| Message ID | 20220410172852.4136-1-f_l_k@t-online.de |
|---|---|
| State | New |
| Headers | show |
| Series | glib-networking: build with gnutls support | expand |
Hi Markus, Please use one commit per component as it is easy to describe. Jose Markus Volk <f_l_k@t-online.de> escreveu no dia domingo, 10/04/2022 à(s) 18:29: > this fixes authentication issues with geary and tls connection > > Signed-off-by: Markus Volk <f_l_k@t-online.de> > --- > meta/recipes-core/glib-networking/glib-networking_2.72.0.bb | 2 +- > meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +- > meta/recipes-support/p11-kit/p11-kit_0.24.1.bb | 4 ++-- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > index d578f17aa5..73827b0a85 100644 > --- a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > +++ b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > @@ -11,7 +11,7 @@ DEPENDS = "glib-2.0" > > SRC_URI[archive.sha256sum] = > "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b" > > -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', > 'tests', '', d)}" > +PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', > '1', 'tests', '', d)}" > > PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" > PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" > diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb > b/meta/recipes-support/gnutls/gnutls_3.7.4.bb > index b34eb7f5f0..c2bb1da8be 100644 > --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb > +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb > @@ -27,7 +27,7 @@ SRC_URI[sha256sum] = > "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f62 > > inherit autotools texinfo pkgconfig gettext lib_package gtk-doc > > -PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', > 'seccomp', d)}" > +PACKAGECONFIG ??= "libidn p11-kit ${@bb.utils.filter('DISTRO_FEATURES', > 'seccomp', d)}" > > # You must also have CONFIG_SECCOMP enabled in the kernel for > # seccomp to work. > diff --git a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > index 59cbb67961..32c382489e 100644 > --- a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > +++ b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > @@ -14,7 +14,7 @@ SRC_URI = "git:// > github.com/p11-glue/p11-kit;branch=master;protocol=https" > SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0" > S = "${WORKDIR}/git" > > -PACKAGECONFIG ??= "" > +PACKAGECONFIG ??= "trust-paths" > PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native" > PACKAGECONFIG[trust-paths] = > "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates" > > @@ -29,4 +29,4 @@ FILES:${PN} += " \ > # PN contains p11-kit-proxy.so, a symlink to a loadable module > INSANE_SKIP:${PN} = "dev-so" > > -BBCLASSEXTEND = "nativesdk" > +BBCLASSEXTEND = "native nativesdk" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164204): > https://lists.openembedded.org/g/openembedded-core/message/164204 > Mute This Topic: https://lists.openembedded.org/mt/90378285/5052612 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > quaresma.jose@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On Sun, Apr 10, 2022 at 10:29 AM Markus Volk <f_l_k@t-online.de> wrote: > > this fixes authentication issues with geary and tls connection > > Signed-off-by: Markus Volk <f_l_k@t-online.de> > --- > meta/recipes-core/glib-networking/glib-networking_2.72.0.bb | 2 +- > meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +- > meta/recipes-support/p11-kit/p11-kit_0.24.1.bb | 4 ++-- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > index d578f17aa5..73827b0a85 100644 > --- a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > +++ b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > @@ -11,7 +11,7 @@ DEPENDS = "glib-2.0" > > SRC_URI[archive.sha256sum] = "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b" > > -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > +PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" This should either be gnutls or openssl, not both. But aside from that, gnutls brings (L)GPLv3 issues and therefore should not be enabled by default. Are you saying that some glib-networking functionality works when using gnutls but does not work when using openssl? If so, is it a known limitation? Or a bug? If a bug, has it been reported upstream? The commit message should explain those kinds of details. > PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" > PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" > diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb > index b34eb7f5f0..c2bb1da8be 100644 > --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb > +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb > @@ -27,7 +27,7 @@ SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f62 > > inherit autotools texinfo pkgconfig gettext lib_package gtk-doc > > -PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" > +PACKAGECONFIG ??= "libidn p11-kit ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" > > # You must also have CONFIG_SECCOMP enabled in the kernel for > # seccomp to work. > diff --git a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > index 59cbb67961..32c382489e 100644 > --- a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > +++ b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb > @@ -14,7 +14,7 @@ SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https" > SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0" > S = "${WORKDIR}/git" > > -PACKAGECONFIG ??= "" > +PACKAGECONFIG ??= "trust-paths" > PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native" > PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates" > > @@ -29,4 +29,4 @@ FILES:${PN} += " \ > # PN contains p11-kit-proxy.so, a symlink to a loadable module > INSANE_SKIP:${PN} = "dev-so" > > -BBCLASSEXTEND = "nativesdk" > +BBCLASSEXTEND = "native nativesdk" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164204): https://lists.openembedded.org/g/openembedded-core/message/164204 > Mute This Topic: https://lists.openembedded.org/mt/90378285/3619030 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [armccurdy@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Am 11.04.22 um 06:25 schrieb Andre McCurdy: > On Sun, Apr 10, 2022 at 10:29 AM Markus Volk<f_l_k@t-online.de> wrote: >> this fixes authentication issues with geary and tls connection >> >> Signed-off-by: Markus Volk<f_l_k@t-online.de> >> --- >> meta/recipes-core/glib-networking/glib-networking_2.72.0.bb | 2 +- >> meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +- >> meta/recipes-support/p11-kit/p11-kit_0.24.1.bb | 4 ++-- >> 3 files changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb >> index d578f17aa5..73827b0a85 100644 >> --- a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb >> +++ b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb >> @@ -11,7 +11,7 @@ DEPENDS = "glib-2.0" >> >> SRC_URI[archive.sha256sum] = "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b" >> >> -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" >> +PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > This should either be gnutls or openssl, not both. But aside from > that, gnutls brings (L)GPLv3 issues and therefore should not be > enabled by default. In a perfect world, I would say you are right. There should not even exist more than one implementation. In reality, at least for now, geary is broken with openssl. As for your concern about gplv3 issues. As far as I know, the core of gnutls is under LGPL-2.1. Only installation of gnutls-bin or gnutls-openssl ||should introduce GPL-3.0. I'm more like thinking "better to have more mainstays, so you dont fall if you loose one". But i'm not strict with my opinion. This change can also be done with bbappends. > Are you saying that some glib-networking functionality works when > using gnutls but does not work when using openssl? If so, is it a > known limitation? Or a bug? If a bug, has it been reported upstream? > The commit message should explain those kinds of details. It completely stopped working with openssl. This happened about two weeks ago, possibly because of the latest openssl update.
On Sun, Apr 10, 2022 at 10:46 PM Markus Volk <f_l_k@t-online.de> wrote: > > > Am 11.04.22 um 06:25 schrieb Andre McCurdy: > > On Sun, Apr 10, 2022 at 10:29 AM Markus Volk <f_l_k@t-online.de> wrote: > > this fixes authentication issues with geary and tls connection > > Signed-off-by: Markus Volk <f_l_k@t-online.de> > --- > meta/recipes-core/glib-networking/glib-networking_2.72.0.bb | 2 +- > meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +- > meta/recipes-support/p11-kit/p11-kit_0.24.1.bb | 4 ++-- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > index d578f17aa5..73827b0a85 100644 > --- a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > +++ b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb > @@ -11,7 +11,7 @@ DEPENDS = "glib-2.0" > > SRC_URI[archive.sha256sum] = "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b" > > -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > +PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > > This should either be gnutls or openssl, not both. But aside from > that, gnutls brings (L)GPLv3 issues and therefore should not be > enabled by default. > > In a perfect world, I would say you are right. There should not even exist more than one implementation. > > In reality, at least for now, geary is broken with openssl. > > As for your concern about gplv3 issues. As far as I know, the core of gnutls is under LGPL-2.1. Only installation of gnutls-bin or gnutls-openssl should introduce GPL-3.0. > It's the dependencies that you have to count as well in order to link with libgnutls in a program. libgnutls requires nettle which requires GMP. GMP (>= 6.0.0) is dual licensed LGPLv3+ or GPLv2+. Starting with 3.5.7 libunistring is required too. It also is dual licensed LGPLv3+ or GPLv2+ > I'm more like thinking "better to have more mainstays, so you dont fall if you loose one". But i'm not strict with my opinion. This change can also be done with bbappends. > > Are you saying that some glib-networking functionality works when > using gnutls but does not work when using openssl? If so, is it a > known limitation? Or a bug? If a bug, has it been reported upstream? > The commit message should explain those kinds of details. > > It completely stopped working with openssl. This happened about two weeks ago, possibly because of the latest openssl update. I think it would be nice to check with upstream if that's intentional or perhaps open a bug with upstream to report the problem. > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164214): https://lists.openembedded.org/g/openembedded-core/message/164214 > Mute This Topic: https://lists.openembedded.org/mt/90378285/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb index d578f17aa5..73827b0a85 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.72.0.bb @@ -11,7 +11,7 @@ DEPENDS = "glib-2.0" SRC_URI[archive.sha256sum] = "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b" -PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index b34eb7f5f0..c2bb1da8be 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -27,7 +27,7 @@ SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f62 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc -PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" +PACKAGECONFIG ??= "libidn p11-kit ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" # You must also have CONFIG_SECCOMP enabled in the kernel for # seccomp to work. diff --git a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb index 59cbb67961..32c382489e 100644 --- a/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb +++ b/meta/recipes-support/p11-kit/p11-kit_0.24.1.bb @@ -14,7 +14,7 @@ SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https" SRCREV = "dd0590d4e583f107e3e9fafe9ed754149da335d0" S = "${WORKDIR}/git" -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "trust-paths" PACKAGECONFIG[manpages] = "-Dman=true,-Dman=false,libxslt-native" PACKAGECONFIG[trust-paths] = "-Dtrust_paths=/etc/ssl/certs/ca-certificates.crt,,,ca-certificates" @@ -29,4 +29,4 @@ FILES:${PN} += " \ # PN contains p11-kit-proxy.so, a symlink to a loadable module INSANE_SKIP:${PN} = "dev-so" -BBCLASSEXTEND = "nativesdk" +BBCLASSEXTEND = "native nativesdk"
this fixes authentication issues with geary and tls connection Signed-off-by: Markus Volk <f_l_k@t-online.de> --- meta/recipes-core/glib-networking/glib-networking_2.72.0.bb | 2 +- meta/recipes-support/gnutls/gnutls_3.7.4.bb | 2 +- meta/recipes-support/p11-kit/p11-kit_0.24.1.bb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-)