diff mbox series

[v2,1/2] curl: only set CA bundle in target build

Message ID c6dc4b6aead7933112e653982dccbb8f5db55928.1742467277.git.matthias.schiffer@ew.tq-group.com
State Accepted, archived
Commit 4909a46e93ba774c960c3d3c277e2a669af3fea6
Headers show
Series [v2,1/2] curl: only set CA bundle in target build | expand

Commit Message

Matthias Schiffer March 20, 2025, 11:02 a.m. UTC 
In native/nativesdk builds, sysconfdir refers to a recipe sysroot
directory, which will disappear once the workdir is cleaned up, breaking
libcurl's HTTPS connections.

By simply not setting --with-ca-bundle at all in non-target builds, curl
defaults to the host system's CA certificates, which is desirable anyways
to allow builds in environments that require local CA certificates.

Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
---

v2: new patch to address the root cause of the issue that prompted the
    change reverted in patch 2

 meta/recipes-support/curl/curl_8.12.1.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb
index 1e9e5a0229..dd1c89979a 100644
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -72,12 +72,14 @@  PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
 
 EXTRA_OECONF = " \
     --disable-libcurl-option \
-    --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
     --without-libpsl \
     --enable-optimize \
     ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \
     WATT_ROOT=${STAGING_DIR_TARGET}${prefix} \
 "
+EXTRA_OECONF:append:class-target = " \
+    --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
+"
 
 fix_absolute_paths () {
 	# cleanup buildpaths from curl-config