[yocto] CyaSSL Yocto Recipe

Richard Purdie richard.purdie at linuxfoundation.org
Thu Sep 6 15:53:23 PDT 2012 

On Thu, 2012-09-06 at 16:38 -0600, Chris Conlon wrote:
> Hi Saul,
> 
> On Sep 6, 2012, at 4:14 PM, Saul Wold wrote:
> 
> > On 09/06/2012 02:59 PM, Chris Conlon wrote:
> >> Adding a direct link to the CyaSSL recipe file for review:
> >> 
> >> www.yassl.com/files/yocto/cyassl_2.3.0.bb
> >> <http://www.yassl.com/files/yocto/cyassl_2.3.0.bb>
> >> 
> > Chris,
> > 
> > On initial inspection of this recipe it looks OK, what
> package/libraries does it provide?  Are they the same as the openssl
> package?
>
> It provides the CyaSSL embedded SSL library, specifically called
> "libcyassl".  Although it offers similar functionality as the openssl
> package (SSL and crypto support), it shouldn't conflict naming wise.
> OpenSSL's library names are "libssl" and "libcrypto".
>
> > 
> > You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the
> ${PN} may need to be the package names in openssl, I need to check
> that.
>
> CyaSSL shouldn't conflict with OpenSSL, as it has a different library
> name and header location.  Thanks for the suggestion about RPROVIDES.
> I'm new to writing recipe files, so your feedback is very appreciated.
>
> > 
> > I would suggest that initially you make this available as a standard
> > layer, possibly called meta-cyassl, it could be hosted on GitHub.
> You can add it to the OpenEmbedded Layer Index. See
> http://www.openembedded.org/wiki/LayerIndex
> > 
> > Distributions that want to use this instead of OpenSSL can then use
> your layer and select your recipe, if it's setup correctly it will
> provide what they need.
>
> Ok, thanks for the pointer.  Any chance of the recipe getting rolled
> into the OpenEmbedded/Yocto meta/recipes-connectivity layer?

This looks like an interesting piece of software and a quick read
through your webpages suggests there may be some interesting
applications of this within OE which I'd love to explore.

We are however quite careful about what goes into OE-Core and you've
picked about the worst possible point of the cycle to have this
discussion (just after feature freeze which was six days ago).

So I certainly think this could make OE-Core but probably not in the 1.3
release timeframe. I would also want to see some kind of demo that we
could replace some of our openssl/gnutls usage with this too which so
far I've not seen. There is discussion in the OE-Core archives about
making the SSL/TLS provider selectable though so there is certainly
interest.

So I think this is a good idea, a layer is a great place to start
experimenting and if its shown to be successful it would make the core.
We've got to be realistic about the development process and this isn't
going to happen overnight though (a layer is much easier/faster to start
with).

Cheers,

Richard

-- 
Yocto Project Architect
Linux Foundation Fellow

More information about the yocto mailing list