[oe,meta-oe] openldap: fix build against gnutls3

Message ID 1399445635-29373-1-git-send-email-koen.kooi@linaro.org
State New
Headers show

Commit Message

Koen Kooi May 7, 2014, 6:53 a.m.
OE-core update from gnutls2 to gnutls3, openldap needs patches to cope with that.

Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
---
 .../0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch | 44 ++++++++++++++++++++++
 .../openldap-2.4.28-gnutls-gcrypt.patch            | 17 +++++++++
 .../recipes-support/openldap/openldap_2.4.23.bb    |  2 +
 3 files changed, 63 insertions(+)
 create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
 create mode 100644 meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch

Comments

Khem Raj May 7, 2014, 7:47 a.m. | #1
On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
> ++                              TLS_LIBS="-lgnutls -lgcrypt"

Does this mean we need something more in DEPENDS or DEPENDS part of
PACKAGECONFIG too ?
Koen Kooi May 7, 2014, 8:29 a.m. | #2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Khem Raj schreef op 07-05-14 09:47:
> On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
>> ++                              TLS_LIBS="-lgnutls -lgcrypt"
> 
> Does this mean we need something more in DEPENDS or DEPENDS part of 
> PACKAGECONFIG too ?

Should be automatic since gnutls depends on it. It's not a new dependency.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: GPGTools - http://gpgtools.org

iD8DBQFTae7hMkyGM64RGpERAlsXAJ46k4UMzSXDOuDVC5j4o/5gCpXN4ACaAjif
2fplxwMdF1anRHDfNJDNt2I=
=bGia
-----END PGP SIGNATURE-----
Paul Eggleton May 7, 2014, 8:57 a.m. | #3
On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote:
> Khem Raj schreef op 07-05-14 09:47:
> > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
> >> ++                              TLS_LIBS="-lgnutls -lgcrypt"
> > 
> > Does this mean we need something more in DEPENDS or DEPENDS part of
> > PACKAGECONFIG too ?
> 
> Should be automatic since gnutls depends on it. It's not a new dependency.

BitBake does not automatically ensure dependencies-of-dependencies are in the 
sysroot. They almost always will be, but I have seen failures in these kinds 
of situations before. Since it explicitly wants to link against libgcrypt, 
libgcrypt should be in its DEPENDS.

Cheers,
Paul
Koen Kooi May 7, 2014, 9:41 a.m. | #4
Op 7 mei 2014, om 10:57 heeft Paul Eggleton <paul.eggleton@linux.intel.com> het volgende geschreven:

> On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote:
>> Khem Raj schreef op 07-05-14 09:47:
>>> On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
>>>> ++                              TLS_LIBS="-lgnutls -lgcrypt"
>>> 
>>> Does this mean we need something more in DEPENDS or DEPENDS part of
>>> PACKAGECONFIG too ?
>> 
>> Should be automatic since gnutls depends on it. It's not a new dependency.
> 
> BitBake does not automatically ensure dependencies-of-dependencies are in the 
> sysroot. They almost always will be, but I have seen failures in these kinds 
> of situations before. Since it explicitly wants to link against libgcrypt, 
> libgcrypt should be in its DEPENDS.

You are completely right! And my original explanation was bogus since the patch was needed since gnutls *stopped* needing gcrypt.

regards,

Koen
Martin Jansa May 7, 2014, 4:48 p.m. | #5
On Wed, May 07, 2014 at 09:57:52AM +0100, Paul Eggleton wrote:
> On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote:
> > Khem Raj schreef op 07-05-14 09:47:
> > > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> wrote:
> > >> ++                              TLS_LIBS="-lgnutls -lgcrypt"
> > > 
> > > Does this mean we need something more in DEPENDS or DEPENDS part of
> > > PACKAGECONFIG too ?
> > 
> > Should be automatic since gnutls depends on it. It's not a new dependency.
> 
> BitBake does not automatically ensure dependencies-of-dependencies are in the 
> sysroot. They almost always will be, but I have seen failures in these kinds 

Are you sure it doesn't?

But I'm also in favor of specifying dependencies-of-dependencies in
cases where the recipe configure task explicitly check for them (so that
when the required dependency is no longer included in "parent"
dependency, e.g. after moving it to PACKAGECONFIG).
Paul Eggleton May 7, 2014, 4:56 p.m. | #6
On Wednesday 07 May 2014 18:48:44 Martin Jansa wrote:
> On Wed, May 07, 2014 at 09:57:52AM +0100, Paul Eggleton wrote:
> > On Wednesday 07 May 2014 10:29:21 Koen Kooi wrote:
> > > Khem Raj schreef op 07-05-14 09:47:
> > > > On Tue, May 6, 2014 at 11:53 PM, Koen Kooi <koen.kooi@linaro.org> 
wrote:
> > > >> ++                              TLS_LIBS="-lgnutls -lgcrypt"
> > > > 
> > > > Does this mean we need something more in DEPENDS or DEPENDS part of
> > > > PACKAGECONFIG too ?
> > > 
> > > Should be automatic since gnutls depends on it. It's not a new
> > > dependency.
> > 
> > BitBake does not automatically ensure dependencies-of-dependencies are in
> > the sysroot. They almost always will be, but I have seen failures in
> > these kinds
>
> Are you sure it doesn't?

Pretty sure, yes.
 
> But I'm also in favor of specifying dependencies-of-dependencies in
> cases where the recipe configure task explicitly check for them (so that
> when the required dependency is no longer included in "parent"
> dependency, e.g. after moving it to PACKAGECONFIG).

If the recipe's configure task explicitly checks for them then to my mind they 
cease to be dependencies of dependencies and become just dependencies.

Cheers,
Paul

Patch

diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
new file mode 100644
index 0000000..dffd3ca
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch
@@ -0,0 +1,44 @@ 
+From 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 7 Sep 2013 09:39:24 -0700
+Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
+
+Upstream-status: Backport
+
+---
+ libraries/libldap/tls_g.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
+index 9acffaf..c793828 100644
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 		 * then we have to build the cert chain.
+ 		 */
+ 		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
++#if GNUTLS_VERSION_NUMBER >= 0x020c00
++			unsigned int i;
++			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
++				if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
++					break;
++				max++;
++				/* If this CA is self-signed, we're done */
++				if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
++					break;
++			}
++#else
+ 			gnutls_x509_crt_t *cas;
+ 			unsigned int i, j, ncas;
+ 
+@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ 				if ( j == ncas )
+ 					break;
+ 			}
++#endif
+ 		}
+ 		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
+ 		if ( rc ) return -1;
+-- 
+1.7.4.2
+
diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
new file mode 100644
index 0000000..c7b1552
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap-2.4.23/openldap-2.4.28-gnutls-gcrypt.patch
@@ -0,0 +1,17 @@ 
+From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/files/
+
+Upstream-status: Unknown
+
+--
+
+--- openldap-2.4.28/configure.in.orig	2012-02-11 22:40:36.004360795 +0000
++++ openldap-2.4.28/configure.in	2012-02-11 22:40:13.410986851 +0000
+@@ -1214,7 +1214,7 @@
+ 				ol_with_tls=gnutls
+ 				ol_link_tls=yes
+ 
+-				TLS_LIBS="-lgnutls"
++				TLS_LIBS="-lgnutls -lgcrypt"
+ 
+ 				AC_DEFINE(HAVE_GNUTLS, 1, 
+ 					[define if you have GNUtls])
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
index 5c6f9ea..d85de03 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.23.bb
@@ -16,6 +16,8 @@  LDAP_VER = "${@'.'.join(d.getVar('PV',1).split('.')[0:2])}"
 SRC_URI = "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${P}.tgz \
     file://openldap-m4-pthread.patch \
     file://kill-icu.patch \
+    file://0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0.patch \
+    file://openldap-2.4.28-gnutls-gcrypt.patch \
     file://initscript \
 "
 SRC_URI[md5sum] = "90150b8c0d0192e10b30157e68844ddf"