Break the circular dependencies with curl, openssl, git

Building the chroot environment from sources using
"--bootstrap" currently runs into a circular dependency:

curl->openssl->git->curl

The openssl->git dependency comes indirectly from the fact
that the current version of openssl uses the "cros-workon"
ebuild package to assist in applying packages.  The ebuild
system automatically and silently resolves this circular
dependency by reverting the openssl library to an earlier
version that does not use cros-workon based patching.
Unfortunately this older version of openssl has a bug that
causes it not to work when doing builds in a firewalled
environment:  When curl (using this older version of openssl
library) attempts to fetch an "https" url, it authenticates
the target server against a bundle of certificate-authority
certificates it maintains.  Finding the certificate fails
(although the validation succeeds if curl is told explicitly
what certificate to use).  With the certificate not-found,
server authentication fails, the curl download fails, and
the build ultimately fails.

This patch breaks the circular dependency, allowing a
more-current version of openssl to be used in curl, making
the above build scenario work in a firewalled environment.
The circularity is broken by first building git without curl
support (and webdav that depends on curl).  Then early
toolchain components up through and including curl are
built.  This build of curl then uses a more up-to-date
version of openssl with the desired bug-fix.  Once curl is
built, then git is re-built and re-installed with the
now-installed version of curl (re-)enabled.

BUG=None
TEST=create chroot with --bootstrap ; build_packages (behind firewall)

Change-Id: Iaa560fdb6623fcb73cde066a3b2bc2a342169c62
Reviewed-on: https://gerrit.chromium.org/gerrit/34292
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: paul drews <paul.drews@intel.com>
Tested-by: paul drews <paul.drews@intel.com>
This commit is contained in:
Paul Drews 2012-10-10 11:18:13 -07:00 committed by Gerrit
parent 8ad01c5e9a
commit 8bae3b5667

View File

@ -423,6 +423,16 @@ sudo sh -c "echo STAGE3=$STAGE3 > $CHROOT_STATE"
info "Updating portage"
early_enter_chroot emerge -uNv --quiet portage
# Packages that inherit cros-workon commonly get a circular dependency
# curl->openssl->git->curl that is broken by emerging an early version of git
# without curl (and webdav that depends on it).
need_git_rebuild=${FLAGS_FALSE}
if [[ ! -e "${FLAGS_chroot}/usr/bin/git" ]]; then
need_git_rebuild=${FLAGS_TRUE}
info "Updating early git"
USE="-curl -webdav" early_enter_chroot emerge -uNv $USEPKG dev-vcs/git
fi
info "Updating host toolchain"
early_enter_chroot emerge -uNv --quiet crossdev
TOOLCHAIN_ARGS=( --deleteold )
@ -440,7 +450,13 @@ early_enter_chroot $EMERGE_CMD --deselect dhcpcd
info "Running emerge curl sudo ..."
early_enter_chroot $EMERGE_CMD -uNv $USEPKG --select $EMERGE_JOBS \
pbzip2 net-misc/curl sudo
pbzip2 dev-libs/openssl net-misc/curl sudo
if [[ ${need_git_rebuild} -eq ${FLAGS_TRUE} ]]; then
# (Re-)emerge the full version of git, without preventing curl.
info "Updating full verison of git"
early_enter_chroot emerge -uNv $USEPKG dev-vcs/git
fi
if [ -n "${INITIALIZE_CHROOT}" ]; then
# If we're creating a new chroot, we also want to set it to the latest