diff mbox series

[2/2] glib-networking: use gnutls backend for TLS sockets

Message ID 20230831100243.3946833-2-ross.burton@arm.com
State Accepted, archived
Commit 6ca7fe3d9f209a05daf094ad051175cf56b5cebd
Headers show
Series [1/2] glib-networking: enable build with GnuTLS if PKCS#11 was disabled | expand

Commit Message

Ross Burton Aug. 31, 2023, 10:02 a.m. UTC 
From: Ross Burton <ross.burton@arm.com>

As per upstream:

  There are hacks in half the tests where this backend doesn't return
  the expected error code or doesn't work as expected. I do hope to
  enable this backend by default in the future. For now, it's not there
  yet.

https://gitlab.gnome.org/GNOME/glib-networking/-/commit/8e1d80c1e0fc52d17d08a21946fa4a86ec30e1db

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-core/glib-networking/glib-networking_2.76.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Khem Raj Aug. 31, 2023, 4:27 p.m. UTC | #1 
On 8/31/23 3:02 AM, Ross Burton wrote:
> From: Ross Burton <ross.burton@arm.com>
> 
> As per upstream:
> 
>    There are hacks in half the tests where this backend doesn't return
>    the expected error code or doesn't work as expected. I do hope to
>    enable this backend by default in the future. For now, it's not there
>    yet.
> 
> https://gitlab.gnome.org/GNOME/glib-networking/-/commit/8e1d80c1e0fc52d17d08a21946fa4a86ec30e1db
> 
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
>   meta/recipes-core/glib-networking/glib-networking_2.76.1.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
> index 66b6a78a531..ed1625617e6 100644
> --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
> +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
> @@ -16,7 +16,7 @@ DEPENDS = "glib-2.0-native glib-2.0"
>   
>   SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
>   
> -PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
> +PACKAGECONFIG ??= "gnutls environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
>

this is sad. Are we running into visible issues with OE if we use 
openssl TLS implementation.


>   PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls"
>   PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#186968): https://lists.openembedded.org/g/openembedded-core/message/186968
> Mute This Topic: https://lists.openembedded.org/mt/101070628/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Ross Burton Aug. 31, 2023, 4:28 p.m. UTC | #2 
On 31 Aug 2023, at 17:27, Khem Raj <raj.khem@gmail.com> wrote:
> 
> On 8/31/23 3:02 AM, Ross Burton wrote:
>> From: Ross Burton <ross.burton@arm.com>
>> As per upstream:
>>   There are hacks in half the tests where this backend doesn't return
>>   the expected error code or doesn't work as expected. I do hope to
>>   enable this backend by default in the future. For now, it's not there
>>   yet.
>> https://gitlab.gnome.org/GNOME/glib-networking/-/commit/8e1d80c1e0fc52d17d08a21946fa4a86ec30e1db
>> Signed-off-by: Ross Burton <ross.burton@arm.com>
>> ---
>>  meta/recipes-core/glib-networking/glib-networking_2.76.1.bb | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>> index 66b6a78a531..ed1625617e6 100644
>> --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>> +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>> @@ -16,7 +16,7 @@ DEPENDS = "glib-2.0-native glib-2.0"
>>    SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
>>  -PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
>> +PACKAGECONFIG ??= "gnutls environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
>> 
> 
> this is sad. Are we running into visible issues with OE if we use openssl TLS implementation.

Visible issues? No.  But the glib-networking maintainers explicitly say the openssl backend is not as functional and known to be buggier than the gnutls backend.

If you want to use the openssl backend then you’re welcome to switch back, but I think the default should respect the will of the authors unless we have a good argument otherwise.

Ross
Khem Raj Aug. 31, 2023, 4:52 p.m. UTC | #3 
On 8/31/23 9:28 AM, Ross Burton wrote:
> On 31 Aug 2023, at 17:27, Khem Raj <raj.khem@gmail.com> wrote:
>>
>> On 8/31/23 3:02 AM, Ross Burton wrote:
>>> From: Ross Burton <ross.burton@arm.com>
>>> As per upstream:
>>>    There are hacks in half the tests where this backend doesn't return
>>>    the expected error code or doesn't work as expected. I do hope to
>>>    enable this backend by default in the future. For now, it's not there
>>>    yet.
>>> https://gitlab.gnome.org/GNOME/glib-networking/-/commit/8e1d80c1e0fc52d17d08a21946fa4a86ec30e1db
>>> Signed-off-by: Ross Burton <ross.burton@arm.com>
>>> ---
>>>   meta/recipes-core/glib-networking/glib-networking_2.76.1.bb | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>> diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>>> index 66b6a78a531..ed1625617e6 100644
>>> --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>>> +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
>>> @@ -16,7 +16,7 @@ DEPENDS = "glib-2.0-native glib-2.0"
>>>     SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
>>>   -PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
>>> +PACKAGECONFIG ??= "gnutls environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
>>>
>>
>> this is sad. Are we running into visible issues with OE if we use openssl TLS implementation.
> 
> Visible issues? No.  But the glib-networking maintainers explicitly say the openssl backend is not as functional and known to be buggier than the gnutls backend.

Yes I am not opposed to the patch per se. But trying to find more 
information on status of openssl TLS support in glib-networking.

> 
> If you want to use the openssl backend then you’re welcome to switch back, but I think the default should respect the will of the authors unless we have a good argument otherwise.
> 
> Ross
diff mbox series

Patch

diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
index 66b6a78a531..ed1625617e6 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -16,7 +16,7 @@  DEPENDS = "glib-2.0-native glib-2.0"
 
 SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b"
 
-PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG ??= "gnutls environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
 
 PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls"
 PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"