[Buildroot] [PATCH 1/1] host-python: Really do not use the system OpenSSL.
Nicolas Cavallari
nicolas.cavallari at green-communications.fr
Thu Nov 17 15:06:49 UTC 2016
Even if buildroot patches host-python to not compile the 'ssl' module,
the '_ssl' and '_hashlib' module are still compiled if python detects
an usable OpenSSL installation. This may break compilation if the
system's OpenSSL has been updated to 1.1.0 because of a bug in python,
see https://bugs.python.org/issue26470 for details.
If python does not detect an usable openssl installation for _hashlib,
it uses internal implementation of common hash algorithms instead.
This modifies the configure.ac patch to also disable _ssl and _hashlib
if --disable-ssl is used.
It must also modify setup.py to force enabling the internal
implementation of hash algorithms if _hashlib is disabled, otherwise, if
an usable openssl installation is detected, it will not compile
them and python will end up with no hash algorithm implementation at all,
breaking host-python-pycrypto and its reverse-dependencies like crda.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
---
.../019-force-internal-hash-if-ssl-disabled.patch | 22 ++++++++++++++++++++++
package/python/111-optional-ssl.patch | 3 ++-
2 files changed, 24 insertions(+), 1 deletion(-)
create mode 100644 package/python/019-force-internal-hash-if-ssl-disabled.patch
Not sure if I should have added my signed off on 111-optional-ssl.patch
after modifying it.
diff --git a/package/python/019-force-internal-hash-if-ssl-disabled.patch b/package/python/019-force-internal-hash-if-ssl-disabled.patch
new file mode 100644
index 0000000..ff594ca
--- /dev/null
+++ b/package/python/019-force-internal-hash-if-ssl-disabled.patch
@@ -0,0 +1,22 @@
+Force the use of internal hash implementations if _hashlib is disabled.
+
+Otherwise, python ends up with no hash algorithm implementation at all,
+breaking python-pycrypto and its reverse-dependencies.
+
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
+
+--- a/setup.py 2016-11-16 18:02:01.120854546 +0100
++++ b/setup.py 2016-11-17 09:52:32.485674999 +0100
+@@ -863,6 +863,12 @@ class PyBuildExt(build_ext):
+ have_usable_openssl = (have_any_openssl and
+ openssl_ver >= min_openssl_ver)
+
++ if '_hashlib' in disabled_module_list:
++ # Force using the non-openssl fallbacks _md5 and _sha*.
++ have_any_openssl = False
++ have_usable_openssl = False
++ openssl_ver = 0
++
+ if have_any_openssl:
+ if have_usable_openssl:
+ # The _hashlib module wraps optimized implementations
diff --git a/package/python/111-optional-ssl.patch b/package/python/111-optional-ssl.patch
index 956d2a0..89a8947 100644
--- a/package/python/111-optional-ssl.patch
+++ b/package/python/111-optional-ssl.patch
@@ -1,6 +1,7 @@
Add an option to disable the ssl module
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
+Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
---
configure.in | 6 ++++++
@@ -17,7 +18,7 @@ Index: b/configure.ac
+AC_ARG_ENABLE(ssl,
+ AS_HELP_STRING([--disable-ssl], [disable SSL]),
+ [ if test "$enableval" = "no"; then
-+ DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} ssl"
++ DISABLED_EXTENSIONS="${DISABLED_EXTENSIONS} ssl _ssl _hashlib"
+ fi])
+
AC_ARG_ENABLE(dbm,
--
2.10.2
More information about the buildroot
mailing list