The recent crypto handling change (commit 04a1031d3: package/libssh2: Add
selectable crypto libraries) had the unfortunate side effect that it no
longer automatically selects the most suitable crypto backend (E.G. one
where the dependency is already enabled), so all users not wanting to use
the mbedtls backend need to explicitly configure this.
Fix this by inverting the logic so the crypto backend sub options use
'depends on' their dependencies instead of 'select', so only the available
backends are displayed.
Like before, default to openssl if no crypto backend dependencies are
currently enabled.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Currently, the selection of the backend is based on a priority order,
which is not always desirable: not all features are available for all
backends, as reported upstream:
https://github.com/libssh2/libssh2/issues/213
In that particular case, the problem is that libgcrypt is unable to
read encrypted certificates created with openssl, but it is likely
that other incompatibilities exist as well.
As such, allow a user to select the backend most appropriate to their
use-case.
Note that this changes the defaults: previously, if openssl was already
selected and we additionally select libssh2, openssl would be used as
a backend. Now, mbedtls is the default so if the user doesn't change
it, mbedtls will be used.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
[Arnout: remove now-unneeded comment in .mk file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libssh2 support mbedtls as crypto back-end library since version 1.8.0.
Default to mbedtls since it's smaller than either libgcrypt or openssl.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since 2f89476 (package/libgpg-error: bump to version 1.23), libssh2 has
inherited the dependency from libgcrypt (propagated from libgpg-error).
However, since libssh2 can use either openssl or libgcrypt as a backend,
the dependency should be relaxed when openssl is available.
But the test is broken and inverted: it will make libssh unavailable as
soon as openssl is enabled.
Fix this dependenc byt doing what other similar packages do: select
openssl if the other crypto backend (here libgcrypt) is not enabled.
This also allows us to drop the propagated dependency on the arch
condition.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Romain Naour <romain.naour@openwide.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch is based on a patch sent by Vicente Olivert Riera and commented by
Arnout Vandecappelle [1].
- Bump version to 1.23
- Add a hook to fix cross-compilation
- Fix license and license files
- Remove patch applied upstream
- Add a BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS variable
- Propagate the dependencies using that variable:
* package/cppcms
* package/crda
* package/gnupg2
- package/gcr
- package/midori
* package/kodi
* package/libaacs
* package/libassuan
* package/libgcrypt
* package/libgpgme
* package/libksba
* package/libmicrohttpd
- package/janus-gateway
- package/kodi
- package/ola
- package/systemd
* package/libssh
* package/libssh2
- package/php-ssh2
* package/netatalk
* package/network-manager
* package/ntfs-3g
* package/opkg
* package/php-gnupg
* package/rng-tools
* package/strongswan
* package/vpnc
[1] http://patchwork.ozlabs.org/patch/416427/
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- rebase on master
- changing systemd no longer needed, as it no longer selects
libgcrypt.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Maxime:
- rebase on master
- bump to new version
- propagate dependencies to missing packages]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- fix hash file.
- change the way to handle the various arch so that it works properly
for uClibc.
- add nios2 arch support.
- Maxime Hadjinlian learned some basic Emacs-fu to do the final fixups
of this commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
