Hello, I'm not really a developer, but I do build my openwrt from source on a regular basis. I think questions about building belong in this subforum.
One of my target is a "tiny" Atheros, so every byte counts. Example: I recently had to give up curl because of image space.
Over time, I have added and removed packages in menuconfig, and now I noticed my personal config has both openssl and wolfssl. One of the two could be unneeded. Are they interchangeable? How do I go about removing one of them without leaving orphaned packages?
You should look at the output of scripts/diffconfig.sh that shows the package and settings You currently have. Take that as new .config and edit it and delete the unknown package lines and leave only those that you have actively selected. Then run make defconfig . That will fetch all needed dependencies and you will again have a normal .config file.
You may also need to select the package options suitably that you select the openssl variant of a package. Some packages have mbedssl as s default. E.g. ustreamtls for Luci https.
I have been tweaking my own build to be openssl-only, so there is no mbedtls or wolfssl
It seems that the order of adding packages can impact later additions bringing in other TLS libraries, so I typically will add OpenSSL first, then things that use TLS. Adding OpenSSL after, for example, wolfssl has been brought in by curl or the like, won't remove wolfssl from the build.
It seems that the order of adding packages can impact later additions bringing in other TLS libraries, so I typically will add OpenSSL first, then things that use TLS. Adding OpenSSL after, for example, wolfssl has been brought in by curl or the like, won't remove wolfssl from the build.
Interesting... so if one wanted to completely remove openssl from the build to use 100% wolfssl stuff:
make menuconfig
### from the menuconfig disable wpad-openssl and enable wpad-wolfssl
./scripts/diffconfig.sh > new
vim new
### edit new removing all lines containing OPENSSL and place all lines containing WOLFSSL on top
mv new .config
make defconfig
That seems to have the desired effect. Here is a diff (new config on left and old config on right).
You make sure to negate the unwanted library if that is default, and make sure that you specify the correct variant of those packages that support multiple ssl libraries. (curl, luci, wpad, ustreamssl, etc.)
My own selections in my .config recipe to disable wolfssl and enable openssl:
CONFIG_PACKAGE_wpad-openssl=y
# CONFIG_PACKAGE_wpad-basic-wolfssl is not set
# CONFIG_PACKAGE_libustream-wolfssl is not set
CONFIG_PACKAGE_luci-ssl-openssl=y
CONFIG_PACKAGE_curl=y
CONFIG_LIBCURL_OPENSSL=y
(luci-ssl-openssl pull in libustream-openssl, so I do not specify that)
How about mbedtls? It seems to be default at least for some packages.
It's 1 indeed
I like @hnyman's way because I can make sure visually and quickly (in a small config seed rather than a longer .config file) that I'm clean of other openssl variants. What do you mean, editing in menuconfig creates a clean .config file? It's more or less like just specifying a target and making defconfig, did I get it right? I suppose (correct me if I'm wrong) that it won't exclude "wrong" variants of some packages if they are already in the .config.
You can easily add packages with menuconfig, but there is no detection logic of unnecessary dependent packages. If package A depends on B, and you switch A to variant that requires C instead, B remains selected
Thatswhy I arrived a few years ago to the solution, where I only keep the .config recipe with the packages I need, and then before build expand if to the full .config with "make defconfig" that pulls in all the necessary dependencies. But I still need to exclude the unwanted default variants in some cases, like my example above shows.
Nice! Thanks. That's what I'm going to do as well. I just got to go through the full .config files (it's more than one device actually), reduce to a seed, make defconfig, diff until no difference.
I think this topic is ripe for marking solved. I'm just going to wait a few days just in case some related discussion ensues.
Thanks for all the useful contributions. Your help is appreciated, @hnyman, @jeff, @darksky!
EDIT Is there a way to make a recipe (I call it "seed": a minimal config to be expanded by make defconfig) that excludes some packages? In other words, will including a line like
CONFIG_PACKAGE_unwanted_package is not set
(without a comment) make sure that package is not linked in?