Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 663648 - <app-crypt/sbsigntools-0.9.1-r1 hard dependency on dev-libs/openssl
Summary: <app-crypt/sbsigntools-0.9.1-r1 hard dependency on dev-libs/openssl
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Matthias Maier
Depends on:
Blocks: libressl-support
  Show dependency tree
Reported: 2018-08-14 23:32 UTC by Erik
Modified: 2019-06-30 15:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Fix (libressl.patch,705 bytes, patch)
2018-09-28 14:03 UTC, TSM
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Erik 2018-08-14 23:32:40 UTC
so, I've masked version 0.9.1-r1 as it didn't compile for me either way.

with that said, sbsigntools-0.6-r2 with the RDEPENDS set to

        || ( dev-libs/openssl:0= dev-libs/libressl:0= )

doesn't seem to complain. Is there a reason why it hard depends on openssl?

I'm not really using this thing just yet, but today's problem is convincing my @world to not hard depend on openssl & this was one of the last pieces of the puzzle.
Comment 1 Andreas Sturmlechner gentoo-dev 2018-08-15 10:15:39 UTC
(In reply to Erik from comment #0)
> so, I've masked version 0.9.1-r1 as it didn't compile for me either way.
Please submit a bug for this, or use this one.
Comment 2 TSM 2018-08-29 17:27:52 UTC
Should we add it to as a dependency?
Comment 3 TSM 2018-09-28 14:03:01 UTC
Created attachment 548112 [details, diff]

I've edited ebuild to depend on libressl instead of openssl and to use only this patch, added it to local overlay, merged the package and tried to sign kernel with it and boot it. Everything went flawlessly... except for a few warnings during the signing process, but I don't think they are relevant:
Comment 4 Matthias Maier gentoo-dev 2019-06-30 15:49:52 UTC
The attached patch will break regular openssl support. Would you mind guarding the defines in a compatible manner?