[yocto] [meta-security][PATCH 2/2] sssd: fix libcrypto version used
bunk at stusta.de
Wed Mar 27 00:16:31 PDT 2019
On Tue, Mar 26, 2019 at 03:52:39PM -0700, akuster808 wrote:
> On 3/26/19 3:24 AM, Adrian Bunk wrote:
> > On Mon, Mar 25, 2019 at 09:58:55AM -0700, Armin Kuster wrote:
> >> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> >> ---
> >> recipes-security/sssd/sssd_1.16.3.bb | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >> diff --git a/recipes-security/sssd/sssd_1.16.3.bb b/recipes-security/sssd/sssd_1.16.3.bb
> >> index 8f7f805..d39fa23 100644
> >> --- a/recipes-security/sssd/sssd_1.16.3.bb
> >> +++ b/recipes-security/sssd/sssd_1.16.3.bb
> >> @@ -33,7 +33,7 @@ PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
> >> PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings"
> >> PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
> >> PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss,"
> >> -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto"
> >> +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto10"
> >> ...
> > This looks wrong for multiple reasons, and it still gave the same error
> > when I tried it.
> That is troubling. I don't see any errors here. Thanks for the feed
> back. I will have to dig at this a bit more.
> Can you provide some build detail so that I can reproduce it?
Try building the package without nss but with cyrpto (sic) in PACKAGECONFIG.
> > How has this change been tested?
> Not for this change.
> Which reminds me I should automate some testing for this package.
This is not about automating testing.
This is about first reproducing the problem you are trying to fix,
and then verifying that your fix actually fixes this problem.
Which is the fundamental way to do any kind of bugfixing.
This one line already contained two bugs, and the commit added a
third problem (usage of OpenSSL 1.0) without fixing any of these bugs.
The commit message not stating any reason why this change was done only
adds to the confusion.
I thought originally this was a workaround for code not building with
OpenSSL 1.1, which would then also be required for thud.
 this is not one of the harder cases where reproducing the problem
would be a problem
 "cyrpto", and "libcrypto" instead of "openssl p11-kit"
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the yocto