From d4a94d79660354b949e1d2721b191fa96e53d703 Mon Sep 17 00:00:00 2001
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Date: Wed, 20 Sep 2023 16:33:41 +0200
Subject: [PATCH] signing.bbclass: don't export OPENSSL environment variables
 globally

OPENSSL_{MODULES,ENGINES,CONF} and SSL_CERT_{DIR,FILE} are currently
exported globally for any recipe that inherits signing. This not only
affects the tasks that use the signing infrastructure, but also unrelated
tasks like e.g. do_fetch. Avoid this by exporting the variables only
for these tasks that actually call signing_prepare.

This resolves a breakage I observed on Ubuntu 18.04, where the host
tool wget is called with the environment variables set and then fails
with a SSL error (exit code 5).

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4ad790c7334b02d6d150285a952d84a02645773f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/classes/signing.bbclass | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta-oe/classes/signing.bbclass b/meta-oe/classes/signing.bbclass
index 5c74a319e4..79944e3fe9 100644
--- a/meta-oe/classes/signing.bbclass
+++ b/meta-oe/classes/signing.bbclass
@@ -224,6 +224,12 @@ signing_import_install() {
 }
 
 signing_prepare() {
+    export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+    export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
+    export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
+    export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
+    export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"
+
     if [ -f ${OPENSSL_CONF} ]; then
         echo "Using '${OPENSSL_CONF}' for OpenSSL configuration"
     else
@@ -308,9 +314,3 @@ signing_get_module() {
 python () {
     signing_class_prepare(d)
 }
-
-export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
-export OPENSSL_ENGINES="${STAGING_LIBDIR_NATIVE}/engines-3"
-export OPENSSL_CONF="${STAGING_LIBDIR_NATIVE}/ssl-3/openssl.cnf"
-export SSL_CERT_DIR="${STAGING_LIBDIR_NATIVE}/ssl-3/certs"
-export SSL_CERT_FILE="${STAGING_LIBDIR_NATIVE}/ssl-3/cert.pem"