diff mbox series

python3-cryptography: Add legacy-openssl packageconfig

Message ID 20260122025736.187410-1-colinmca242@gmail.com
State New
Headers show
Series python3-cryptography: Add legacy-openssl packageconfig | expand

Commit Message

Colin Pinnell McAllister Jan. 22, 2026, 2:57 a.m. UTC 
Fixes [YOCTO #15416]

Adds legacy-openssl packageconfig option to allow users to specify
if they would like the cryptography module to support the legacy OpenSSL
module or not. The legacy-openssl packageconfig option ensures the
openssl-ossl-module-legacy package is set as a runtime dependency. If
the packageconfig option is disabled,
CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY will prevent the library from ever
attempting to load the legacy provdier.

Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
---

I wasn't sure if this new packageconfig option should be enabled or
disabled by default. Leaving it enabled seems like the less disruptive
option, although it's leaving the module in a less secure state by
default.

I'm happy to update the patch to leave the option disabled by default
if others think that would be better.

 meta/recipes-devtools/python/python3-cryptography.bb | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3-cryptography.bb b/meta/recipes-devtools/python/python3-cryptography.bb
index b3b45cd172..366fda5e87 100644
--- a/meta/recipes-devtools/python/python3-cryptography.bb
+++ b/meta/recipes-devtools/python/python3-cryptography.bb
@@ -22,6 +22,11 @@  require ${BPN}-crates.inc
 
 inherit pypi python_maturin cargo-update-recipe-crates pkgconfig
 
+PACKAGECONFIG ??= "legacy-openssl"
+PACKAGECONFIG[legacy-openssl] = ",,,openssl-ossl-module-legacy"
+
+export CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY = "${@bb.utils.contains('PACKAGECONFIG', 'legacy-openssl', '0', '1', d)}"
+
 DEPENDS += " \
     python3-cffi-native \
     openssl \