* [OE-core] [PATCH v4] gnutls: Added fips option.
@ 2022-05-24 1:28 Lei Maohui
2022-05-24 4:36 ` Alexander Kanavin
0 siblings, 1 reply; 4+ messages in thread
From: Lei Maohui @ 2022-05-24 1:28 UTC (permalink / raw)
To: openembedded-core; +Cc: Lei Maohui
- Added a patch to avoid excute fipshmac command. Because *.hmac
file should be created on target instead of on build environment.
- Added pkg_postinst_ontarget to make sure necessary files are
created on target.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
---
...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
new file mode 100644
index 0000000000..f4a2f0cd35
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
@@ -0,0 +1,28 @@
+From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@fujitsu.com>
+Date: Mon, 23 May 2022 10:44:43 +0900
+Subject: [PATCH] Creating .hmac file should be excuted in target environment,
+ so deleted it from build process.
+
+Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373]
+Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
+---
+ lib/Makefile.am | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index 0b43ef9..cf263f0 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac
+
+ all-local: $(hmac_files)
+
+-.libs/.gnutls.hmac: libgnutls.la fipshmac
+- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@
++.libs/.gnutls.hmac:
+
+ CLEANFILES = $(hmac_files)
+ endif
+--
+2.25.1
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
index 5feedb7fdc..b796494b8d 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
@@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
+ file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
"
SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad"
@@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2"
PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
+PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}"
EXTRA_OECONF = " \
--enable-doc \
@@ -59,10 +61,30 @@ do_configure:prepend() {
done
}
-PACKAGES =+ "${PN}-openssl ${PN}-xx"
+do_install:append:class-target() {
+ if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then
+ install -d ${D}${bindir}/bin
+ install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/
+ fi
+}
+
+PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips"
FILES:${PN}-dev += "${bindir}/gnutls-cli-debug"
FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*"
FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*"
+FILES:${PN}-fips = "${bindir}/fipshmac"
BBCLASSEXTEND = "native nativesdk"
+
+pkg_postinst_ontarget:${PN}-fips () {
+ if test -x ${bindir}/fipshmac
+ then
+ mkdir ${sysconfdir}/gnutls
+ touch ${sysconfdir}/gnutls/config
+ ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
+ ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac
+ ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac
+ ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
+ fi
+}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH v4] gnutls: Added fips option.
2022-05-24 1:28 [OE-core] [PATCH v4] gnutls: Added fips option Lei Maohui
@ 2022-05-24 4:36 ` Alexander Kanavin
2022-05-25 0:15 ` leimaohui
0 siblings, 1 reply; 4+ messages in thread
From: Alexander Kanavin @ 2022-05-24 4:36 UTC (permalink / raw)
To: leimaohui; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 5201 bytes --]
Please correct the upstream status to inappropriate, ‘submitted’ means the
patch was actually sent upstream, ‘inappropriate’ means the patch was not
submitted, but an issue was raised with upstream to find a solution.
Alex
On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com> wrote:
> - Added a patch to avoid excute fipshmac command. Because *.hmac
> file should be created on target instead of on build environment.
> - Added pkg_postinst_ontarget to make sure necessary files are
> created on target.
>
> Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
> ---
> ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++
> meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++-
> 2 files changed, 51 insertions(+), 1 deletion(-)
> create mode 100644
> meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
>
> diff --git
> a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> new file mode 100644
> index 0000000000..f4a2f0cd35
> --- /dev/null
> +++
> b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> @@ -0,0 +1,28 @@
> +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001
> +From: Lei Maohui <leimaohui@fujitsu.com>
> +Date: Mon, 23 May 2022 10:44:43 +0900
> +Subject: [PATCH] Creating .hmac file should be excuted in target
> environment,
> + so deleted it from build process.
> +
> +Upstream-Status: Submitted [
> https://gitlab.com/gnutls/gnutls/-/issues/1373]
> +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
> +---
> + lib/Makefile.am | 3 +--
> + 1 file changed, 1 insertion(+), 2 deletions(-)
> +
> +diff --git a/lib/Makefile.am b/lib/Makefile.am
> +index 0b43ef9..cf263f0 100644
> +--- a/lib/Makefile.am
> ++++ b/lib/Makefile.am
> +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac
> +
> + all-local: $(hmac_files)
> +
> +-.libs/.gnutls.hmac: libgnutls.la fipshmac
> +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@
> ++.libs/.gnutls.hmac:
> +
> + CLEANFILES = $(hmac_files)
> + endif
> +--
> +2.25.1
> diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> index 5feedb7fdc..b796494b8d 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> @@ -21,6 +21,7 @@ SHRT_VER =
> "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
>
> SRC_URI = "
> https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
> file://arm_eabi.patch \
> +
> file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
> "
>
> SRC_URI[sha256sum] =
> "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad"
> @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] =
> "--with-idn,--without-idn,libidn2"
> PACKAGECONFIG[libtasn1] =
> "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
> PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
> PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
> +PACKAGECONFIG[fips] = "--enable-fips140-mode
> --with-libdl-prefix=${STAGING_BASELIBDIR}"
>
> EXTRA_OECONF = " \
> --enable-doc \
> @@ -59,10 +61,30 @@ do_configure:prepend() {
> done
> }
>
> -PACKAGES =+ "${PN}-openssl ${PN}-xx"
> +do_install:append:class-target() {
> + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false',
> d)}; then
> + install -d ${D}${bindir}/bin
> + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/
> + fi
> +}
> +
> +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips"
>
> FILES:${PN}-dev += "${bindir}/gnutls-cli-debug"
> FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*"
> FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*"
> +FILES:${PN}-fips = "${bindir}/fipshmac"
>
> BBCLASSEXTEND = "native nativesdk"
> +
> +pkg_postinst_ontarget:${PN}-fips () {
> + if test -x ${bindir}/fipshmac
> + then
> + mkdir ${sysconfdir}/gnutls
> + touch ${sysconfdir}/gnutls/config
> + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* >
> ${libdir}/.libgnutls.so.30.hmac
> + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* >
> ${libdir}/.libnettle.so.8.hmac
> + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* >
> ${libdir}/.libgmp.so.10.hmac
> + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* >
> ${libdir}/.libhogweed.so.6.hmac
> + fi
> +}
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166043):
> https://lists.openembedded.org/g/openembedded-core/message/166043
> Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 7416 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [OE-core] [PATCH v4] gnutls: Added fips option.
2022-05-24 4:36 ` Alexander Kanavin
@ 2022-05-25 0:15 ` leimaohui
2022-05-25 3:21 ` Alexander Kanavin
0 siblings, 1 reply; 4+ messages in thread
From: leimaohui @ 2022-05-25 0:15 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 6052 bytes --]
Hi, Alex
I’m sorry, I think I got it, but it is better to confirm it with you.^-^
“Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373]”
Should be corrected to :
“Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373]”
Am I right?
Best regards
Lei
From: Alexander Kanavin <alex.kanavin@gmail.com>
Sent: Tuesday, May 24, 2022 12:37 PM
To: Lei, Maohui <leimaohui@fujitsu.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH v4] gnutls: Added fips option.
Please correct the upstream status to inappropriate, ‘submitted’ means the patch was actually sent upstream, ‘inappropriate’ means the patch was not submitted, but an issue was raised with upstream to find a solution.
Alex
On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>> wrote:
- Added a patch to avoid excute fipshmac command. Because *.hmac
file should be created on target instead of on build environment.
- Added pkg_postinst_ontarget to make sure necessary files are
created on target.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>>
---
...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++
meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> | 24 +++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
new file mode 100644
index 0000000000..f4a2f0cd35
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
@@ -0,0 +1,28 @@
+From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>>
+Date: Mon, 23 May 2022 10:44:43 +0900
+Subject: [PATCH] Creating .hmac file should be excuted in target environment,
+ so deleted it from build process.
+
+Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373]
+Signed-off-by: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>>
+---
+ lib/Makefile.am | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index 0b43ef9..cf263f0 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac
+
+ all-local: $(hmac_files)
+
+-.libs/.gnutls.hmac: libgnutls.la<http://libgnutls.la> fipshmac
+- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@
++.libs/.gnutls.hmac:
+
+ CLEANFILES = $(hmac_files)
+ endif
+--
+2.25.1
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> b/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb>
index 5feedb7fdc..b796494b8d 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb>
+++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb>
@@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}<mailto:$%7b@d.getVar('PV').split('.')[0]%7d.$%7b@d.getVar('PV').split('.')[1]%7d>"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz<https://www.gnupg.org/ftp/gcrypt/gnutls/v$%7BSHRT_VER%7D/gnutls-$%7BPV%7D.tar.xz> \
file://arm_eabi.patch \
+ file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
"
SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad"
@@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2"
PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
+PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}"
EXTRA_OECONF = " \
--enable-doc \
@@ -59,10 +61,30 @@ do_configure:prepend() {
done
}
-PACKAGES =+ "${PN}-openssl ${PN}-xx"
+do_install:append:class-target() {
+ if ${@bb.utils.contains('PACKAGECONFIG<mailto:$%7b@bb.utils.contains('PACKAGECONFIG>', 'fips', 'true', 'false', d)}; then
+ install -d ${D}${bindir}/bin
+ install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/
+ fi
+}
+
+PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips"
FILES:${PN}-dev += "${bindir}/gnutls-cli-debug"
FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*"
FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*"
+FILES:${PN}-fips = "${bindir}/fipshmac"
BBCLASSEXTEND = "native nativesdk"
+
+pkg_postinst_ontarget:${PN}-fips () {
+ if test -x ${bindir}/fipshmac
+ then
+ mkdir ${sysconfdir}/gnutls
+ touch ${sysconfdir}/gnutls/config
+ ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
+ ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac
+ ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac
+ ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac
+ fi
+}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166043): https://lists.openembedded.org/g/openembedded-core/message/166043
Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489
Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org>
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com<mailto:alex.kanavin@gmail.com>]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 12648 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH v4] gnutls: Added fips option.
2022-05-25 0:15 ` leimaohui
@ 2022-05-25 3:21 ` Alexander Kanavin
0 siblings, 0 replies; 4+ messages in thread
From: Alexander Kanavin @ 2022-05-25 3:21 UTC (permalink / raw)
To: leimaohui; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 6021 bytes --]
Yes please, that is correct.
Alex
On Wed 25. May 2022 at 2.15, leimaohui@fujitsu.com <leimaohui@fujitsu.com>
wrote:
> Hi, Alex
>
>
>
> I’m sorry, I think I got it, but it is better to confirm it with you.^-^
>
>
>
> “Upstream-Status: Submitted [
> https://gitlab.com/gnutls/gnutls/-/issues/1373]”
>
> Should be corrected to :
>
> “Upstream-Status: Inappropriate [
> https://gitlab.com/gnutls/gnutls/-/issues/1373]”
>
>
>
> Am I right?
>
>
>
> Best regards
>
> Lei
>
>
>
>
>
> *From:* Alexander Kanavin <alex.kanavin@gmail.com>
> *Sent:* Tuesday, May 24, 2022 12:37 PM
> *To:* Lei, Maohui <leimaohui@fujitsu.com>
> *Cc:* openembedded-core@lists.openembedded.org
> *Subject:* Re: [OE-core] [PATCH v4] gnutls: Added fips option.
>
>
>
> Please correct the upstream status to inappropriate, ‘submitted’ means
> the patch was actually sent upstream, ‘inappropriate’ means the patch was
> not submitted, but an issue was raised with upstream to find a solution.
>
>
>
> Alex
>
>
>
> On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com> wrote:
>
> - Added a patch to avoid excute fipshmac command. Because *.hmac
> file should be created on target instead of on build environment.
> - Added pkg_postinst_ontarget to make sure necessary files are
> created on target.
>
> Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
> ---
> ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++
> meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++-
> 2 files changed, 51 insertions(+), 1 deletion(-)
> create mode 100644
> meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
>
> diff --git
> a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> new file mode 100644
> index 0000000000..f4a2f0cd35
> --- /dev/null
> +++
> b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch
> @@ -0,0 +1,28 @@
> +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001
> +From: Lei Maohui <leimaohui@fujitsu.com>
> +Date: Mon, 23 May 2022 10:44:43 +0900
> +Subject: [PATCH] Creating .hmac file should be excuted in target
> environment,
> + so deleted it from build process.
> +
> +Upstream-Status: Submitted [
> https://gitlab.com/gnutls/gnutls/-/issues/1373]
> +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
> +---
> + lib/Makefile.am | 3 +--
> + 1 file changed, 1 insertion(+), 2 deletions(-)
> +
> +diff --git a/lib/Makefile.am b/lib/Makefile.am
> +index 0b43ef9..cf263f0 100644
> +--- a/lib/Makefile.am
> ++++ b/lib/Makefile.am
> +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac
> +
> + all-local: $(hmac_files)
> +
> +-.libs/.gnutls.hmac: libgnutls.la fipshmac
> +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@
> ++.libs/.gnutls.hmac:
> +
> + CLEANFILES = $(hmac_files)
> + endif
> +--
> +2.25.1
> diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> index 5feedb7fdc..b796494b8d 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb
> @@ -21,6 +21,7 @@ SHRT_VER = "
> ${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
>
> SRC_URI = "
> https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
> file://arm_eabi.patch \
> +
> file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
> "
>
> SRC_URI[sha256sum] =
> "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad"
> @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] =
> "--with-idn,--without-idn,libidn2"
> PACKAGECONFIG[libtasn1] =
> "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
> PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
> PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
> +PACKAGECONFIG[fips] = "--enable-fips140-mode
> --with-libdl-prefix=${STAGING_BASELIBDIR}"
>
> EXTRA_OECONF = " \
> --enable-doc \
> @@ -59,10 +61,30 @@ do_configure:prepend() {
> done
> }
>
> -PACKAGES =+ "${PN}-openssl ${PN}-xx"
> +do_install:append:class-target() {
> + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true',
> 'false', d)}; then
> + install -d ${D}${bindir}/bin
> + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/
> + fi
> +}
> +
> +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips"
>
> FILES:${PN}-dev += "${bindir}/gnutls-cli-debug"
> FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*"
> FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*"
> +FILES:${PN}-fips = "${bindir}/fipshmac"
>
> BBCLASSEXTEND = "native nativesdk"
> +
> +pkg_postinst_ontarget:${PN}-fips () {
> + if test -x ${bindir}/fipshmac
> + then
> + mkdir ${sysconfdir}/gnutls
> + touch ${sysconfdir}/gnutls/config
> + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* >
> ${libdir}/.libgnutls.so.30.hmac
> + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* >
> ${libdir}/.libnettle.so.8.hmac
> + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* >
> ${libdir}/.libgmp.so.10.hmac
> + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* >
> ${libdir}/.libhogweed.so.6.hmac
> + fi
> +}
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#166043):
> https://lists.openembedded.org/g/openembedded-core/message/166043
> Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 12504 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-25 3:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-24 1:28 [OE-core] [PATCH v4] gnutls: Added fips option Lei Maohui
2022-05-24 4:36 ` Alexander Kanavin
2022-05-25 0:15 ` leimaohui
2022-05-25 3:21 ` Alexander Kanavin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.