diff mbox series

[meta-oe] signing.bbclass: don't export OPENSSL environment variables globally

Message ID 20230920143340.135812-1-a.fatoum@pengutronix.de
State New
Headers show
Series [meta-oe] signing.bbclass: don't export OPENSSL environment variables globally | expand

Commit Message

Ahmad Fatoum Sept. 20, 2023, 2:33 p.m. UTC
OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.

This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 meta-oe/classes/signing.bbclass | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

Comments

Jan Luebbe Oct. 9, 2023, 12:53 p.m. UTC | #1
On Wed, 2023-09-20 at 16:33 +0200, Ahmad Fatoum wrote:
> OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
> exported globally for any recipe that inherits signing. This not only
> affects the tasks that use the signing infrastructure, but also unrelated
> tasks like e.g. do_fetch. Avoid this by exporting the variables only
> for these tasks that actually call signing_prepare.
> 
> This resolves a breakage I observed on Ubuntu 18.04, where the host
> tool wget is called with the environment variables set and then fails
> with a SSL error (exit code 5).
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

Reviewed-by: Jan Lübbe <jlu@pengutronix.de>

> ---
>  meta-oe/classes/signing.bbclass | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
> index 5c74a319e4f9..79944e3fe91c 100644
> --- a/meta-oe/classes/signing.bbclass
> +++ b/meta-oe/classes/signing.bbclass
> @@ -224,6 +224,12 @@ signing_import_install() {
>  }
>  
>  signing_prepare() {
> +    export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> +    export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
> +    export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
> +    export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
> +    export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
> +
>      if [ -f ${OPENSSL_CONF} ]; then
>          echo "Using '${OPENSSL_CONF}' for OpenSSL configuration"
>      else
> @@ -308,9 +314,3 @@ signing_get_module() {
>  python () {
>      signing_class_prepare(d)
>  }
> -
> -export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
> -export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
> -export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
> -export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
> -export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
diff mbox series

Patch

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 5c74a319e4f9..79944e3fe91c 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -224,6 +224,12 @@  signing_import_install() {
 }
 
 signing_prepare() {
+    export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+    export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
+    export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
+    export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
+    export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
+
     if [ -f ${OPENSSL_CONF} ]; then
         echo "Using '${OPENSSL_CONF}' for OpenSSL configuration"
     else
@@ -308,9 +314,3 @@  signing_get_module() {
 python () {
     signing_class_prepare(d)
 }
-
-export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
-export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
-export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
-export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
-export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"