summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorKhem Raj <raj.khem@gmail.com>2019-09-17 11:49:47 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-09-18 12:08:56 +0100
commit8b4edb8552b238680d8dcef565e830a8e28a223c (patch)
tree6789cd917e9fe46b451f0712b7252d08ddc12998 /meta
parent8c39aa80e3624a225abfa76d459b6ce4da259b64 (diff)
downloadopenembedded-core-8b4edb8552b238680d8dcef565e830a8e28a223c.tar.gz
openembedded-core-8b4edb8552b238680d8dcef565e830a8e28a223c.tar.bz2
openembedded-core-8b4edb8552b238680d8dcef565e830a8e28a223c.zip
openssl: Enable os option for with-rand-seed as well
with openSSL 1.1.1d we start seeing errors like Error Generating Key 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342: when using openssl from openssl-native on build hosts, this is due to limiting the random seed to devrandom, to support older hosts, since the option allows to have a comma separated list of methods to try, we can try the default first and if that fails then fallback to devrandom, this will ensure that it keeps working with build systems which dont support getrandom() Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Adrian Bunk <bunk@stusta.de> Cc: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1d.bb6
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 080d1a8bb7..072f727e0b 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -43,10 +43,10 @@ do_configure[cleandirs] = "${B}"
EXTRA_OECONF_append_libc-musl = " no-async"
EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-# This prevents openssl from using getrandom() which is not available on older glibc versions
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"