[Buildroot] [RFC PATCH] package/uacme: requires TLS support in libcurl

Baruch Siach baruch at tkos.co.il
Wed Jul 13 07:38:45 UTC 2022 

Hi Nicola,

On Wed, Jul 13 2022, Nicola Di Lieto wrote:
> On Wed, Jul 13, 2022 at 09:43:11AM +0300, Baruch Siach wrote:
>>This issue is already in current code. The line
>>
>>  select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
>>
>>does not guarantee that libcurl uses any of these as crypt back
>>end. libcurl might still have BR2_PACKAGE_LIBCURL_BEARSSL or
>>BR2_PACKAGE_LIBCURL_WOLFSSL set.
>
> It doesn't matter what libcurl is using, as long as it can do TLS. uacme needs
> one of OpenSSL, GnuTLS or mbedTLS and will work fine even when curl is using
> WolfSSL or BearSSL. Of course having two crypto libraries wouldn't be very
> efficient...

I see. So currently the 'select' statement is needed because uacme
itself needs one of these as a cryto back end regardless of libcurl. Is
that correct?

>>This patch only fixes the BR2_PACKAGE_LIBCURL_TLS_NONE case, but we can
>>easily add others for something like
>>
>>  depends on BR2_PACKAGE_LIBCURL && !BR2_PACKAGE_LIBCURL_TLS_NONE
>>          && !BR2_PACKAGE_LIBCURL_BEARSSL && !BR2_PACKAGE_LIBCURL_WOLFSSL
>
> That might work, as long as one of OpenSSL, GnuTLS or mbedTLS is
> selected.

One of them must be selected to satisfy libcurl need for crypto back
end. But it is not very user friendly.

>>The reason I marked this patch RFC is because we usually do not 'depend'
>>on non obvious dependencies like libcurl, but 'select' them
>>automatically to make it easier for the user. But I could not find a way
>>to avoid build failure using only 'select'.
>
> There was some discussion about this when I submitted the package:
>
> https://lists.buildroot.org/pipermail/buildroot/2019-April/551561.html
>
>>What do you think?
>
> I think your latest proposal might work but I'm not sure it complies with
> buildroot guidelines. Can someone more knowledgeable comment as well?

I hope so.

I'll try a combination of 'select' and 'depends' to see how far I get.

Thanks,
baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

More information about the buildroot mailing list