mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-07 13:06:59 +02:00
Break the circular dependencies with curl, openssl, git
Building the chroot environment from sources using "--bootstrap" currently runs into a circular dependency: curl->openssl->git->curl The openssl->git dependency comes indirectly from the fact that the current version of openssl uses the "cros-workon" ebuild package to assist in applying packages. The ebuild system automatically and silently resolves this circular dependency by reverting the openssl library to an earlier version that does not use cros-workon based patching. Unfortunately this older version of openssl has a bug that causes it not to work when doing builds in a firewalled environment: When curl (using this older version of openssl library) attempts to fetch an "https" url, it authenticates the target server against a bundle of certificate-authority certificates it maintains. Finding the certificate fails (although the validation succeeds if curl is told explicitly what certificate to use). With the certificate not-found, server authentication fails, the curl download fails, and the build ultimately fails. This patch breaks the circular dependency, allowing a more-current version of openssl to be used in curl, making the above build scenario work in a firewalled environment. The circularity is broken by first building git without curl support (and webdav that depends on curl). Then early toolchain components up through and including curl are built. This build of curl then uses a more up-to-date version of openssl with the desired bug-fix. Once curl is built, then git is re-built and re-installed with the now-installed version of curl (re-)enabled. BUG=None TEST=create chroot with --bootstrap ; build_packages (behind firewall) Change-Id: Iaa560fdb6623fcb73cde066a3b2bc2a342169c62 Reviewed-on: https://gerrit.chromium.org/gerrit/34292 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: paul drews <paul.drews@intel.com> Tested-by: paul drews <paul.drews@intel.com>
This commit is contained in:
parent
8ad01c5e9a
commit
8bae3b5667
@ -423,6 +423,16 @@ sudo sh -c "echo STAGE3=$STAGE3 > $CHROOT_STATE"
|
||||
info "Updating portage"
|
||||
early_enter_chroot emerge -uNv --quiet portage
|
||||
|
||||
# Packages that inherit cros-workon commonly get a circular dependency
|
||||
# curl->openssl->git->curl that is broken by emerging an early version of git
|
||||
# without curl (and webdav that depends on it).
|
||||
need_git_rebuild=${FLAGS_FALSE}
|
||||
if [[ ! -e "${FLAGS_chroot}/usr/bin/git" ]]; then
|
||||
need_git_rebuild=${FLAGS_TRUE}
|
||||
info "Updating early git"
|
||||
USE="-curl -webdav" early_enter_chroot emerge -uNv $USEPKG dev-vcs/git
|
||||
fi
|
||||
|
||||
info "Updating host toolchain"
|
||||
early_enter_chroot emerge -uNv --quiet crossdev
|
||||
TOOLCHAIN_ARGS=( --deleteold )
|
||||
@ -440,7 +450,13 @@ early_enter_chroot $EMERGE_CMD --deselect dhcpcd
|
||||
|
||||
info "Running emerge curl sudo ..."
|
||||
early_enter_chroot $EMERGE_CMD -uNv $USEPKG --select $EMERGE_JOBS \
|
||||
pbzip2 net-misc/curl sudo
|
||||
pbzip2 dev-libs/openssl net-misc/curl sudo
|
||||
|
||||
if [[ ${need_git_rebuild} -eq ${FLAGS_TRUE} ]]; then
|
||||
# (Re-)emerge the full version of git, without preventing curl.
|
||||
info "Updating full verison of git"
|
||||
early_enter_chroot emerge -uNv $USEPKG dev-vcs/git
|
||||
fi
|
||||
|
||||
if [ -n "${INITIALIZE_CHROOT}" ]; then
|
||||
# If we're creating a new chroot, we also want to set it to the latest
|
||||
|
Loading…
Reference in New Issue
Block a user