 ++++++++++++++++++++
>  package/libressl/libressl.hash |  2 ++
>  package/libressl/libressl.mk   | 31 +++++++++++++++++++++++++++++++
>  4 files changed, 54 insertions(+)
>  create mode 100644 package/libressl/Config.in
>  create mode 100644 package/libressl/libressl.hash
>  create mode 100644 package/libressl/libressl.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 529bd96..1674444 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -963,6 +963,7 @@ menu "Crypto"
>   source "package/libmcrypt/Config.in"
>   source "package/libmhash/Config.in"
>   source "package/libnss/Config.in"
> + source "package/libressl/Config.in"
>   source "package/libscrypt/Config.in"
>   source "package/libsecret/Config.in"
>   source "package/libsha1/Config.in"
> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
> new file mode 100644
> index 0000000..035176a
> --- /dev/null
> +++ b/package/libressl/Config.in
> @@ -0,0 +1,20 @@
> +config BR2_PACKAGE_LIBRESSL
> + bool "libressl"
> + help
> +  LibreSSL is a version of the TLS/crypto stack forked from
> +  OpenSSL in 2014, with goals of modernizing the codebase,
> +  improving security, and applying best practice development
> +  processes.
> +
> +  http://www.libressl.org/
> +
> +if BR2_PACKAGE_LIBRESSL
> +
> +config BR2_PACKAGE_LIBRESSL_BIN
> + bool "openssl binary"
> + help
> +  Install the openssl binary and the associated helper scripts
> +  to the target file system. This is a command line tool for
> +  doing various cryptographic stuff.
> +
> +endif
> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
> new file mode 100644
> index 0000000..9c478de
> --- /dev/null
> +++ b/package/libressl/libressl.hash
> @@ -0,0 +1,2 @@
> +# Locally computed
> +sha256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c libressl-v2.5.4.tar.gz

 Doesn't upstream provide any verifiable hashes? That's weird for a crypto lib...

> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> new file mode 100644
> index 0000000..940ca22
> --- /dev/null
> +++ b/package/libressl/libressl.mk
> @@ -0,0 +1,31 @@
> +################################################################################
> +#
> +# libressl
> +#
> +################################################################################
> +
> +LIBRESSL_VERSION = v2.5.4
> +LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
> +LIBRESSL_SITE_METHOD = git
> +LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay

 The , is ambiguous. If it is intended to be or for all of them, specify 'or'.
But I think the license is in fact different per component; in that case, put
the component to which the license applies between parenthesis.

> +LIBRESSL_LICENSE_FILES = COPYING
> +LIBRESSL_INSTALL_STAGING = YES
> +
> +# autogen.sh needs to be ran manually as it pulls from the upstream
> +# OpenBSD source which adds several directories to the source.
> +# Setting LIBRESSL_AUTORECONF = YES fails with several
> +# "No such file or directory" errors.

 If you do this, you also need to add host-automake etc. to _DEPENDENCIES.

> +define LIBRESSL_RUN_AUTOGEN
> + cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
> +endef
> +LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN
> +
> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
> +define LIBRESSL_REMOVE_BIN
> + $(RM) -f $(TARGET_DIR)/usr/bin/openssl

 the help message mentions "and scripts"...

> +endef
> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
> +endif
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))

 There's also a CMakeLists.txt; in many cases, that's better maintained so
easier to support going forward. But I don't know what upstream prefers.

 Regards,
 Arnout

--
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Arnout Vandecappelle (Essensium/Mind)
In reply to this post by Adam Duskett


On 15-06-17 16:29, Adam Duskett wrote:
>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>     having both libressl and openssl.
>
> Signed-off-by: Adam Duskett <[hidden email]>

Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <[hidden email]>
(after fixing commit indentation and wrapping).

 I'm not entirely happy with the the "libssl" name, because we have a dozen
different ssl/tls libraries and only two implement this virtual package. But I
can't really come up with anything better - "openssl-compat" just doesn't sound
very sexy :-)

 Regards,
 Arnout

> ---
>  package/Config.in        | 1 +
>  package/libssl/Config.in | 6 ++++++
>  package/libssl/libssl.mk | 7 +++++++
>  3 files changed, 14 insertions(+)
>  create mode 100644 package/libssl/Config.in
>  create mode 100644 package/libssl/libssl.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 1674444..a7af71e 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -967,6 +967,7 @@ menu "Crypto"
>   source "package/libscrypt/Config.in"
>   source "package/libsecret/Config.in"
>   source "package/libsha1/Config.in"
> + source "package/libssl/Config.in"
>   source "package/libsodium/Config.in"
>   source "package/libssh/Config.in"
>   source "package/libssh2/Config.in"
> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
> new file mode 100644
> index 0000000..71347de
> --- /dev/null
> +++ b/package/libssl/Config.in
> @@ -0,0 +1,6 @@
> +config BR2_PACKAGE_HAS_LIBSSL
> + bool
> +
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> + string
> + depends on BR2_PACKAGE_HAS_LIBSSL
> diff --git a/package/libssl/libssl.mk b/package/libssl/libssl.mk
> new file mode 100644
> index 0000000..6e89bcc
> --- /dev/null
> +++ b/package/libssl/libssl.mk
> @@ -0,0 +1,7 @@
> +################################################################################
> +#
> +# libssl
> +#
> +################################################################################
> +
> +$(eval $(virtual-package))
>

--
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 3/5] libressl: add libssl virtual package support.

Arnout Vandecappelle (Essensium/Mind)
In reply to this post by Adam Duskett


On 15-06-17 16:29, Adam Duskett wrote:
> libressl can provide libssl.
>
> Signed-off-by: Adam Duskett <[hidden email]>

Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <[hidden email]>

 Regards,
 Arnout

> ---
>  package/libressl/Config.in   | 4 ++++
>  package/libressl/libressl.mk | 1 +
>  2 files changed, 5 insertions(+)
>
> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
> index 035176a..2cc87d0 100644
> --- a/package/libressl/Config.in
> +++ b/package/libressl/Config.in
> @@ -1,5 +1,6 @@
>  config BR2_PACKAGE_LIBRESSL
>   bool "libressl"
> + select BR2_PACKAGE_HAS_LIBSSL
>   help
>    LibreSSL is a version of the TLS/crypto stack forked from
>    OpenSSL in 2014, with goals of modernizing the codebase,
> @@ -10,6 +11,9 @@ config BR2_PACKAGE_LIBRESSL
>  
>  if BR2_PACKAGE_LIBRESSL
>  
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> + default "libressl"
> +
>  config BR2_PACKAGE_LIBRESSL_BIN
>   bool "openssl binary"
>   help
> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> index 940ca22..e057662 100644
> --- a/package/libressl/libressl.mk
> +++ b/package/libressl/libressl.mk
> @@ -10,6 +10,7 @@ LIBRESSL_SITE_METHOD = git
>  LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
>  LIBRESSL_LICENSE_FILES = COPYING
>  LIBRESSL_INSTALL_STAGING = YES
> +LIBRESSL_PROVIDES = libssl
>  
>  # autogen.sh needs to be ran manually as it pulls from the upstream
>  # OpenBSD source which adds several directories to the source.
>

--
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 4/5] openssl: add libssl virtual package support.

Arnout Vandecappelle (Essensium/Mind)
In reply to this post by Adam Duskett


On 15-06-17 16:29, Adam Duskett wrote:
> openssl can provide libssl.
>
> Signed-off-by: Adam Duskett <[hidden email]>

Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <[hidden email]>

 Will you also convert some packages?

 Regards,
 Arnout

> ---
>  package/openssl/Config.in  | 3 +++
>  package/openssl/openssl.mk | 1 +
>  2 files changed, 4 insertions(+)
>
> diff --git a/package/openssl/Config.in b/package/openssl/Config.in
> index e08b648..4871f43 100644
> --- a/package/openssl/Config.in
> +++ b/package/openssl/Config.in
> @@ -1,6 +1,7 @@
>  config BR2_PACKAGE_OPENSSL
>   bool "openssl"
>   select BR2_PACKAGE_ZLIB
> + select BR2_PACKAGE_HAS_LIBSSL
>   help
>    A collaborative effort to develop a robust, commercial-grade, fully
>    featured, and Open Source toolkit implementing the Secure Sockets
> @@ -13,6 +14,8 @@ config BR2_PACKAGE_OPENSSL
>  
>  if BR2_PACKAGE_OPENSSL
>  
> +config BR2_PACKAGE_PROVIDES_LIBSSL
> + default "openssl"
>  config BR2_PACKAGE_OPENSSL_BIN
>   bool "openssl binary"
>   help
> diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
> index 5f56b44..c028290 100644
> --- a/package/openssl/openssl.mk
> +++ b/package/openssl/openssl.mk
> @@ -10,6 +10,7 @@ OPENSSL_LICENSE = OpenSSL or SSLeay
>  OPENSSL_LICENSE_FILES = LICENSE
>  OPENSSL_INSTALL_STAGING = YES
>  OPENSSL_DEPENDENCIES = zlib
> +OPENSSL_PROVIDES = libssl
>  HOST_OPENSSL_DEPENDENCIES = host-zlib
>  OPENSSL_TARGET_ARCH = generic32
>  OPENSSL_CFLAGS = $(TARGET_CFLAGS)
>

--
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Arnout Vandecappelle (Essensium/Mind)
In reply to this post by Thomas Petazzoni-2


On 15-06-17 23:28, Thomas Petazzoni wrote:

> Hello,
>
> Nit: don't use a final "." in the commit titles.
>
> On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>>     having both libressl and openssl.
>
> No indentation of 4 spaces for the commit log.
>
>> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
>> new file mode 100644
>> index 0000000..71347de
>> --- /dev/null
>> +++ b/package/libssl/Config.in
>> @@ -0,0 +1,6 @@
>> +config BR2_PACKAGE_HAS_LIBSSL
>> + bool
>> +
>> +config BR2_PACKAGE_PROVIDES_LIBSSL
>> + string
>> + depends on BR2_PACKAGE_HAS_LIBSSL
>
> Should it be named "libssl" or "ssl". I think Arnout suggested just
> "ssl" on IRC, didn't he?
>
> Also, I believe for this package we should use the jpeg/jpeg-turbo
> model instead of the conventional virtual package model, because we
> want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
> today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
> which is a bit annoying.

 Hm, I'm not sure I agree. The problem with that is that existing configs won't
work anymore, i.e. if you have openssl selected and run menuconfig, it will
disappear because it now depends on libssl and libssl isn't selected...

 And any package that can have either can just do

        select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL


 If we really want to make it a choice like libjpeg, then I think openssl should
be renamed so existing configs still work. And that solves the naming issue too
:-) Well, except that we have to find a name for the original openssl package :-P

 Regards,
 Arnout

>
> Again, see the libjpeg virtual package.
>
> Best regards,
>
> Thomas
>

--
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] libressl: new package

Adam Duskett
In reply to this post by Arnout Vandecappelle (Essensium/Mind)
On Thu, Jun 15, 2017 at 6:27 PM, Arnout Vandecappelle <[hidden email]> wrote:

>
>
> On 15-06-17 16:29, Adam Duskett wrote:
>>     Libressl is a fork of openssl from OpenSSL in 2014.  It's goal is to
>                                                            ^^^^ Its
>
>>     modernize the OpenSSL codebase, improve security, and apply best practice
>>     development processes.
>>
>>     Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
>>     include all new APIs from OpenSSL 1.0.2 and later.
>>
>>     The main source is libressl-portable, which "Includes the build scaffold
>>     and compatibility layer that builds portable LibreSSL from the OpenBSD
>>     source code."
>>
>>     Before the build process can begin, autogen.sh must be ran manually,
>>     as it pulls from the upstream OpenBSD source which adds several
>
>  That is not acceptable: it must be possible to do the build offline, after
> doing 'make source'. If a configure scripts starts downloading things, that
> won't work. But as Thomas pointed out, the release tarball fixes that.
>
Fair enough; I will fix this today.

>>     directories to the source, along with several other steps necessary
>>     before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
>>     with several "No such file or directory" errors as well.
>
>  Please wrap the commit message at 72 columns.
Yeah; I had my margins set to 68, my bad.

>
>>
>>     This package has been tested with the following architectures and c libraries:
>>     - armv4
>>     - aarch64
>>     - ppc
>>     - ppc64
>>     - ppc64le
>>     - x86_64
>>     - uClibc-ng
>>     - glibc 2.24
>>     - musl
>>
>> Signed-off-by: Adam Duskett <[hidden email]>
>> ---
>>  package/Config.in              |  1 +
>>  package/libressl/Config.in     | 20 ++++++++++++++++++++
>>  package/libressl/libressl.hash |  2 ++
>>  package/libressl/libressl.mk   | 31 +++++++++++++++++++++++++++++++
>>  4 files changed, 54 insertions(+)
>>  create mode 100644 package/libressl/Config.in
>>  create mode 100644 package/libressl/libressl.hash
>>  create mode 100644 package/libressl/libressl.mk
>>
>> diff --git a/package/Config.in b/package/Config.in
>> index 529bd96..1674444 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -963,6 +963,7 @@ menu "Crypto"
>>       source "package/libmcrypt/Config.in"
>>       source "package/libmhash/Config.in"
>>       source "package/libnss/Config.in"
>> +     source "package/libressl/Config.in"
>>       source "package/libscrypt/Config.in"
>>       source "package/libsecret/Config.in"
>>       source "package/libsha1/Config.in"
>> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
>> new file mode 100644
>> index 0000000..035176a
>> --- /dev/null
>> +++ b/package/libressl/Config.in
>> @@ -0,0 +1,20 @@
>> +config BR2_PACKAGE_LIBRESSL
>> +     bool "libressl"
>> +     help
>> +       LibreSSL is a version of the TLS/crypto stack forked from
>> +       OpenSSL in 2014, with goals of modernizing the codebase,
>> +       improving security, and applying best practice development
>> +       processes.
>> +
>> +       http://www.libressl.org/
>> +
>> +if BR2_PACKAGE_LIBRESSL
>> +
>> +config BR2_PACKAGE_LIBRESSL_BIN
>> +     bool "openssl binary"
>> +     help
>> +       Install the openssl binary and the associated helper scripts
>> +       to the target file system. This is a command line tool for
>> +       doing various cryptographic stuff.
>> +
>> +endif
>> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
>> new file mode 100644
>> index 0000000..9c478de
>> --- /dev/null
>> +++ b/package/libressl/libressl.hash
>> @@ -0,0 +1,2 @@
>> +# Locally computed
>> +sha256       ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c        libressl-v2.5.4.tar.gz
>
>  Doesn't upstream provide any verifiable hashes? That's weird for a crypto lib...
>
>> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
>> new file mode 100644
>> index 0000000..940ca22
>> --- /dev/null
>> +++ b/package/libressl/libressl.mk
>> @@ -0,0 +1,31 @@
>> +################################################################################
>> +#
>> +# libressl
>> +#
>> +################################################################################
>> +
>> +LIBRESSL_VERSION = v2.5.4
>> +LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
>> +LIBRESSL_SITE_METHOD = git
>> +LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
>
>  The , is ambiguous. If it is intended to be or for all of them, specify 'or'.
> But I think the license is in fact different per component; in that case, put
> the component to which the license applies between parenthesis.
>
Can do.

>> +LIBRESSL_LICENSE_FILES = COPYING
>> +LIBRESSL_INSTALL_STAGING = YES
>> +
>> +# autogen.sh needs to be ran manually as it pulls from the upstream
>> +# OpenBSD source which adds several directories to the source.
>> +# Setting LIBRESSL_AUTORECONF = YES fails with several
>> +# "No such file or directory" errors.
>
>  If you do this, you also need to add host-automake etc. to _DEPENDENCIES.
>
Using the tarball this issue is fixed.

>> +define LIBRESSL_RUN_AUTOGEN
>> +     cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
>> +endef
>> +LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN
>> +
>> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
>> +define LIBRESSL_REMOVE_BIN
>> +     $(RM) -f $(TARGET_DIR)/usr/bin/openssl
>
>  the help message mentions "and scripts"...
>
Removed in the next patch.  Good catch!

>> +endef
>> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
>> +endif
>> +
>> +$(eval $(autotools-package))
>> +$(eval $(host-autotools-package))
>
>  There's also a CMakeLists.txt; in many cases, that's better maintained so
> easier to support going forward. But I don't know what upstream prefers.
>
>  Regards,
>  Arnout
>
> --
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Adam Duskett
In reply to this post by Arnout Vandecappelle (Essensium/Mind)
Hey guys;

On Thu, Jun 15, 2017 at 6:54 PM, Arnout Vandecappelle <[hidden email]> wrote:

>
>
> On 15-06-17 23:28, Thomas Petazzoni wrote:
>> Hello,
>>
>> Nit: don't use a final "." in the commit titles.
>>
>> On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>>>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>>>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>>>     having both libressl and openssl.
>>
>> No indentation of 4 spaces for the commit log.
>>
Sorry about that, copy and paste issues. :)


>>> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
>>> new file mode 100644
>>> index 0000000..71347de
>>> --- /dev/null
>>> +++ b/package/libssl/Config.in
>>> @@ -0,0 +1,6 @@
>>> +config BR2_PACKAGE_HAS_LIBSSL
>>> +    bool
>>> +
>>> +config BR2_PACKAGE_PROVIDES_LIBSSL
>>> +    string
>>> +    depends on BR2_PACKAGE_HAS_LIBSSL
>>
>> Should it be named "libssl" or "ssl". I think Arnout suggested just
>> "ssl" on IRC, didn't he?
>>
The reason I went with libssl instead of ssl is because openssl is in
the library/crypto config.
Same with libressl.  As such I figured this should be named libssl.

>> Also, I believe for this package we should use the jpeg/jpeg-turbo
>> model instead of the conventional virtual package model, because we
>> want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
>> today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
>> which is a bit annoying.
>
>  Hm, I'm not sure I agree. The problem with that is that existing configs won't
> work anymore, i.e. if you have openssl selected and run menuconfig, it will
> disappear because it now depends on libssl and libssl isn't selected...
>
>  And any package that can have either can just do
>
>         select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
>
This is what I would prefer because as discussed in IRC, there are many packages
that are yet compatible with libressl.  Any objections?

>
>  If we really want to make it a choice like libjpeg, then I think openssl should
> be renamed so existing configs still work. And that solves the naming issue too
> :-) Well, except that we have to find a name for the original openssl package :-P
>
libopenssl Kind of sounds funny. :)?

>  Regards,
>  Arnout
>
>>
>> Again, see the libjpeg virtual package.
>>
>> Best regards,
>>
>> Thomas
>>
>
> --
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Adam Duskett
Hey guys;

Any update on what direction you want to go?

Thanks!

On Fri, Jun 16, 2017 at 8:43 AM, Adam Duskett <[hidden email]> wrote:

> Hey guys;
>
> On Thu, Jun 15, 2017 at 6:54 PM, Arnout Vandecappelle <[hidden email]> wrote:
>>
>>
>> On 15-06-17 23:28, Thomas Petazzoni wrote:
>>> Hello,
>>>
>>> Nit: don't use a final "." in the commit titles.
>>>
>>> On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>>>>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>>>>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>>>>     having both libressl and openssl.
>>>
>>> No indentation of 4 spaces for the commit log.
>>>
> Sorry about that, copy and paste issues. :)
>
>
>>>> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
>>>> new file mode 100644
>>>> index 0000000..71347de
>>>> --- /dev/null
>>>> +++ b/package/libssl/Config.in
>>>> @@ -0,0 +1,6 @@
>>>> +config BR2_PACKAGE_HAS_LIBSSL
>>>> +    bool
>>>> +
>>>> +config BR2_PACKAGE_PROVIDES_LIBSSL
>>>> +    string
>>>> +    depends on BR2_PACKAGE_HAS_LIBSSL
>>>
>>> Should it be named "libssl" or "ssl". I think Arnout suggested just
>>> "ssl" on IRC, didn't he?
>>>
> The reason I went with libssl instead of ssl is because openssl is in
> the library/crypto config.
> Same with libressl.  As such I figured this should be named libssl.
>
>>> Also, I believe for this package we should use the jpeg/jpeg-turbo
>>> model instead of the conventional virtual package model, because we
>>> want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
>>> today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
>>> which is a bit annoying.
>>
>>  Hm, I'm not sure I agree. The problem with that is that existing configs won't
>> work anymore, i.e. if you have openssl selected and run menuconfig, it will
>> disappear because it now depends on libssl and libssl isn't selected...
>>
>>  And any package that can have either can just do
>>
>>         select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
>>
> This is what I would prefer because as discussed in IRC, there are many packages
> that are yet compatible with libressl.  Any objections?
>
>>
>>  If we really want to make it a choice like libjpeg, then I think openssl should
>> be renamed so existing configs still work. And that solves the naming issue too
>> :-) Well, except that we have to find a name for the original openssl package :-P
>>
> libopenssl Kind of sounds funny. :)?
>
>>  Regards,
>>  Arnout
>>
>>>
>>> Again, see the libjpeg virtual package.
>>>
>>> Best regards,
>>>
>>> Thomas
>>>
>>
>> --
>> Arnout Vandecappelle                          arnout at mind be
>> Senior Embedded Software Architect            +32-16-286500
>> Essensium/Mind                                http://www.mind.be
>> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
>> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
>> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Adam Duskett
So after thinking about this for a bit, I would like to also bring up
the topic of BoringSSL.
BoringSSL is gaining some traction, and I would like to also import it
into Buildroot pretty soon.
That would leave Buildroot with three possible SSL libraries.  Unlike
LibreSSL, BoringSSL does not
try to maintain backwards compatibility with OpenSSL.  However many
programs such as Janus-Gateway
now offer support for BoringSSL.

Thoughts?

Adam

On Tue, Jun 20, 2017 at 9:11 AM, Adam Duskett <[hidden email]> wrote:

> Hey guys;
>
> Any update on what direction you want to go?
>
> Thanks!
>
> On Fri, Jun 16, 2017 at 8:43 AM, Adam Duskett <[hidden email]> wrote:
>> Hey guys;
>>
>> On Thu, Jun 15, 2017 at 6:54 PM, Arnout Vandecappelle <[hidden email]> wrote:
>>>
>>>
>>> On 15-06-17 23:28, Thomas Petazzoni wrote:
>>>> Hello,
>>>>
>>>> Nit: don't use a final "." in the commit titles.
>>>>
>>>> On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>>>>>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>>>>>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>>>>>     having both libressl and openssl.
>>>>
>>>> No indentation of 4 spaces for the commit log.
>>>>
>> Sorry about that, copy and paste issues. :)
>>
>>
>>>>> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
>>>>> new file mode 100644
>>>>> index 0000000..71347de
>>>>> --- /dev/null
>>>>> +++ b/package/libssl/Config.in
>>>>> @@ -0,0 +1,6 @@
>>>>> +config BR2_PACKAGE_HAS_LIBSSL
>>>>> +    bool
>>>>> +
>>>>> +config BR2_PACKAGE_PROVIDES_LIBSSL
>>>>> +    string
>>>>> +    depends on BR2_PACKAGE_HAS_LIBSSL
>>>>
>>>> Should it be named "libssl" or "ssl". I think Arnout suggested just
>>>> "ssl" on IRC, didn't he?
>>>>
>> The reason I went with libssl instead of ssl is because openssl is in
>> the library/crypto config.
>> Same with libressl.  As such I figured this should be named libssl.
>>
>>>> Also, I believe for this package we should use the jpeg/jpeg-turbo
>>>> model instead of the conventional virtual package model, because we
>>>> want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
>>>> today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
>>>> which is a bit annoying.
>>>
>>>  Hm, I'm not sure I agree. The problem with that is that existing configs won't
>>> work anymore, i.e. if you have openssl selected and run menuconfig, it will
>>> disappear because it now depends on libssl and libssl isn't selected...
>>>
>>>  And any package that can have either can just do
>>>
>>>         select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
>>>
>> This is what I would prefer because as discussed in IRC, there are many packages
>> that are yet compatible with libressl.  Any objections?
>>
>>>
>>>  If we really want to make it a choice like libjpeg, then I think openssl should
>>> be renamed so existing configs still work. And that solves the naming issue too
>>> :-) Well, except that we have to find a name for the original openssl package :-P
>>>
>> libopenssl Kind of sounds funny. :)?
>>
>>>  Regards,
>>>  Arnout
>>>
>>>>
>>>> Again, see the libjpeg virtual package.
>>>>
>>>> Best regards,
>>>>
>>>> Thomas
>>>>
>>>
>>> --
>>> Arnout Vandecappelle                          arnout at mind be
>>> Senior Embedded Software Architect            +32-16-286500
>>> Essensium/Mind                                http://www.mind.be
>>> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
>>> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
>>> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Thomas Petazzoni-2
Hello,

On Thu, 22 Jun 2017 07:32:45 -0400, Adam Duskett wrote:
> So after thinking about this for a bit, I would like to also bring up
> the topic of BoringSSL.
> BoringSSL is gaining some traction, and I would like to also import it
> into Buildroot pretty soon.
> That would leave Buildroot with three possible SSL libraries.  Unlike
> LibreSSL, BoringSSL does not
> try to maintain backwards compatibility with OpenSSL.  However many
> programs such as Janus-Gateway
> now offer support for BoringSSL.

If there's no compatibility between BoringSSL and OpenSSL/LibreSSL,
then I guess BoringSSL shouldn't be a provider of the "ssl/libssl"
virtual package. Instead, each package that can use should be able to
use it as an alternative to the ssl/libressl virtual package.

Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/5] libssl: new virtual package.

Adam Duskett
In reply to this post by Arnout Vandecappelle (Essensium/Mind)
Hello,

I am going to go back to this email.

On Thu, Jun 15, 2017 at 6:54 PM, Arnout Vandecappelle <[hidden email]> wrote:

>
>
> On 15-06-17 23:28, Thomas Petazzoni wrote:
>> Hello,
>>
>> Nit: don't use a final "." in the commit titles.
>>
>> On Thu, 15 Jun 2017 10:29:25 -0400, Adam Duskett wrote:
>>>     libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible
>>>     with OpenSSL 1.0.2.  As such, a new virtual package is needed to handle
>>>     having both libressl and openssl.
>>
>> No indentation of 4 spaces for the commit log.
>>
>>> diff --git a/package/libssl/Config.in b/package/libssl/Config.in
>>> new file mode 100644
>>> index 0000000..71347de
>>> --- /dev/null
>>> +++ b/package/libssl/Config.in
>>> @@ -0,0 +1,6 @@
>>> +config BR2_PACKAGE_HAS_LIBSSL
>>> +    bool
>>> +
>>> +config BR2_PACKAGE_PROVIDES_LIBSSL
>>> +    string
>>> +    depends on BR2_PACKAGE_HAS_LIBSSL
>>
>> Should it be named "libssl" or "ssl". I think Arnout suggested just
>> "ssl" on IRC, didn't he?
>>
>> Also, I believe for this package we should use the jpeg/jpeg-turbo
>> model instead of the conventional virtual package model, because we
>> want to be able to "select BR2_PACKAGE_LIBSSL". As your package is done
>> today, we would *have* to use only a "depends on BR2_PACKAGE_LIBRESSL",
>> which is a bit annoying.
>
>  Hm, I'm not sure I agree. The problem with that is that existing configs won't
> work anymore, i.e. if you have openssl selected and run menuconfig, it will
> disappear because it now depends on libssl and libssl isn't selected...
>
>  And any package that can have either can just do
>
>         select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL
>
I would agree with this precisely because libressl may not work with
every package quite yet.

>
>  If we really want to make it a choice like libjpeg, then I think OpenSSL should
> be renamed so existing configs still work. And that solves the naming issue too
> :-) Well, except that we have to find a name for the original OpenSSL package :-P
>
>  Regards,
>  Arnout
>
>>
>> Again, see the libjpeg virtual package.
>>
>> Best regards,
>>
>> Thomas
>>
My question about this is: What if the program that is selected
doesn't work with OpenSSL
but LibreSSL is selected?
>
> --
> Arnout Vandecappelle                          arnout at mind be
> Senior Embedded Software Architect            +32-16-286500
> Essensium/Mind                                http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
Thanks!

Adam
_______________________________________________
buildroot mailing list
[hidden email]
http://lists.busybox.net/mailman/listinfo/buildroot