[yocto] [meta-security][PATCH 2/2] sssd: fix libcrypto version used
akuster808 at gmail.com
Thu Mar 28 22:16:21 PDT 2019
On 3/27/19 12:16 AM, Adrian Bunk wrote:
> On Tue, Mar 26, 2019 at 03:52:39PM -0700, akuster808 wrote:
>> On 3/26/19 3:24 AM, Adrian Bunk wrote:
>>> On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
>>>> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
>>>> recipes-security/sssd/sssd_1.16.3.bb | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
>>>> index 8f7f805..d39fa23 100644
>>>> --- a/recipes-security/sssd/sssd_1.16.3.bb
>>>> +++ b/recipes-security/sssd/sssd_1.16.3.bb
>>>> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
>>>> PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
>>>> PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
>>>> PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
>>>> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
>>>> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
>>> This looks wrong for multiple reasons, and it still gave the same error
>>> when I tried it.
>> That is troubling. I don't see any errors here. Thanks for the feed
>> back. I will have to dig at this a bit more.
>> Can you provide some build detail so that I can reproduce it?
> Try building the package without nss but with cyrpto (sic) in PACKAGECONFIG.
Ok. I see it now.
>>> How has this change been tested?
>> Not for this change.
>> Which reminds me I should automate some testing for this package.
> This is not about automating testing.
> This is about first reproducing the problem you are trying to fix,
> and then verifying that your fix actually fixes this problem.
And that is what i thought I was doing.
> Which is the fundamental way to do any kind of bugfixing.
Thanks for the reminder.
> This one line already contained two bugs, and the commit added a
> third problem (usage of OpenSSL 1.0) without fixing any of these bugs.
> The commit message not stating any reason why this change was done only
> adds to the confusion.
> I thought originally this was a workaround for code not building with
> OpenSSL 1.1, which would then also be required for thud.
I will keep that in mind.
>  this is not one of the harder cases where reproducing the problem
> would be a problem
>  "cyrpto", and "libcrypto" instead of "openssl p11-kit"
More information about the yocto