[PATCH] package: openssl: Enable built engines per default

Florian Eckert fe at dev.tdt.de
Tue Apr 27 07:13:18 BST 2021


Hello Eneas

>> How about if we create a uci default script and check on the running
>> system what is installed?
>> And then we could generate a file and add or remove an include line 
>> form
>> the openssl.cnf [1]?
> 
> Hi Florian, Daniel
> 
> I think we can manage something like that.  The .include option can
> load all files in a directory (/etc/ssl/engines.d/), and won't fail if
> there aren't any files--the directory itself must exist.  Each engine
> package can install its own file there, ahd have a post-install script
> that adds a line to an "engines.cnf" file if there isn't any:
> 
> add_engine() {
> # $1 = engine name (engine .so file without the .so extension)
>     grep -q "$1=$1" /etc/ssl/engines.d/engines.cnf && return
>     echo "$1=$1" >> /etc/ssl/engines.d/engines.cnf
> }
> 
> /etc/ssl/engines.d/engines.cnf would start out with just the [engines]
> header and some comments explaining its use and warning not to edit
> something that would break things.
> 
> What do you think?

The plan sounds good :+1:

> 
> Cheers,
> 
> Eneas



More information about the openwrt-devel mailing list