From patchwork Mon Apr 28 07:11:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Changqing Li X-Patchwork-Id: 62009 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C28CC36005 for ; Mon, 28 Apr 2025 07:13:26 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.42371.1745824310701688314 for ; Mon, 28 Apr 2025 00:11:50 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=62139e711a=changqing.li@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 53S4FLFh008429 for ; Mon, 28 Apr 2025 07:11:50 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 468mq1am29-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 28 Apr 2025 07:11:49 +0000 (GMT) Received: from ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Mon, 28 Apr 2025 00:11:49 -0700 Received: from pek-lpg-core6.wrs.com (147.11.136.210) by ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Mon, 28 Apr 2025 00:11:48 -0700 From: To: Subject: [walnascar][PATCH 1/3] buildtools-tarball: move setting of envvars to respective envfile Date: Mon, 28 Apr 2025 15:11:44 +0800 Message-ID: <20250428071146.3946035-2-changqing.li@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250428071146.3946035-1-changqing.li@windriver.com> References: <20250428071146.3946035-1-changqing.li@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=KsNN2XWN c=1 sm=1 tr=0 ts=680f2a35 cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=XR8D0OoHHMoA:10 a=UXIAUNObAAAA:8 a=t7CeM3EgAAAA:8 a=rBvAdeR-8HwfwV2o31cA:9 a=8orcLhFfQy56-zct:21 a=a1s67YnXd6TbAZZNj1wK:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: ETLqwrHfq2x_JYI-Kpmg81VEtmyprqrJ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNDI4MDA1OSBTYWx0ZWRfX01mNc9AvworG IwFU5o5mxxTVB3I+qYVMg5Wq82yI5rRHBjfDiGF2Z2HAdTnJiSg6JVRi0Iq97eNJMJNC76TUrUt 0upIEwveR4qZmM2LB8Q3FNTW2nK60xKdobwJiPsyx7X8lyuw0uJZkHUXgPrij/EOKx4my0gHTbX hExyuSRKqrIfjSRMD0S5xA8pAt1hzmtkAsC9su1Vmru8u3DWYk5ME5c+yneWibYUnbUv+kU0BVU ByCQMeWjynHUuNuF7i9+8mOg9ASi6jk/Gn7Y6dkTiDBK3C+Cnrbyr8nW4fwcrow8lTi/ckDcU4I zyTMYTA/DrJz7VonkGzj5PChguAZIQuW5qiifuN1ODdsOtXg8YC8/VZK75u1fndXauSRI5Wu9QL PKqCXCDArQvIG7dFsyOR7iGcuV1B1HMaR4/eUeDBIGef0MFDUVEA7c5eg1Q+FKvBnhCCQOWD X-Proofpoint-GUID: ETLqwrHfq2x_JYI-Kpmg81VEtmyprqrJ X-Sensitive_Customer_Information: Yes X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-04-28_02,2025-04-24_02,2025-02-21_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxlogscore=999 spamscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 phishscore=0 malwarescore=0 clxscore=1015 suspectscore=0 impostorscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2504070000 definitions=main-2504280059 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 28 Apr 2025 07:13:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215581 From: Changqing Li * make git,curl,python3-requests align with openssl, move the setting of envvars into respective envfile * for environment.d-openssl.sh, also check if ca-certificates.crt exist before export envvars Signed-off-by: Changqing Li --- .../openssl/files/environment.d-openssl.sh | 9 ++++++--- meta/recipes-core/meta/buildtools-tarball.bb | 6 ------ meta/recipes-devtools/git/git/environment.d-git.sh | 3 +++ meta/recipes-devtools/git/git_2.49.0.bb | 9 +++++++++ .../environment.d-python3-requests.sh | 3 +++ .../python/python3-requests_2.32.3.bb | 11 +++++++++++ meta/recipes-support/curl/curl/environment.d-curl.sh | 3 +++ meta/recipes-support/curl/curl_8.12.1.bb | 9 +++++++++ 8 files changed, 44 insertions(+), 9 deletions(-) create mode 100644 meta/recipes-devtools/git/git/environment.d-git.sh create mode 100644 meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh create mode 100644 meta/recipes-support/curl/curl/environment.d-curl.sh diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index d4b9047565..79b9bc77ec 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1,6 +1,9 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf" -export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" -export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" + export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" +fi export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" -export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index e2ce5b3ecf..414c266663 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -73,12 +73,6 @@ create_sdk_files:append () { touch $script echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script - if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then - echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - fi echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script echo 'unset HOST_PKG_PATH' diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh new file mode 100644 index 0000000000..18104f0528 --- /dev/null +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-devtools/git/git_2.49.0.bb b/meta/recipes-devtools/git/git_2.49.0.bb index 2ca8711f75..3538170d08 100644 --- a/meta/recipes-devtools/git/git_2.49.0.bb +++ b/meta/recipes-devtools/git/git_2.49.0.bb @@ -12,6 +12,10 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \ " +SRC_URI:append:class-nativesdk = " \ + file://environment.d-git.sh \ + " + S = "${WORKDIR}/git-${PV}" LIC_FILES_CHKSUM = "\ @@ -112,6 +116,9 @@ do_install:append:class-nativesdk() { GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \ GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR} perl_native_fixup + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${UNPACKDIR}/environment.d-git.sh ${D}${SDKPATHNATIVE}/environment-setup.d/git.sh } FILES:${PN} += "${datadir}/git-core ${libexecdir}/git-core/" @@ -152,6 +159,8 @@ FILES:${PN}-tk = " \ PACKAGES =+ "gitweb" FILES:gitweb = "${datadir}/gitweb/" + +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/git.sh" RDEPENDS:gitweb = "perl" BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh new file mode 100644 index 0000000000..f2eee203ca --- /dev/null +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-devtools/python/python3-requests_2.32.3.bb b/meta/recipes-devtools/python/python3-requests_2.32.3.bb index 4f0638b50c..bc9b2289f6 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.3.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.3.bb @@ -3,10 +3,19 @@ HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" +SRC_URI:append:class-nativesdk = " \ + file://environment.d-python3-requests.sh \ +" + SRC_URI[sha256sum] = "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760" inherit pypi python_setuptools_build_meta +do_install:append:class-nativesdk() { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${UNPACKDIR}/environment.d-python3-requests.sh ${D}${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh +} + RDEPENDS:${PN} += " \ python3-certifi \ python3-email \ @@ -19,6 +28,8 @@ RDEPENDS:${PN} += " \ python3-compression \ " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh" + CVE_PRODUCT = "requests" BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh new file mode 100644 index 0000000000..0d53aabb8e --- /dev/null +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb index dd1c89979a..4192693da8 100644 --- a/meta/recipes-support/curl/curl_8.12.1.bb +++ b/meta/recipes-support/curl/curl_8.12.1.bb @@ -15,6 +15,11 @@ SRC_URI = " \ file://disable-tests \ file://no-test-timeout.patch \ " + +SRC_URI:append:class-nativesdk = " \ + file://environment.d-curl.sh \ +" + SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c76de202" # Curl has used many names over the years... @@ -97,6 +102,9 @@ do_install:append:class-target() { do_install:append:class-nativesdk() { fix_absolute_paths + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${UNPACKDIR}/environment.d-curl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/curl.sh } do_compile_ptest() { @@ -150,6 +158,7 @@ FILES:lib${BPN} = "${libdir}/lib*.so.*" RRECOMMENDS:lib${BPN} += "ca-certificates" FILES:${PN} += "${datadir}/zsh" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/curl.sh" inherit multilib_script MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" From patchwork Mon Apr 28 07:11:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Changqing Li X-Patchwork-Id: 62008 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7009AC369D9 for ; Mon, 28 Apr 2025 07:13:26 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.42390.1745824312166299219 for ; Mon, 28 Apr 2025 00:11:52 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=62139e711a=changqing.li@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 53S5kAK4015836 for ; Mon, 28 Apr 2025 07:11:51 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 468mq1am2d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 28 Apr 2025 07:11:51 +0000 (GMT) Received: from ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Mon, 28 Apr 2025 00:11:50 -0700 Received: from pek-lpg-core6.wrs.com (147.11.136.210) by ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Mon, 28 Apr 2025 00:11:49 -0700 From: To: Subject: [walnascar][PATCH 2/3] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS Date: Mon, 28 Apr 2025 15:11:45 +0800 Message-ID: <20250428071146.3946035-3-changqing.li@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250428071146.3946035-1-changqing.li@windriver.com> References: <20250428071146.3946035-1-changqing.li@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=KsNN2XWN c=1 sm=1 tr=0 ts=680f2a37 cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=XR8D0OoHHMoA:10 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=IyByODMcM6hwZvvgUqAA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: NcU7fw7waTq361Vpii7xMdcO2JWPlvHM X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNDI4MDA1OSBTYWx0ZWRfX6P4g4kpQVwnl PVJbr5WbyIvfS6uaR7zCrJ/yNHTbP//dWm3nLPUjm9x0KsJTkqTi9KSVI/6XeaUAKVWKcf9mPCr aBRSnE6QY5vPCv4dGQHHqrVTtSDM0s1WHgdJ5vPUhCivv69C3EfbS5iwsz8Drgoo4kbZU8XlsEg CEvCp+5QUjJqpz55SLmPtEH1nfVDjA3AMwiU+drh39H5/HCiIEpuhUzsTfpbWcOn7nr8FqrnoyS b18YJBBTMvY6fPhUuq8S/GuZrxoxWk884QUfyayZ9L1wA8Xj83gJ7NAggTLHYPVbf2/gJlgpg+6 IEJs5E3Hj5rybKugDt0LU5EH71LvukcYiB5V5xcWAfFN4kabfsAWa/Ihi/q6jhJfGs4E6fVCWzt qgbuekKP8xnZwNJ4RX9Pg7MVFCoEZqQopM/FCF2TAUL9PgzhN1HwgtnZRME5Q3qU++CjcNfi X-Proofpoint-GUID: NcU7fw7waTq361Vpii7xMdcO2JWPlvHM X-Sensitive_Customer_Information: Yes X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-04-28_02,2025-04-24_02,2025-02-21_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxlogscore=999 spamscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 phishscore=0 malwarescore=0 clxscore=1015 suspectscore=0 impostorscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2504070000 definitions=main-2504280059 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 28 Apr 2025 07:13:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215582 From: Changqing Li Here is one testcase: For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1], do_configure[network] = "1" and it will git clone some repos in CMakeLists.txt When buildtools is used and nativesdk-git is installed into sdk, do_configure failed with error: [1/9] Performing download step (git clone) for 'protobuf-populate' Cloning into 'protobuf'... fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their do_configure:prepend() to fix above do_configure failure CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add into BB_ENV_PASSTHROUGH_ADDITIONS [1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb Signed-off-by: Changqing Li --- meta/recipes-devtools/git/git/environment.d-git.sh | 1 + .../python/python3-requests/environment.d-python3-requests.sh | 1 + meta/recipes-support/curl/curl/environment.d-curl.sh | 1 + 3 files changed, 3 insertions(+) diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh index 18104f0528..f8e3221510 100644 --- a/meta/recipes-devtools/git/git/environment.d-git.sh +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO" fi diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh index f2eee203ca..c7faec127d 100644 --- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" fi diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh index 0d53aabb8e..0ab83a267d 100644 --- a/meta/recipes-support/curl/curl/environment.d-curl.sh +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE" fi From patchwork Mon Apr 28 07:11:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Changqing Li X-Patchwork-Id: 62010 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88A66C36005 for ; Mon, 28 Apr 2025 07:13:36 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.42391.1745824312770648514 for ; Mon, 28 Apr 2025 00:11:52 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=62139e711a=changqing.li@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 53S5kAK5015836 for ; Mon, 28 Apr 2025 07:11:52 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 468mq1am2d-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 28 Apr 2025 07:11:51 +0000 (GMT) Received: from ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Mon, 28 Apr 2025 00:11:51 -0700 Received: from pek-lpg-core6.wrs.com (147.11.136.210) by ALA-EXCHNG02.corp.ad.wrs.com (147.11.82.254) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Mon, 28 Apr 2025 00:11:50 -0700 From: To: Subject: [walnascar][PATCH 3/3] buildtools-tarball: Make buildtools respects host CA certificates Date: Mon, 28 Apr 2025 15:11:46 +0800 Message-ID: <20250428071146.3946035-4-changqing.li@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250428071146.3946035-1-changqing.li@windriver.com> References: <20250428071146.3946035-1-changqing.li@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=KsNN2XWN c=1 sm=1 tr=0 ts=680f2a37 cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=XR8D0OoHHMoA:10 a=t7CeM3EgAAAA:8 a=016Zi2SdOkiEh_9rNDoA:9 a=pKl0Dz69q9eXMyLR:21 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: 6lg67Fmy0-yiB_Kn04UWQTA1rOdemgL5 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNDI4MDA1OSBTYWx0ZWRfXwLW9rzoUajvI AZg1vLaautzPZ0GmEgn7jpegvOJODt9PIFcDcb0h2pnK0r64qqdegYUW0uEPYR58D9hyQYtuC/t SSrl8GmEwq67CjlibfiDm1/1Fyix9k76ZSbLyeGD8DIYePxoghdHp53X9ouys61fPjaOxG0emEM EX7zRZYXNtUKyTL1AhZdg/Xu+vR+u27R+yYJUSAyZggJs+JwCj6Do4MKs8kLBLTGn4s2DHfqube qEzEcM/IRZFVwvE3pHSV1da51lA19uMpEhlvYoXbSVm3/73AVrX//0jz5hb5CcFIXLeEOjy/o9F OdCdcWUJt+AO1vVm6FCsjKwxSKUTsxAeCxVoMKFv6Gy6Ix0baAxFq8gbp8eqW469o+0Px2daRMQ As0PbHqiH1JwFtgc6DpG2qRrWLoHJm77NsTT9zhxQU6j0NVye0CkMH034Ug1lRqlx2vSd/ul X-Proofpoint-GUID: 6lg67Fmy0-yiB_Kn04UWQTA1rOdemgL5 X-Sensitive_Customer_Information: Yes X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-04-28_02,2025-04-24_02,2025-02-21_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxlogscore=999 spamscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 phishscore=0 malwarescore=0 clxscore=1015 suspectscore=0 impostorscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2504070000 definitions=main-2504280059 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 28 Apr 2025 07:13:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215583 From: Changqing Li To adapt user network enviroment, buildtools should first try to use the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these envs is not set, then use the auto-detected ca file and ca path, and finally use the CA certificates in buildtools. nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work nativesdk-curl don't set default ca file, need SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO also works nativesdk-python3-requests will use cacert.pem under python module certifi by default, need to set REQUESTS_CA_BUNDLE Signed-off-by: Changqing Li --- .../openssl/files/environment.d-openssl.sh | 25 +++++++++++++++---- meta/recipes-core/meta/buildtools-tarball.bb | 23 ++++++++++++++++- .../git/git/environment.d-git.sh | 21 +++++++++++++--- .../environment.d-python3-requests.sh | 13 +++++++--- .../curl/curl/environment.d-curl.sh | 21 +++++++++++++--- 5 files changed, 88 insertions(+), 15 deletions(-) diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index 79b9bc77ec..71d378734c 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1,9 +1,24 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf" -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" - export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" -fi export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" + +# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$SSL_CERT_FILE" ]; then + if [ -n "$CAFILE" ];then + export SSL_CERT_FILE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" + fi +fi + +if [ -z "$SSL_CERT_DIR" ]; then + if [ -n "$CAPATH" ];then + export SSL_CERT_DIR="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 414c266663..8e78169e23 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -80,14 +80,35 @@ create_sdk_files:append () { toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} cat >> $script </dev/null 2>/dev/null; then + CAPATH="\$a" +fi + if [ -d "\$OECORE_NATIVE_SYSROOT/environment-setup.d" ]; then for envfile in \$OECORE_NATIVE_SYSROOT/environment-setup.d/*.sh; do . \$envfile done fi + # We have to unset this else it can confuse oe-selftest and other tools # which may also use the overlapping namespace. -unset OECORE_NATIVE_SYSROOT +unset OECORE_NATIVE_SYSROOT CAFILE CAPATH EOF if [ "${SDKMACHINE}" = "i686" ]; then diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh index f8e3221510..9c7b5a9251 100644 --- a/meta/recipes-devtools/git/git/environment.d-git.sh +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -1,4 +1,19 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO" +# Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$GIT_SSL_CAINFO" ]; then + if [ -n "$CAFILE" ];then + export GIT_SSL_CAINFO="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +if [ -z "$GIT_SSL_CAPATH" ]; then + if [ -n "$CAPATH" ];then + export GIT_SSL_CAPATH="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO GIT_SSL_CAPATH" diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh index c7faec127d..492177a9c3 100644 --- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -1,4 +1,11 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" +# Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$REQUESTS_CA_BUNDLE" ]; then + if [ -n "$CAFILE" ];then + export REQUESTS_CA_BUNDLE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh index 0ab83a267d..7c2971b3da 100644 --- a/meta/recipes-support/curl/curl/environment.d-curl.sh +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -1,4 +1,19 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE" +# Respect host env CURL_CA_BUNDLE/CURL_CA_PATH first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$CURL_CA_PATH" ]; then + if [ -n "$CAFILE" ];then + export CURL_CA_BUNDLE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +if [ -z "$CURL_CA_PATH" ]; then + if [ -n "$CAPATH" ];then + export CURL_CA_PATH="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_PATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE CURL_CA_PATH"