* [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl
@ 2022-07-18 20:38 Yann E. MORIN
2022-07-19 3:29 ` Baruch Siach via buildroot
2022-08-11 11:06 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Yann E. MORIN @ 2022-07-18 20:38 UTC (permalink / raw)
To: buildroot; +Cc: Yann E . MORIN, Nicola Di Lieto
From: Baruch Siach <baruch@tkos.co.il>
uacme configure script fails when libcurl does not support TLS. This
means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme.
Add a kconfig knob to libcurl, BR2_PACKAGE_LIBCURL_FORCE_TLS, so that
_TLS_NONE is not an option. Select that from uacme.
Note that, beside selecting BR2_PACKAGE_LIBCURL_FORCE_TLS, packages will
have to also select a package that can be used as a crypto backend by
libcurl. Use of BR2_PACKAGE_LIBCURL_FORCE_TLS is unlikely to become very
common in the foreseeable future, so we don't need to optimize for this
corner case.
uacme already needs a crypto package for itself, so the above
requirement is naturally met for uacme.
Fixes:
http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[yann.morin.1998@free.fr:
- keep the current forward select
- add the kconfig knob
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
v5 (Yann E. MORIN):
Rename knob to _FORCE_TLS (Baruch)
_FORCE_TLS needs a crypto package to be selected (Baruch)
Expand commit log to explain that (Baruch)
v4 (Yann E. MORIN):
Restore forward select
Add the _FORCE_SSL_TLS kconfig knob; use it from uacme
v3:
Move comments up to fix suboption indentation (Yann)
Add missing MMU comment dependency (Yann)
v2:
Add dependency on crypto back end for uacme itself (Nicola Di Lieto)
---
package/libcurl/Config.in | 7 +++++++
package/uacme/Config.in | 1 +
2 files changed, 8 insertions(+)
diff --git a/package/libcurl/Config.in b/package/libcurl/Config.in
index 3381decca8..bc2f8f47f2 100644
--- a/package/libcurl/Config.in
+++ b/package/libcurl/Config.in
@@ -45,6 +45,12 @@ config BR2_PACKAGE_LIBCURL_EXTRA_PROTOCOLS_FEATURES
- DICT
- Gopher
+# Packages must select that if they require a SSL/TLS-enabled libcurl.
+# Those packages must also select one crypto package that can be used
+# as a backend below.
+config BR2_PACKAGE_LIBCURL_FORCE_TLS
+ bool
+
choice
prompt "SSL/TLS library to use"
@@ -77,6 +83,7 @@ comment "WolfSSL needs a toolchain w/ dynamic library"
config BR2_PACKAGE_LIBCURL_TLS_NONE
bool "None"
+ depends on !BR2_PACKAGE_LIBCURL_FORCE_SSL_TLS
endchoice
diff --git a/package/uacme/Config.in b/package/uacme/Config.in
index 58b7c534e7..796f54754e 100644
--- a/package/uacme/Config.in
+++ b/package/uacme/Config.in
@@ -3,6 +3,7 @@ config BR2_PACKAGE_UACME
depends on BR2_USE_MMU # fork()
select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
select BR2_PACKAGE_LIBCURL
+ select BR2_PACKAGE_LIBCURL_FORCE_TLS
help
uacme is a client for the ACMEv2 protocol described in
RFC8555, written in plain C with minimal dependencies
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl
2022-07-18 20:38 [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl Yann E. MORIN
@ 2022-07-19 3:29 ` Baruch Siach via buildroot
2022-07-19 15:48 ` Yann E. MORIN
2022-08-11 11:06 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Baruch Siach via buildroot @ 2022-07-19 3:29 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Nicola Di Lieto, buildroot
Hi Yann,
On Mon, Jul 18 2022, Yann E. MORIN wrote:
> From: Baruch Siach <baruch@tkos.co.il>
>
> uacme configure script fails when libcurl does not support TLS. This
> means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme.
>
> Add a kconfig knob to libcurl, BR2_PACKAGE_LIBCURL_FORCE_TLS, so that
> _TLS_NONE is not an option. Select that from uacme.
>
> Note that, beside selecting BR2_PACKAGE_LIBCURL_FORCE_TLS, packages will
> have to also select a package that can be used as a crypto backend by
> libcurl. Use of BR2_PACKAGE_LIBCURL_FORCE_TLS is unlikely to become very
> common in the foreseeable future, so we don't need to optimize for this
> corner case.
This sentence is not clear without its original email discussion
context. So I'd add in its end: "... with automatic selection of crypto
backend".
>
> uacme already needs a crypto package for itself, so the above
> requirement is naturally met for uacme.
>
> Fixes:
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
>
> Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> [yann.morin.1998@free.fr:
> - keep the current forward select
> - add the kconfig knob
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
LGTM. Not this is the right tag since I'm technically the patch
author. But FWIW here it is anyway.
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Thanks,
baruch
> ---
> v5 (Yann E. MORIN):
> Rename knob to _FORCE_TLS (Baruch)
> _FORCE_TLS needs a crypto package to be selected (Baruch)
> Expand commit log to explain that (Baruch)
>
> v4 (Yann E. MORIN):
> Restore forward select
> Add the _FORCE_SSL_TLS kconfig knob; use it from uacme
>
> v3:
> Move comments up to fix suboption indentation (Yann)
> Add missing MMU comment dependency (Yann)
>
> v2:
> Add dependency on crypto back end for uacme itself (Nicola Di Lieto)
> ---
> package/libcurl/Config.in | 7 +++++++
> package/uacme/Config.in | 1 +
> 2 files changed, 8 insertions(+)
>
> diff --git a/package/libcurl/Config.in b/package/libcurl/Config.in
> index 3381decca8..bc2f8f47f2 100644
> --- a/package/libcurl/Config.in
> +++ b/package/libcurl/Config.in
> @@ -45,6 +45,12 @@ config BR2_PACKAGE_LIBCURL_EXTRA_PROTOCOLS_FEATURES
> - DICT
> - Gopher
>
> +# Packages must select that if they require a SSL/TLS-enabled libcurl.
> +# Those packages must also select one crypto package that can be used
> +# as a backend below.
> +config BR2_PACKAGE_LIBCURL_FORCE_TLS
> + bool
> +
> choice
> prompt "SSL/TLS library to use"
>
> @@ -77,6 +83,7 @@ comment "WolfSSL needs a toolchain w/ dynamic library"
>
> config BR2_PACKAGE_LIBCURL_TLS_NONE
> bool "None"
> + depends on !BR2_PACKAGE_LIBCURL_FORCE_SSL_TLS
>
> endchoice
>
> diff --git a/package/uacme/Config.in b/package/uacme/Config.in
> index 58b7c534e7..796f54754e 100644
> --- a/package/uacme/Config.in
> +++ b/package/uacme/Config.in
> @@ -3,6 +3,7 @@ config BR2_PACKAGE_UACME
> depends on BR2_USE_MMU # fork()
> select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
> select BR2_PACKAGE_LIBCURL
> + select BR2_PACKAGE_LIBCURL_FORCE_TLS
> help
> uacme is a client for the ACMEv2 protocol described in
> RFC8555, written in plain C with minimal dependencies
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl
2022-07-19 3:29 ` Baruch Siach via buildroot
@ 2022-07-19 15:48 ` Yann E. MORIN
0 siblings, 0 replies; 4+ messages in thread
From: Yann E. MORIN @ 2022-07-19 15:48 UTC (permalink / raw)
To: Baruch Siach; +Cc: buildroot, Nicola Di Lieto
Baruch, All,
On 2022-07-19 06:29 +0300, Baruch Siach via buildroot spake thusly:
> On Mon, Jul 18 2022, Yann E. MORIN wrote:
> > From: Baruch Siach <baruch@tkos.co.il>
> >
> > uacme configure script fails when libcurl does not support TLS. This
> > means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme.
> >
> > Add a kconfig knob to libcurl, BR2_PACKAGE_LIBCURL_FORCE_TLS, so that
> > _TLS_NONE is not an option. Select that from uacme.
> >
> > Note that, beside selecting BR2_PACKAGE_LIBCURL_FORCE_TLS, packages will
> > have to also select a package that can be used as a crypto backend by
> > libcurl. Use of BR2_PACKAGE_LIBCURL_FORCE_TLS is unlikely to become very
> > common in the foreseeable future, so we don't need to optimize for this
> > corner case.
>
> This sentence is not clear without its original email discussion
> context. So I'd add in its end: "... with automatic selection of crypto
> backend".
Agreed, thanks! I'll tweak it that way before I apply and push, then.
> > uacme already needs a crypto package for itself, so the above
> > requirement is naturally met for uacme.
> >
> > Fixes:
> > http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> > http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> > http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
> >
> > Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> > [yann.morin.1998@free.fr:
> > - keep the current forward select
> > - add the kconfig knob
> > ]
> > Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
>
> LGTM. Not this is the right tag since I'm technically the patch
> author. But FWIW here it is anyway.
>
> Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Well, it is still correct to provide that tag: it means you acknowkedge
and validate the changes I made, so recording that in the commit log is
very important.
Thanks!
Regards,
Yann E. MORIN.
> Thanks,
> baruch
>
> > ---
> > v5 (Yann E. MORIN):
> > Rename knob to _FORCE_TLS (Baruch)
> > _FORCE_TLS needs a crypto package to be selected (Baruch)
> > Expand commit log to explain that (Baruch)
> >
> > v4 (Yann E. MORIN):
> > Restore forward select
> > Add the _FORCE_SSL_TLS kconfig knob; use it from uacme
> >
> > v3:
> > Move comments up to fix suboption indentation (Yann)
> > Add missing MMU comment dependency (Yann)
> >
> > v2:
> > Add dependency on crypto back end for uacme itself (Nicola Di Lieto)
> > ---
> > package/libcurl/Config.in | 7 +++++++
> > package/uacme/Config.in | 1 +
> > 2 files changed, 8 insertions(+)
> >
> > diff --git a/package/libcurl/Config.in b/package/libcurl/Config.in
> > index 3381decca8..bc2f8f47f2 100644
> > --- a/package/libcurl/Config.in
> > +++ b/package/libcurl/Config.in
> > @@ -45,6 +45,12 @@ config BR2_PACKAGE_LIBCURL_EXTRA_PROTOCOLS_FEATURES
> > - DICT
> > - Gopher
> >
> > +# Packages must select that if they require a SSL/TLS-enabled libcurl.
> > +# Those packages must also select one crypto package that can be used
> > +# as a backend below.
> > +config BR2_PACKAGE_LIBCURL_FORCE_TLS
> > + bool
> > +
> > choice
> > prompt "SSL/TLS library to use"
> >
> > @@ -77,6 +83,7 @@ comment "WolfSSL needs a toolchain w/ dynamic library"
> >
> > config BR2_PACKAGE_LIBCURL_TLS_NONE
> > bool "None"
> > + depends on !BR2_PACKAGE_LIBCURL_FORCE_SSL_TLS
> >
> > endchoice
> >
> > diff --git a/package/uacme/Config.in b/package/uacme/Config.in
> > index 58b7c534e7..796f54754e 100644
> > --- a/package/uacme/Config.in
> > +++ b/package/uacme/Config.in
> > @@ -3,6 +3,7 @@ config BR2_PACKAGE_UACME
> > depends on BR2_USE_MMU # fork()
> > select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
> > select BR2_PACKAGE_LIBCURL
> > + select BR2_PACKAGE_LIBCURL_FORCE_TLS
> > help
> > uacme is a client for the ACMEv2 protocol described in
> > RFC8555, written in plain C with minimal dependencies
>
>
> --
> ~. .~ Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
> - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl
2022-07-18 20:38 [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl Yann E. MORIN
2022-07-19 3:29 ` Baruch Siach via buildroot
@ 2022-08-11 11:06 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-08-11 11:06 UTC (permalink / raw)
To: Yann E. MORIN; +Cc: Nicola Di Lieto, buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> From: Baruch Siach <baruch@tkos.co.il>
> uacme configure script fails when libcurl does not support TLS. This
> means that BR2_PACKAGE_LIBCURL_TLS_NONE is incompatible with uacme.
> Add a kconfig knob to libcurl, BR2_PACKAGE_LIBCURL_FORCE_TLS, so that
> _TLS_NONE is not an option. Select that from uacme.
> Note that, beside selecting BR2_PACKAGE_LIBCURL_FORCE_TLS, packages will
> have to also select a package that can be used as a crypto backend by
> libcurl. Use of BR2_PACKAGE_LIBCURL_FORCE_TLS is unlikely to become very
> common in the foreseeable future, so we don't need to optimize for this
> corner case.
> uacme already needs a crypto package for itself, so the above
> requirement is naturally met for uacme.
> Fixes:
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/4e16f1d958ac3d30e26e7f17bdffc47834b0e2bd/
> http://autobuild.buildroot.net/results/25280409b32282b4dd40b1e88127051439380f3d/
> Cc: Nicola Di Lieto <nicola.dilieto@gmail.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> [yann.morin.1998@free.fr:
> - keep the current forward select
> - add the kconfig knob
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
> ---
> v5 (Yann E. MORIN):
> Rename knob to _FORCE_TLS (Baruch)
> _FORCE_TLS needs a crypto package to be selected (Baruch)
> Expand commit log to explain that (Baruch)
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-11 11:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-18 20:38 [Buildroot] [PATCHv5] package/uacme: requires TLS support in libcurl Yann E. MORIN
2022-07-19 3:29 ` Baruch Siach via buildroot
2022-07-19 15:48 ` Yann E. MORIN
2022-08-11 11:06 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.