From patchwork Thu Nov 17 15:06:49 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolas Cavallari
 <nicolas.cavallari@green-communications.fr>
X-Patchwork-Id: 696139
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3tKPkH3d8jz9t10
	for <incoming@patchwork.ozlabs.org>;
	Fri, 18 Nov 2016 02:12:22 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id E4B6988B95;
	Thu, 17 Nov 2016 15:12:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Jima5vYF0a9W; Thu, 17 Nov 2016 15:12:17 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 9FEBC88B63;
	Thu, 17 Nov 2016 15:12:17 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 5F1081C0415
	for <buildroot@lists.busybox.net>;
	Thu, 17 Nov 2016 15:12:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 5BCC686A57
	for <buildroot@lists.busybox.net>;
	Thu, 17 Nov 2016 15:12:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4DawBWxTZ1wj for <buildroot@lists.busybox.net>;
	Thu, 17 Nov 2016 15:12:13 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.74])
	by whitealder.osuosl.org (Postfix) with ESMTPS id C3154862EB
	for <buildroot@buildroot.org>; Thu, 17 Nov 2016 15:12:12 +0000 (UTC)
Received: from evilbit.green-communications.fr ([82.228.44.140]) by
	mrelayeu.kundenserver.de (mreue104 [212.227.15.184]) with ESMTPSA
	(Nemesis)
	id 0LpeUg-1ckJKH3Y8s-00fOgl; Thu, 17 Nov 2016 16:07:00 +0100
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
To: buildroot@buildroot.org
Date: Thu, 17 Nov 2016 16:06:49 +0100
Message-Id: <20161117150649.5568-1-nicolas.cavallari@green-communications.fr>
X-Mailer: git-send-email 2.10.2
In-Reply-To: <43b2e7d1-6366-3d98-89f1-d2ab7ca3db2c@green-communications.fr>
References: <43b2e7d1-6366-3d98-89f1-d2ab7ca3db2c@green-communications.fr>
X-Provags-ID: V03:K0:ePE1+hd5lQTg7gwhdwJJHBxaPUeEXH3Up3JWLIagPtIY1aL5hbM
	/dvfpFZ1eVs8nksPp8nKY8ZQXadOYlXdDCAgfAU3hWp475fvOZMr457OzVGT7I/xE0SWcm5
	F3Zvbs7/tU1GwlhDM3RRXH4v0spzE80vpC2k7ZmTYI2Uq7QJgWlNX+8xUlBetG9G3YYZeUk
	Gh53vuomW4pVfF75qIHuQ==
X-UI-Out-Filterresults: notjunk:1; V01:K0:v7vATzy7m58=:AUqGt1zhBYg3rwjntX/hms
	H/wiugk9oGVv3WknPnoqhA3qeviqSOXXWWt5cNqs5TMIXj0GADSEL6+8pNpG/huDn2NfUd7xJ
	JAyDCNi0AnWV9zor38yMNz1CLlLt/ATtBr1fec/TnbglP2EZ4FgcAPEpIMcPErBntOZqrqBCc
	SUuV6CFJpuJ+ufFf7vZY3Xd+kwDGcY9wDvcVeOxizo3QU24wnfVLkT80Dep1JrAihep4BVS2c
	TIQSJeagEn78B0RC1mj5wdjwxbPFC+0AfWFSMw/jMAvLEG2iLEZwes2SfxoUvxEo1PkVMWX0T
	UnOcBtuYWL7nEb2lQRJGHb2FjJZGy6qeXX9sly+D949WD+DBv3OPLjqgpMESo+0fxrnw63T5+
	ic61lfCKbx47IJYs1YKg5TxkbWwJC5vZyhZTpp0t8LpGcyCZY4UnE9TouLG7PfIvWlGhY3XFS
	LFVsbOQxklYQdoSCex2DnVVpnbfr1l8k8MgWgPxXRAwP5SQ7TKOyJfeC0aNRcdolpxKFmoznU
	VT0lHhrqKOLANkN3AAlegD7xjsxm/9jTRA+Ddmsj5nfkWFheMgFFMo0GYxyAmDKA+u4wNsl8z
	A+tM3kUKp0bDDy64xtyH/9WKLiSWxiYrOQcarkDv8WDtsK/6Pu914vM3aeUWLhW4/bGoUG/QJ
	TOWaC1bfGHk/eEclbBW3zOHhGPk/0Zkjf5X++B1xASoEiVZP4gqNU4E77/1syNvYh1gY=
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Subject: [Buildroot] [PATCH 1/1] host-python: Really do not use the system
	OpenSSL.
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Even if buildroot patches host-python to not compile the 'ssl' module,
the '_ssl' and '_hashlib' module are still compiled if python detects
an usable OpenSSL installation.  This may break compilation if the
system's OpenSSL has been updated to 1.1.0 because of a bug in python,
see https://bugs.python.org/issue26470 for details.

If python does not detect an usable openssl installation for _hashlib,
it uses internal implementation of common hash algorithms instead.

This modifies the configure.ac patch to also disable _ssl and _hashlib
if --disable-ssl is used.

It must also modify setup.py to force enabling the internal
implementation of hash algorithms if _hashlib is disabled, otherwise, if
an usable openssl installation is detected, it will not compile
them and python will end up with no hash algorithm implementation at all,
breaking host-python-pycrypto and its reverse-dependencies like crda.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
 .../019-force-internal-hash-if-ssl-disabled.patch  | 22 ++++++++++++++++++++++
 package/python/111-optional-ssl.patch              |  3 ++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 package/python/019-force-internal-hash-if-ssl-disabled.patch

Not sure if I should have added my signed off on 111-optional-ssl.patch
after modifying it.

diff --git a/package/python/019-force-internal-hash-if-ssl-disabled.patch b/package/python/019-force-internal-hash-if-ssl-disabled.patch
new file mode 100644
index 0000000..ff594ca
--- /dev/null
+++ b/package/python/019-force-internal-hash-if-ssl-disabled.patch
@@ -0,0 +1,22 @@
+Force the use of internal hash implementations if _hashlib is disabled.
+
+Otherwise, python ends up with no hash algorithm implementation at all,
+breaking python-pycrypto and its reverse-dependencies.
+
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
+
+--- a/setup.py	2016-11-16 18:02:01.120854546 +0100
++++ b/setup.py	2016-11-17 09:52:32.485674999 +0100
+@@ -863,6 +863,12 @@ class PyBuildExt(build_ext):
+         have_usable_openssl = (have_any_openssl and
+                                openssl_ver >= min_openssl_ver)
+ 
++        if '_hashlib' in disabled_module_list:
++            # Force using the non-openssl fallbacks _md5 and _sha*.
++            have_any_openssl = False
++            have_usable_openssl = False
++            openssl_ver = 0
++
+         if have_any_openssl:
+             if have_usable_openssl:
+                 # The _hashlib module wraps optimized implementations
diff --git a/package/python/111-optional-ssl.patch b/package/python/111-optional-ssl.patch
index 956d2a0..89a8947 100644
--- a/package/python/111-optional-ssl.patch
+++ b/package/python/111-optional-ssl.patch
@@ -1,6 +1,7 @@
 Add an option to disable the ssl module
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
 
 ---
  configure.in |    6 ++++++
@@ -17,7 +18,7 @@ Index: b/configure.ac
 +AC_ARG_ENABLE(ssl,
 +	AS_HELP_STRING([--disable-ssl], [disable SSL]),
 +	[ if test "$enableval" = "no"; then
-+    	     DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} ssl"
++    	     DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} ssl _ssl _hashlib"
 +  	  fi])
 +
  AC_ARG_ENABLE(dbm,