How can I replace OpenSSL package in Yocto?

Question

I would like to replace a default package in Yocto. Specifically, I would like to replace OpenSSL.

I used IMAGE_INSTALL_remove, and I added PREFERRED_PROVIDER_virtual/openssl=<my version>. But for some reason, the original openssl keeps getting built and used by other recipes.

How can I get my build of openssl to be the default provider for all the system?

Answer 1

Well, there's really no global selection of SSL-provider in Yocto.

You'll have to look at which recipes drags in openssl, and check if they support switching to gnutls (or whatever you want to use) instead.

If we take a look at curl_7.37.1.bb:

PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls zlib"
PACKAGECONFIG_class-native = "ipv6 ssl zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 ssl zlib"

PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[ssl] = "--with-ssl,--without-ssl,openssl"
PACKAGECONFIG[gnutls] = "--with-gnutls=${STAGING_LIBDIR}/../,--without-gnutls,gnutls"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"

You'll see that curl supports both gnutls and openssl. In this particular case, the default is to use gnutls for target builds, and openssl for native (host) builds. This can be determined from the first three lines in the code snippet.

Thus, had you wanted to change curl to use openssl for your target builds, you should have replaced gnutls with ssl in the first PACKAGECONFIG ??= "......" line.

Quite a few recipes has gotten this kind of support, though the default varies between them. Thus, you'll have to check exactly which recipes in your image drags in openssl, and reconfigure them (if possible).