Patchwork wget: use GnuTLS instead of OpenSSL

login
register
mail settings
Submitter Ross Burton
Date June 16, 2014, 10:52 a.m.
Message ID <1402915976-12506-1-git-send-email-ross.burton@intel.com>
Download mbox | patch
Permalink /patch/73867/
State New
Headers show

Comments

Ross Burton - June 16, 2014, 10:52 a.m.
OpenSSL has license complications and GnuTLS is preferred, so although the
license complications don't impact wget use GnuTLS for consistency.

Also add a recommendation on ca-certificates so that https: URLs work.

Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/recipes-extended/wget/wget.inc |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
ml@communistcode.co.uk - July 4, 2014, 9:08 a.m.
On 16/06/14 11:52, Ross Burton wrote:
> OpenSSL has license complications and GnuTLS is preferred, so although the
> license complications don't impact wget use GnuTLS for consistency.
> 
> Also add a recommendation on ca-certificates so that https: URLs work.
> 
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
>  meta/recipes-extended/wget/wget.inc |    7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
> index a778bca..642d502 100644
> --- a/meta/recipes-extended/wget/wget.inc
> +++ b/meta/recipes-extended/wget/wget.inc
> @@ -3,15 +3,16 @@ HOMEPAGE = "https://www.gnu.org/software/wget/"
>  SECTION = "console/network"
>  LICENSE = "GPLv3"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
> -DEPENDS = "openssl zlib libpcre"
> +DEPENDS = "gnutls zlib libpcre"
>  
>  INC_PR = "r16"
>  
>  inherit autotools gettext texinfo update-alternatives
>  
> -EXTRA_OECONF = "--enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} \
> -                --with-ssl=openssl --disable-rpath --disable-iri \
> +EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
>                  ac_cv_header_uuid_uuid_h=no"
>  
>  ALTERNATIVE_${PN} = "wget"
>  ALTERNATIVE_PRIORITY = "100"
> +
> +RRECOMMENDS_${PN} += "ca-certificates"
> 

Ross,

I've just pulled this in today after being on holiday for a while and it
causes a breakage on my system.

| checking for libgnutls... no
| configure: error: --with-ssl=gnutls was given, but GNUTLS is not
available.
| Configure failed. The contents of all config.log files follows to aid
debugging

log: http://ix.io/dfO

I would have expected gnutls to have been pulled in through the depends
but it obviously hasn't, or the system hasn't managed to find it...

Any ideas?

Cheers,
ml@communistcode.co.uk - July 17, 2014, 11:06 a.m.
So this error is still blocking my master build, any ideas?

On 04/07/14 10:08, Jack Mitchell wrote:
> Ross,
>
> I've just pulled this in today after being on holiday for a while and it
> causes a breakage on my system.
>
> | checking for libgnutls... no
> | configure: error: --with-ssl=gnutls was given, but GNUTLS is not
> available.
> | Configure failed. The contents of all config.log files follows to aid
> debugging
>
> log: http://ix.io/dfO
>
> I would have expected gnutls to have been pulled in through the depends
> but it obviously hasn't, or the system hasn't managed to find it...
>
> Any ideas?
>
> Cheers,

> On 16/06/14 11:52, Ross Burton wrote:
>> OpenSSL has license complications and GnuTLS is preferred, so although the
>> license complications don't impact wget use GnuTLS for consistency.
>>
>> Also add a recommendation on ca-certificates so that https: URLs work.
>>
>> Signed-off-by: Ross Burton <ross.burton@intel.com>
>> ---
>>  meta/recipes-extended/wget/wget.inc |    7 ++++---
>>  1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
>> index a778bca..642d502 100644
>> --- a/meta/recipes-extended/wget/wget.inc
>> +++ b/meta/recipes-extended/wget/wget.inc
>> @@ -3,15 +3,16 @@ HOMEPAGE = "https://www.gnu.org/software/wget/"
>>  SECTION = "console/network"
>>  LICENSE = "GPLv3"
>>  LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
>> -DEPENDS = "openssl zlib libpcre"
>> +DEPENDS = "gnutls zlib libpcre"
>>  
>>  INC_PR = "r16"
>>  
>>  inherit autotools gettext texinfo update-alternatives
>>  
>> -EXTRA_OECONF = "--enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} \
>> -                --with-ssl=openssl --disable-rpath --disable-iri \
>> +EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
>>                  ac_cv_header_uuid_uuid_h=no"
>>  
>>  ALTERNATIVE_${PN} = "wget"
>>  ALTERNATIVE_PRIORITY = "100"
>> +
>> +RRECOMMENDS_${PN} += "ca-certificates"
>>
> 
>
Richard Purdie - July 17, 2014, 11:33 a.m.
On Thu, 2014-07-17 at 12:06 +0100, Jack Mitchell wrote:
> So this error is still blocking my master build, any ideas?

Share the config.log so we can see how the configure test is failing? Is
gnutls actually built and in the sysroot or not?

Cheers,

Richard
ml@communistcode.co.uk - July 17, 2014, 11:39 a.m.
config.log: http://ix.io/dr3

and yes, gnutls is being built, or at least it's in the work dir.

[jack@jackArch gnutls]$ pwd
/home/jack/Work/oe-core.git/test-build/tmp-eglibc/work/core2-32-oe-linux/gnutls
[jack@jackArch gnutls]$ ls
2.12.23-r8.4  3.2.13-r0  3.2.15-r0  3.3.5-r0
[jack@jackArch gnutls]$

On 17/07/14 12:33, Richard Purdie wrote:
> On Thu, 2014-07-17 at 12:06 +0100, Jack Mitchell wrote:
>> So this error is still blocking my master build, any ideas?
> Share the config.log so we can see how the configure test is failing? Is
> gnutls actually built and in the sysroot or not?
>
> Cheers,
>
> Richard
>
ml@communistcode.co.uk - July 17, 2014, 11:44 a.m.
Wait, that config.log is bad. It's from my build with the patch
reverted. Hold up I'll get the proper one out.

On 17/07/14 12:39, Jack Mitchell wrote:
> config.log: http://ix.io/dr3
> 
> and yes, gnutls is being built, or at least it's in the work dir.
> 
> [jack@jackArch gnutls]$ pwd
> /home/jack/Work/oe-core.git/test-build/tmp-eglibc/work/core2-32-oe-linux/gnutls
> [jack@jackArch gnutls]$ ls
> 2.12.23-r8.4  3.2.13-r0  3.2.15-r0  3.3.5-r0
> [jack@jackArch gnutls]$
> 
> On 17/07/14 12:33, Richard Purdie wrote:
>> On Thu, 2014-07-17 at 12:06 +0100, Jack Mitchell wrote:
>>> So this error is still blocking my master build, any ideas?
>> Share the config.log so we can see how the configure test is failing? Is
>> gnutls actually built and in the sysroot or not?
>>
>> Cheers,
>>
>> Richard
>>
> 
>
ml@communistcode.co.uk - July 17, 2014, 11:46 a.m.
Failed with gnutls config.log: http://ix.io/dr4

On 17/07/14 12:39, Jack Mitchell wrote:
> config.log: http://ix.io/dr3
> 
> and yes, gnutls is being built, or at least it's in the work dir.
> 
> [jack@jackArch gnutls]$ pwd
> /home/jack/Work/oe-core.git/test-build/tmp-eglibc/work/core2-32-oe-linux/gnutls
> [jack@jackArch gnutls]$ ls
> 2.12.23-r8.4  3.2.13-r0  3.2.15-r0  3.3.5-r0
> [jack@jackArch gnutls]$
> 
> On 17/07/14 12:33, Richard Purdie wrote:
>> On Thu, 2014-07-17 at 12:06 +0100, Jack Mitchell wrote:
>>> So this error is still blocking my master build, any ideas?
>> Share the config.log so we can see how the configure test is failing? Is
>> gnutls actually built and in the sysroot or not?
>>
>> Cheers,
>>
>> Richard
>>
> 
>
Richard Purdie - July 17, 2014, 12:39 p.m.
On Thu, 2014-07-17 at 12:46 +0100, Jack Mitchell wrote:
> Failed with gnutls config.log: http://ix.io/dr4

That is helpful:

configure:35748: checking for libgnutls
configure:35772: i586-oe-linux-gcc  -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/home/jack/Work/oe-core.git/test-build/tmp-eglibc/sysroots/cbnlcomexpress -o conftest  -O2 -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed conftest.c /usr/lib/libgnutls.so -lz  >&5
/usr/lib/libgnutls.so: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
configure:35772: $? = 1

So why on earth is it looking at /usr/lib/libgnutls.so?

Cheers,

Richard
Richard Purdie - July 17, 2014, 12:48 p.m.
On Thu, 2014-07-17 at 13:39 +0100, Richard Purdie wrote:
> On Thu, 2014-07-17 at 12:46 +0100, Jack Mitchell wrote:
> > Failed with gnutls config.log: http://ix.io/dr4
> 
> That is helpful:
> 
> configure:35748: checking for libgnutls
> configure:35772: i586-oe-linux-gcc  -m32 -march=core2 -mtune=core2 -msse3 -mfpmath=sse --sysroot=/home/jack/Work/oe-core.git/test-build/tmp-eglibc/sysroots/cbnlcomexpress -o conftest  -O2 -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed conftest.c /usr/lib/libgnutls.so -lz  >&5
> /usr/lib/libgnutls.so: error adding symbols: File in wrong format
> collect2: error: ld returned 1 exit status
> configure:35772: $? = 1
> 
> So why on earth is it looking at /usr/lib/libgnutls.so?

Total guess by try adding EXTRA_OECONF += "--without-libgnutls-prefix"

Cheers,

Richard
Koen Kooi - July 25, 2014, 10:42 a.m.
Op 4 jul. 2014, om 11:08 heeft Jack Mitchell <ml@communistcode.co.uk> het volgende geschreven:

> On 16/06/14 11:52, Ross Burton wrote:
>> OpenSSL has license complications and GnuTLS is preferred, so although the
>> license complications don't impact wget use GnuTLS for consistency.
>> 
>> Also add a recommendation on ca-certificates so that https: URLs work.
>> 
>> Signed-off-by: Ross Burton <ross.burton@intel.com>
>> ---
>> meta/recipes-extended/wget/wget.inc |    7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>> 
>> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
>> index a778bca..642d502 100644
>> --- a/meta/recipes-extended/wget/wget.inc
>> +++ b/meta/recipes-extended/wget/wget.inc
>> @@ -3,15 +3,16 @@ HOMEPAGE = "https://www.gnu.org/software/wget/"
>> SECTION = "console/network"
>> LICENSE = "GPLv3"
>> LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
>> -DEPENDS = "openssl zlib libpcre"
>> +DEPENDS = "gnutls zlib libpcre"
>> 
>> INC_PR = "r16"
>> 
>> inherit autotools gettext texinfo update-alternatives
>> 
>> -EXTRA_OECONF = "--enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} \
>> -                --with-ssl=openssl --disable-rpath --disable-iri \
>> +EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
>>                 ac_cv_header_uuid_uuid_h=no"
>> 
>> ALTERNATIVE_${PN} = "wget"
>> ALTERNATIVE_PRIORITY = "100"
>> +
>> +RRECOMMENDS_${PN} += "ca-certificates"
>> 
> 
> Ross,
> 
> I've just pulled this in today after being on holiday for a while and it
> causes a breakage on my system.
> 
> | checking for libgnutls... no
> | configure: error: --with-ssl=gnutls was given, but GNUTLS is not
> available.
> | Configure failed. The contents of all config.log files follows to aid
> debugging
> 
> log: http://ix.io/dfO
> 
> I would have expected gnutls to have been pulled in through the depends
> but it obviously hasn't, or the system hasn't managed to find it...

FWIW, I'm seeing the same problem.
Khem Raj - July 25, 2014, 4:22 p.m.
On Mon, Jun 16, 2014 at 3:52 AM, Ross Burton <ross.burton@intel.com> wrote:
> OpenSSL has license complications and GnuTLS is preferred, so although the
> license complications don't impact wget use GnuTLS for consistency.
>
> Also add a recommendation on ca-certificates so that https: URLs work.
>
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
>  meta/recipes-extended/wget/wget.inc |    7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
> index a778bca..642d502 100644
> --- a/meta/recipes-extended/wget/wget.inc
> +++ b/meta/recipes-extended/wget/wget.inc
> @@ -3,15 +3,16 @@ HOMEPAGE = "https://www.gnu.org/software/wget/"
>  SECTION = "console/network"
>  LICENSE = "GPLv3"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
> -DEPENDS = "openssl zlib libpcre"
> +DEPENDS = "gnutls zlib libpcre"

it would be nice if this was either virtual/ssh or some sort of
PACKAGECONFIG so folks who
have ssl on the system dont need to pull gnutls as well.

>
>  INC_PR = "r16"
>
>  inherit autotools gettext texinfo update-alternatives
>
> -EXTRA_OECONF = "--enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} \
> -                --with-ssl=openssl --disable-rpath --disable-iri \
> +EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
>                  ac_cv_header_uuid_uuid_h=no"
>
>  ALTERNATIVE_${PN} = "wget"
>  ALTERNATIVE_PRIORITY = "100"
> +
> +RRECOMMENDS_${PN} += "ca-certificates"
> --
> 1.7.10.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
Ross Burton - July 25, 2014, 4:27 p.m.
On 25 July 2014 17:22, Khem Raj <raj.khem@gmail.com> wrote:
> it would be nice if this was either virtual/ssh or some sort of
> PACKAGECONFIG so folks who
> have ssl on the system dont need to pull gnutls as well.

There's API differences so it would have to be a PACKAGECONFIG but
agreed.  For what it's worth I'm planning on doing a PACKAGECONFIG for
xserver as it supports three crypto libraries for SHA and pulling in
gnutls just for that is madness.

Ross
Khem Raj - July 25, 2014, 4:40 p.m.
On Thu, Jul 17, 2014 at 5:48 AM, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>> So why on earth is it looking at /usr/lib/libgnutls.so?
>
> Total guess by try adding EXTRA_OECONF += "--without-libgnutls-prefix"

The problem is due to use of

AC_LIB_HAVE_LINKFLAGS([gnutls] since we use DESTDIR while cross
compiling, so above option should have worked I dont know why it did
not but you could try

--with-libgnutls-prefix="<target-sysroot>"

if that doesnt work either then may be replace use of
AC_LIB_HAVE_LINKFLAGS with AC_CHECK_LIB
Richard Purdie - July 25, 2014, 4:59 p.m.
On Fri, 2014-07-25 at 09:40 -0700, Khem Raj wrote:
> On Thu, Jul 17, 2014 at 5:48 AM, Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
> >> So why on earth is it looking at /usr/lib/libgnutls.so?
> >
> > Total guess by try adding EXTRA_OECONF += "--without-libgnutls-prefix"
> 
> The problem is due to use of
> 
> AC_LIB_HAVE_LINKFLAGS([gnutls] since we use DESTDIR while cross
> compiling, so above option should have worked I dont know why it did
> not but you could try
> 
> --with-libgnutls-prefix="<target-sysroot>"
> 
> if that doesnt work either then may be replace use of
> AC_LIB_HAVE_LINKFLAGS with AC_CHECK_LIB

I looked at the generated files and the --without option just stops it
looking in the wrong places. It seems counter-intuitive compared to how
these options usually work but does seem to fix the problem...

Cheers,

Richard

Patch

diff --git a/meta/recipes-extended/wget/wget.inc b/meta/recipes-extended/wget/wget.inc
index a778bca..642d502 100644
--- a/meta/recipes-extended/wget/wget.inc
+++ b/meta/recipes-extended/wget/wget.inc
@@ -3,15 +3,16 @@  HOMEPAGE = "https://www.gnu.org/software/wget/"
 SECTION = "console/network"
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-DEPENDS = "openssl zlib libpcre"
+DEPENDS = "gnutls zlib libpcre"
 
 INC_PR = "r16"
 
 inherit autotools gettext texinfo update-alternatives
 
-EXTRA_OECONF = "--enable-ipv6 --with-libssl-prefix=${STAGING_DIR_HOST} \
-                --with-ssl=openssl --disable-rpath --disable-iri \
+EXTRA_OECONF = "--enable-ipv6 --with-ssl=gnutls --disable-rpath --disable-iri \
                 ac_cv_header_uuid_uuid_h=no"
 
 ALTERNATIVE_${PN} = "wget"
 ALTERNATIVE_PRIORITY = "100"
+
+RRECOMMENDS_${PN} += "ca-certificates"