Libustream-wolfssl clashing with libustream-openssl

Master has seen the switch to WolfSSL as default encryption lib for both wpad and LuCI now. I am building with TARGET_PER_DEVICE_ROOTFS - this allows me a lot of flexibility as to what packages to include or exclude). However, that seems to be choking my build ever since WolfSSL was made default. libustream-wolfssl is something I'm unable to strip, because it's hardwired. I can build it as a module but the buildroot keeps trying to install it into the image. It shows as {M} which means I cannot remove it since it will be pulled into the image, I suspect because of the PER_DEVICE_ROOTFS setting:

Selected by [m]:                                                                                                                      
  - MODULE_DEFAULT_libustream-wolfssl [=y] && TARGET_PER_DEVICE_ROOTFS [=y] && m && MODULES [=y]

I'm relying on OpenSSL for wpad and LuCI and that worked just fine until WolfSSL got pushed for both (entirely understandable; OpenSSL hogs space).

I have tried stripping libwolfssl and libustream-wolfssl with and without the digit suffixes (since their package names as they appear in make menuconfig don't contain the digits), but it keeps breaking:


Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for libustream-wolfssl20200215:
 * 	libwolfssl24
 * opkg_install_cmd: Cannot install package libustream-wolfssl20200215.

This is how the relevant bits of my configuration look:

$ ./scripts/diffconfig.sh |egrep -i "wolfssl|openssl"
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_asus_rt-ac57u="kmod-usb-net-rndis -libustream-wolfssl20200215 -libwolfssl24 unbound-anchor -wpad-basic-wolfssl"
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_dlink_dir-860l-b1="kmod-usb-net-rndis -libustream-wolfssl20200215 -libwolfssl24 unbound-anchor -wpad-basic-wolfssl"
CONFIG_TARGET_DEVICE_PACKAGES_ramips_mt7621_DEVICE_dlink_dir-878-a1="-libustream-wolfssl20200215 -libwolfssl24 unbound-anchor -wpad-basic-wolfssl"
CONFIG_LIBCURL_OPENSSL=y
CONFIG_OPENSSL_ENGINE=y
CONFIG_OPENSSL_OPTIMIZE_SPEED=y
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y
CONFIG_OPENSSL_WITH_ASM=y
CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y
CONFIG_OPENSSL_WITH_CMS=y
CONFIG_OPENSSL_WITH_DEPRECATED=y
CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y
CONFIG_OPENSSL_WITH_NPN=y
CONFIG_OPENSSL_WITH_PSK=y
CONFIG_OPENSSL_WITH_SRP=y
CONFIG_OPENSSL_WITH_TLS13=y
CONFIG_PACKAGE_libopenssl=y
CONFIG_PACKAGE_libopenssl-conf=y
CONFIG_PACKAGE_libopenssl-devcrypto=y
CONFIG_PACKAGE_libustream-openssl=y
CONFIG_PACKAGE_libustream-wolfssl=m
CONFIG_PACKAGE_libwolfssl=m
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_openssl-util=y
CONFIG_PACKAGE_wpa-supplicant-openssl=m
CONFIG_PACKAGE_wpad-basic-wolfssl=m
CONFIG_PACKAGE_wpad-openssl=y
1 Like
[…]
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_tplink_tl-wdr3600-v1="slh-misc-8m slh-misc-qos -libustream-wolfssl -wpad-basic -wpad-mini -wpad wpad-openssl -wpad-basic-wolfssl"
[…]
### WLAN support
CONFIG_PACKAGE_wpad=m
CONFIG_PACKAGE_wpad-basic=m
CONFIG_PACKAGE_wpad-mini=m
CONFIG_PACKAGE_wpad-openssl=m

CONFIG_PACKAGE_wpad-basic-wolfssl=m
CONFIG_PACKAGE_wpad-wolfssl=m

CONFIG_WPA_SUPPLICANT_INTERNAL=y
CONFIG_WPA_RFKILL_SUPPORT=y

### ustream
CONFIG_libustream-wolfssl=m
[…]

works for me (I'm not really happy about this procedure and consider adding a local patch reverting the wolfssl as default additions, but it does the job).

2 Likes

I stumbled into the same with my WNDR3700v1/v2/3800 community build, which is based on pure OpenSSL.

To my knowledge, the packages with "m" do not get pulled into the image, but you may need to exclude them per device in the multi-device PER_DEVICE_ROOTFS scenario if they are default packages for the device.

Currently I have this:
Note the "-" starting definitions on the device packages lines:

CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_generic=y
CONFIG_TARGET_MULTI_PROFILE=y
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_netgear_wndr3700=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_netgear_wndr3700="-wpad-basic-wolfssl -libustream-wolfssl -libwolfssl"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_netgear_wndr3700-v2=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_netgear_wndr3700-v2="-wpad-basic-wolfssl -libustream-wolfssl -libwolfssl patch diffutils"
CONFIG_TARGET_DEVICE_ath79_generic_DEVICE_netgear_wndr3800=y
CONFIG_TARGET_DEVICE_PACKAGES_ath79_generic_DEVICE_netgear_wndr3800="-wpad-basic-wolfssl -libustream-wolfssl -libwolfssl patch diffutils"

CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
# CONFIG_PACKAGE_libustream-wolfssl is not set
# CONFIG_PACKAGE_libwolfssl is not set

CONFIG_PACKAGE_luci-ssl-openssl=y

Ps. LuCI pulls in libustream-openssl, so I do not specify that separately.

2 Likes

They do when they're {M} and not [M]. Notice the curly brackets. That means you cannot deselect a package completely not only because it's a dependency for another package but also that it will get included into the image.

@slh I already tried stripping in the package list (see first post), but that somehow does not work. I'm stripping wpad-basic-openssl by default, I explicitly added the libustream-wolfssl and libwolfssl package as well today because of the libustream clashing. But no dice so far.

I am considering stripping those dependencies as well.

1 Like

Like I said, the packages do not get into my own image. The exclusion works, as the packages are still "m" and are built, but they are excluded from the final device images.

This is from my ath79/WNDR3700v2 built with the above exclusion.

 OpenWrt SNAPSHOT, r14389-920d975cab
 -----------------------------------------------------

root@router2:~# opkg list-installed | grep openssl
libopenssl-conf - 1.1.1g-1
libopenssl1.1 - 1.1.1g-1
libustream-openssl20200215 - 2020-03-13-5e1bc342-1
luci-ssl-openssl - git-19.281.23348-e459683
openssl-util - 1.1.1g-1
wpad-openssl - 2020-06-08-5a8b3662-4

root@router2:~# opkg list-installed | grep mbed

root@router2:~# opkg list-installed | grep wolf

I know how it works... And again, the curly brackets imply they'll be in final images unless you strip them with the per device packages string. And I'm telling you it's choking over here, despite my trying to strip them.

1 Like

A wipe seems to have fixed my master build issues as well.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.