| Message ID | 20170624172900.3610-2-Adamduskett@outlook.com |
|---|---|
| State | Superseded, archived |
| Headers | show |
Hello, On Sat, 24 Jun 2017 13:28:58 -0400, Adam Duskett wrote: > libressl is API compatible with OpenSSL 1.0.1 and is almost API > compatible with OpenSSL 1.0.2. As such, a new virtual package is needed > to handle having both libressl and openssl. > > Signed-off-by: Adam Duskett <Adamduskett@outlook.com> > --- > Changes v1 -> v2: > - Removed final "." in commit title. (Thomas) > - Fixed indentation issues in commit message. I still don't get what is the plan for this virtual package. We have two options: - Make it a regular virtual package, like package/opengl/libgles/. However in this case, we must change all packages that need OpenSSL/LibreSSL to use a "depends on BR2_PACKAGE_LIBSSL", which is a bit annoying. - Make it a virtual package like package/jpeg/, where it has a choice to define which jpeg implementation should be used. This nicely allows packages to "select BR2_PACKAGE_LIBSSL". Also, how are we going to handle the fact that some packages support only OpenSSL, while some support both OpenSSL and LibreSSL. Even if all of this doesn't get implemented in the first series, I still would like to understand what the plan is. Best regards, Thomas
On 24-06-17 21:45, Thomas Petazzoni wrote: > Hello, > > On Sat, 24 Jun 2017 13:28:58 -0400, Adam Duskett wrote: >> libressl is API compatible with OpenSSL 1.0.1 and is almost API >> compatible with OpenSSL 1.0.2. As such, a new virtual package is needed >> to handle having both libressl and openssl. >> >> Signed-off-by: Adam Duskett <Adamduskett@outlook.com> >> --- >> Changes v1 -> v2: >> - Removed final "." in commit title. (Thomas) >> - Fixed indentation issues in commit message. > > I still don't get what is the plan for this virtual package. We have > two options: > > - Make it a regular virtual package, like package/opengl/libgles/. > However in this case, we must change all packages that need > OpenSSL/LibreSSL to use a "depends on BR2_PACKAGE_LIBSSL", which is > a bit annoying. It can also be select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBRESSL but then the advantage of a virtual package is almost gone... > > - Make it a virtual package like package/jpeg/, where it has a choice > to define which jpeg implementation should be used. This nicely > allows packages to "select BR2_PACKAGE_LIBSSL". Yeah, I like the second option more and more. One big problem though: it's difficult to migrate, because *all* the 'select BR2_PACKAGE_OPENSSL" have to be converted into "select BR2_PACKAGE_LIBSSL"... So starting like this and introducing the choice later seems to be the most viable approach. > Also, how are we going to handle the fact that some packages support > only OpenSSL, while some support both OpenSSL and LibreSSL. With the regular virtual package you can just do select BR2_PACKAGE_OPENSSL and then you get an error as soon as you try to build if libressl is selected. I think adding a depends on !libressl leads to a circular dependency then. With the choice, you need select BR2_PACKAGE_LIBSSL depends on !BR2_PACKAGE_LIBRESSL which hopefully isn't considered a circular dependency. Regarding BoringSSL, putting it as the third libssl provider looks like the way to go to me. Regards, Arnout > Even if all of this doesn't get implemented in the first series, I > still would like to understand what the plan is. > > Best regards, > > Thomas >
diff --git a/package/Config.in b/package/Config.in index 89b1ee4..0279e79 100644 --- a/package/Config.in +++ b/package/Config.in @@ -979,6 +979,7 @@ menu "Crypto" source "package/libscrypt/Config.in" source "package/libsecret/Config.in" source "package/libsha1/Config.in" + source "package/libssl/Config.in" source "package/libsodium/Config.in" source "package/libssh/Config.in" source "package/libssh2/Config.in" diff --git a/package/libssl/Config.in b/package/libssl/Config.in new file mode 100644 index 0000000..71347de --- /dev/null +++ b/package/libssl/Config.in @@ -0,0 +1,6 @@ +config BR2_PACKAGE_HAS_LIBSSL + bool + +config BR2_PACKAGE_PROVIDES_LIBSSL + string + depends on BR2_PACKAGE_HAS_LIBSSL diff --git a/package/libssl/libssl.mk b/package/libssl/libssl.mk new file mode 100644 index 0000000..6e89bcc --- /dev/null +++ b/package/libssl/libssl.mk @@ -0,0 +1,7 @@ +################################################################################ +# +# libssl +# +################################################################################ + +$(eval $(virtual-package))
libressl is API compatible with OpenSSL 1.0.1 and is almost API compatible with OpenSSL 1.0.2. As such, a new virtual package is needed to handle having both libressl and openssl. Signed-off-by: Adam Duskett <Adamduskett@outlook.com> --- Changes v1 -> v2: - Removed final "." in commit title. (Thomas) - Fixed indentation issues in commit message. package/Config.in | 1 + package/libssl/Config.in | 6 ++++++ package/libssl/libssl.mk | 7 +++++++ 3 files changed, 14 insertions(+) create mode 100644 package/libssl/Config.in create mode 100644 package/libssl/libssl.mk