| Message ID | 48cc62ab319e2fa89a9fcfdeeb84346872f99987.1742467277.git.matthias.schiffer@ew.tq-group.com |
|---|---|
| State | Accepted, archived |
| Commit | d18f4d9d2ac75f58669754f1e4b7a1313eb9db32 |
| Headers | show |
| Series | [v2,1/2] curl: only set CA bundle in target build | expand |
Thanks, I think this set is now okay. Alex On Thu, 20 Mar 2025 at 12:03, Matthias Schiffer via lists.openembedded.org <matthias.schiffer=ew.tq-group.com@lists.openembedded.org> wrote: > > This reverts commit 2e99ffda70fd95b5eab3de47048032349cd66f4b. > > git-replacement-native is used only to provide a newer version than may > be installed on the system; apart from that, it should work more or less > the same. > > In particular, it is using the host system's /etc/gitconfig; it should > also use the system CA certificates, otherwise it will break HTTPS > connections in environments that need local certificates, for example > for a corporate HTTP proxy. The override had been added to deal with > curl-native relying on the existence of its workdir to access CA > certificates, which has been fixed in the curl recipe now. > > Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> > --- > > v2: extended commit message to explain why the patch is not necessary > anymore > > meta/recipes-devtools/git/git_2.49.0.bb | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/meta/recipes-devtools/git/git_2.49.0.bb b/meta/recipes-devtools/git/git_2.49.0.bb > index 66082d0bde..2ca8711f75 100644 > --- a/meta/recipes-devtools/git/git_2.49.0.bb > +++ b/meta/recipes-devtools/git/git_2.49.0.bb > @@ -4,7 +4,6 @@ DESCRIPTION = "Git is a free and open source distributed version control system > SECTION = "console/utils" > LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later" > DEPENDS = "openssl zlib" > -DEPENDS:class-native += "ca-certificates" > > PROVIDES:append:class-native = " git-replacement-native" > > @@ -97,7 +96,6 @@ perl_native_fixup () { > > REL_GIT_EXEC_PATH = "${@os.path.relpath(libexecdir, bindir)}/git-core" > REL_GIT_TEMPLATE_DIR = "${@os.path.relpath(datadir, bindir)}/git-core/templates" > -REL_GIT_SSL_CAINFO = "${@os.path.relpath(sysconfdir, bindir)}/ssl/certs/ca-certificates.crt" > > do_install:append:class-target () { > perl_native_fixup > @@ -106,7 +104,6 @@ do_install:append:class-target () { > do_install:append:class-native() { > create_wrapper ${D}${bindir}/git \ > GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \ > - GIT_SSL_CAINFO='`dirname $''realpath`'/${REL_GIT_SSL_CAINFO} \ > GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR} > } > > -- > TQ-Systems GmbH | Mühlstraße 2, Gut Delling | 82229 Seefeld, Germany > Amtsgericht München, HRB 105018 > Geschäftsführer: Detlef Schneider, Rüdiger Stahl, Stefan Schneider > https://www.tq-group.com/ > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#213382): https://lists.openembedded.org/g/openembedded-core/message/213382 > Mute This Topic: https://lists.openembedded.org/mt/111806223/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi I was able to reproduce the issue I had by just reverting 2e99ffda70fd. Adding the change to curl you propose then fixes the whole thing again. No objections from my side. Back then Mikko run in the same issue and proposed the same fix you do now [1] but was then dropped in favour of the change to git. Regards Max [1] https://lore.kernel.org/all/20240404132902.68631-2-mikko.rapeli@linaro.org/
diff --git a/meta/recipes-devtools/git/git_2.49.0.bb b/meta/recipes-devtools/git/git_2.49.0.bb index 66082d0bde..2ca8711f75 100644 --- a/meta/recipes-devtools/git/git_2.49.0.bb +++ b/meta/recipes-devtools/git/git_2.49.0.bb @@ -4,7 +4,6 @@ DESCRIPTION = "Git is a free and open source distributed version control system SECTION = "console/utils" LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later" DEPENDS = "openssl zlib" -DEPENDS:class-native += "ca-certificates" PROVIDES:append:class-native = " git-replacement-native" @@ -97,7 +96,6 @@ perl_native_fixup () { REL_GIT_EXEC_PATH = "${@os.path.relpath(libexecdir, bindir)}/git-core" REL_GIT_TEMPLATE_DIR = "${@os.path.relpath(datadir, bindir)}/git-core/templates" -REL_GIT_SSL_CAINFO = "${@os.path.relpath(sysconfdir, bindir)}/ssl/certs/ca-certificates.crt" do_install:append:class-target () { perl_native_fixup @@ -106,7 +104,6 @@ do_install:append:class-target () { do_install:append:class-native() { create_wrapper ${D}${bindir}/git \ GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \ - GIT_SSL_CAINFO='`dirname $''realpath`'/${REL_GIT_SSL_CAINFO} \ GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR} }
This reverts commit 2e99ffda70fd95b5eab3de47048032349cd66f4b. git-replacement-native is used only to provide a newer version than may be installed on the system; apart from that, it should work more or less the same. In particular, it is using the host system's /etc/gitconfig; it should also use the system CA certificates, otherwise it will break HTTPS connections in environments that need local certificates, for example for a corporate HTTP proxy. The override had been added to deal with curl-native relying on the existence of its workdir to access CA certificates, which has been fixed in the curl recipe now. Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> --- v2: extended commit message to explain why the patch is not necessary anymore meta/recipes-devtools/git/git_2.49.0.bb | 3 --- 1 file changed, 3 deletions(-)