[Buildroot] [PATCH 1/1] host-python: Really do not use the system OpenSSL.

Arnout Vandecappelle arnout at mind.be
Sat Nov 19 16:43:37 UTC 2016



On 19-11-16 16:56, Nicolas Cavallari wrote:
> On 19/11/2016 13:02, Arnout Vandecappelle wrote:
>>
>>
>> On 17-11-16 16:06, Nicolas Cavallari wrote:
>>> Even if buildroot patches host-python to not compile the 'ssl' module,
>>> the '_ssl' and '_hashlib' module are still compiled if python detects
>>> an usable OpenSSL installation.  This may break compilation if the
>>> system's OpenSSL has been updated to 1.1.0 because of a bug in python,
>>> see https://bugs.python.org/issue26470 for details.
>>>
>>> If python does not detect an usable openssl installation for _hashlib,
>>> it uses internal implementation of common hash algorithms instead.
>>>
>>> This modifies the configure.ac patch to also disable _ssl and _hashlib
>>> if --disable-ssl is used.
>>>
>>> It must also modify setup.py to force enabling the internal
>>> implementation of hash algorithms if _hashlib is disabled, otherwise, if
>>> an usable openssl installation is detected, it will not compile
>>> them and python will end up with no hash algorithm implementation at all,
>>> breaking host-python-pycrypto and its reverse-dependencies like crda.
>>>
>>> Signed-off-by: Nicolas Cavallari <nicolas.cavallari at green-communications.fr>
>>
>>  I'm facing this problem as well: host-python doesn't build anymore on my machine.
>>
>> Tested-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
>>
>>
>>  However, I wonder if this is the right approach. For me, it makes more sense to
>> fix patch 111 by modifying setup.py in the same patch, so that the entire ssl
>> detection is skipped if the ssl module is disabled. Something like:
> 
> I was trying to minimize the amount of lines changed. I assume this
> patch is not going to be applied upstream.

 I don't see a reason why not, it adds an enable/disable option to the set they
already have. Thomas, did you ever try to send it upstream?

 By the way, any idea why we don't have this for python3? setup.py seems to be
identical...


> Reindenting the whole openssl detection code would create a big patch
> that could easily break with later versions. Not sure if this is wanted.

 Well, the patch should be upstreamed :-) With this change, there is actually a
good reason to upstream it, because the ssl detection is broken for
cross-compilation when system-ssl is installed in /usr/local/ssl, so the
--disable-ssl configure option is a way to get out of that.


 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF



More information about the buildroot mailing list