[meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Robert Joslyn]

Add various PACKAGECONFIG options, keeping the default options enabled.
---
 .../cryptsetup/cryptsetup_2.1.0.bb            | 51 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 2 deletions(-)

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
index cf1d22242..51cecf5d2 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
@@ -9,7 +9,12 @@ SECTION = "console"
 LICENSE = "GPL-2.0-with-OpenSSL-exception"
 LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
 
-DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
+DEPENDS = " \
+    json-c \
+    libdevmapper \
+    popt \
+    util-linux \
+"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
 SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
@@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
 
 # Use openssl because libgcrypt drops root privileges
 # if libgcrypt is linked with libcap support
-PACKAGECONFIG ??= "openssl"
+PACKAGECONFIG ??= " \
+    keyring \
+    cryptsetup \
+    veritysetup \
+    cryptsetup-reencrypt \
+    integritysetup \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
+    udev \
+    kernel_crypto \
+    internal-argon2 \
+    blkid \
+    luks-adjust-xts-keysize \
+    openssl \
+"
+
+PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
+PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
+PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
+PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
+PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
+PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
+PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
+PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
+PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
+# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
+# recognized.
+PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
+PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
+PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
+PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
+PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
+PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
 PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
 PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
+PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
+PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
 
 RRECOMMENDS_${PN} = "kernel-module-aes-generic \
                      kernel-module-dm-crypt \
@@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \
 "
 
 EXTRA_OECONF = "--enable-static"
+# Building without largefile is not supported by upstream
+EXTRA_OECONF += "--enable-largefile"
+# Requires a static popt library
+EXTRA_OECONF += "--disable-static-cryptsetup"
+# There's no recipe for libargon2 yet
+EXTRA_OECONF += "--disable-libargon2"
 
 FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
 
-- 
2.21.0

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[akuster808]

On 6/2/19 4:12 PM, Robert Joslyn wrote:
> Add various PACKAGECONFIG options, keeping the default options enabled.
the PACKCONFIG went from openssl to a lot more, how is that keeping the
defaults?
> ---
>  .../cryptsetup/cryptsetup_2.1.0.bb            | 51 ++++++++++++++++++-
>  1 file changed, 49 insertions(+), 2 deletions(-)
>
> diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> index cf1d22242..51cecf5d2 100644
> --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> @@ -9,7 +9,12 @@ SECTION = "console"
>  LICENSE = "GPL-2.0-with-OpenSSL-exception"
>  LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
>  
> -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> +DEPENDS = " \
> +    json-c \
> +    libdevmapper \
> +    popt \
> +    util-linux \
> +"
>  
>  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
>  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
>  
>  # Use openssl because libgcrypt drops root privileges
>  # if libgcrypt is linked with libcap support
> -PACKAGECONFIG ??= "openssl"
> +PACKAGECONFIG ??= " \
> +    keyring \
> +    cryptsetup \
> +    veritysetup \
> +    cryptsetup-reencrypt \
> +    integritysetup \
> +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> +    udev \
> +    kernel_crypto \
> +    internal-argon2 \
> +    blkid \
> +    luks-adjust-xts-keysize \
> +    openssl \
> +"
> +
> +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
> +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
> +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
> +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
> +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
> +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
> +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto"
> +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't
> +# recognized.
> +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2"
> +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2"
> +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
> +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random"
> +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize"
>  PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
>  PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
> +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
>  
>  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
>                       kernel-module-dm-crypt \
> @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \
>  "
>  
>  EXTRA_OECONF = "--enable-static"
> +# Building without largefile is not supported by upstream
> +EXTRA_OECONF += "--enable-largefile"
> +# Requires a static popt library
> +EXTRA_OECONF += "--disable-static-cryptsetup"
> +# There's no recipe for libargon2 yet
> +EXTRA_OECONF += "--disable-libargon2"
>  
>  FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
>  

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Robert Joslyn]

On Thu, 2019-06-06 at 07:24 -0700, akuster808 wrote:
> 
> On 6/2/19 4:12 PM, Robert Joslyn wrote:
> > Add various PACKAGECONFIG options, keeping the default options
> > enabled.
> the PACKCONFIG went from openssl to a lot more, how is that keeping
> the
> defaults?

My intent was to add PACKAGECONFIG options, but to keep the resulting
build the same as before. This should match the default options that
are set by upstream when you don't specify any --enable or --disable
options.

I can send a v2 with a better description if desired.

Thanks,
Robert

> > ---
> >  .../cryptsetup/cryptsetup_2.1.0.bb            | 51
> > ++++++++++++++++++-
> >  1 file changed, 49 insertions(+), 2 deletions(-)
> > 
> > diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > index cf1d22242..51cecf5d2 100644
> > --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > @@ -9,7 +9,12 @@ SECTION = "console"
> >  LICENSE = "GPL-2.0-with-OpenSSL-exception"
> >  LIC_FILES_CHKSUM =
> > "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> >  
> > -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> > +DEPENDS = " \
> > +    json-c \
> > +    libdevmapper \
> > +    popt \
> > +    util-linux \
> > +"
> >  
> >  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV
> > ').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
> >  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> > @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
> >  
> >  # Use openssl because libgcrypt drops root privileges
> >  # if libgcrypt is linked with libcap support
> > -PACKAGECONFIG ??= "openssl"
> > +PACKAGECONFIG ??= " \
> > +    keyring \
> > +    cryptsetup \
> > +    veritysetup \
> > +    cryptsetup-reencrypt \
> > +    integritysetup \
> > +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> > +    udev \
> > +    kernel_crypto \
> > +    internal-argon2 \
> > +    blkid \
> > +    luks-adjust-xts-keysize \
> > +    openssl \
> > +"
> > +
> > +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> > +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> > +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-
> > pwquality,libpwquality"
> > +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-
> > passwdqc,passwdqc"
> > +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-
> > cryptsetup"
> > +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-
> > veritysetup"
> > +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-
> > reencrypt,--disable-cryptsetup-reencrypt"
> > +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,
> > --disable-integritysetup"
> > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> > +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> > +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-
> > kernel_crypto"
> > +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag
> > isn't
> > +# recognized.
> > +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> > +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,
> > --disable-internal-argon2"
> > +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-
> > argon2,--disable-internal-sse-argon2"
> > +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
> > +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-
> > random"
> > +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-
> > xts-keysize,--disable-luks-adjust-xts-keysize"
> >  PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
> >  PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
> > +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> > +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> > +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
> >  
> >  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> >                       kernel-module-dm-crypt \
> > @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> >  "
> >  
> >  EXTRA_OECONF = "--enable-static"
> > +# Building without largefile is not supported by upstream
> > +EXTRA_OECONF += "--enable-largefile"
> > +# Requires a static popt library
> > +EXTRA_OECONF += "--disable-static-cryptsetup"
> > +# There's no recipe for libargon2 yet
> > +EXTRA_OECONF += "--disable-libargon2"
> >  
> >  FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','
> > ${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
> >  

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Peter Kjellerstedt]

It is no longer possible to build cryptsetup-native after this was merged. 
It now fails with:

ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:.../meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb DEPENDS on or otherwise requires it). Close matches:
  fuse-native
  unifdef-native
  db-native
ERROR: Required build target 'cryptsetup-native' has no buildable providers.
Missing or unbuildable dependency chain was: ['cryptsetup-native', 'udev-native']

This is with systemd in DISTRO_FEATURES.

//Peter

> -----Original Message-----
> From: openembedded-devel-bounces@lists.openembedded.org <openembedded-
> devel-bounces@lists.openembedded.org> On Behalf Of Robert Joslyn
> Sent: den 7 juni 2019 05:46
> To: akuster808 <akuster808@gmail.com>; openembedded-
> devel@lists.openembedded.org
> Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> options
> 
> On Thu, 2019-06-06 at 07:24 -0700, akuster808 wrote:
> >
> > On 6/2/19 4:12 PM, Robert Joslyn wrote:
> > > Add various PACKAGECONFIG options, keeping the default options
> > > enabled.
> > the PACKCONFIG went from openssl to a lot more, how is that keeping
> > the
> > defaults?
> 
> My intent was to add PACKAGECONFIG options, but to keep the resulting
> build the same as before. This should match the default options that
> are set by upstream when you don't specify any --enable or --disable
> options.
> 
> I can send a v2 with a better description if desired.
> 
> Thanks,
> Robert
> 
> > > ---
> > >  .../cryptsetup/cryptsetup_2.1.0.bb            | 51
> > > ++++++++++++++++++-
> > >  1 file changed, 49 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > index cf1d22242..51cecf5d2 100644
> > > --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > @@ -9,7 +9,12 @@ SECTION = "console"
> > >  LICENSE = "GPL-2.0-with-OpenSSL-exception"
> > >  LIC_FILES_CHKSUM =
> > > "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> > >
> > > -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> > > +DEPENDS = " \
> > > +    json-c \
> > > +    libdevmapper \
> > > +    popt \
> > > +    util-linux \
> > > +"
> > >
> > >  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV
> > > ').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
> > >  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> > > @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
> > >
> > >  # Use openssl because libgcrypt drops root privileges
> > >  # if libgcrypt is linked with libcap support
> > > -PACKAGECONFIG ??= "openssl"
> > > +PACKAGECONFIG ??= " \
> > > +    keyring \
> > > +    cryptsetup \
> > > +    veritysetup \
> > > +    cryptsetup-reencrypt \
> > > +    integritysetup \
> > > +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> > > +    udev \
> > > +    kernel_crypto \
> > > +    internal-argon2 \
> > > +    blkid \
> > > +    luks-adjust-xts-keysize \
> > > +    openssl \
> > > +"
> > > +
> > > +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> > > +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> > > +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-
> > > pwquality,libpwquality"
> > > +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-
> > > passwdqc,passwdqc"
> > > +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-
> > > cryptsetup"
> > > +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-
> > > veritysetup"
> > > +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-
> > > reencrypt,--disable-cryptsetup-reencrypt"
> > > +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,
> > > --disable-integritysetup"
> > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> > > +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> > > +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-
> > > kernel_crypto"
> > > +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag
> > > isn't
> > > +# recognized.
> > > +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> > > +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,
> > > --disable-internal-argon2"
> > > +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-
> > > argon2,--disable-internal-sse-argon2"
> > > +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux"
> > > +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-
> > > random"
> > > +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-
> > > xts-keysize,--disable-luks-adjust-xts-keysize"
> > >  PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
> > >  PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
> > > +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> > > +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> > > +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
> > >
> > >  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> > >                       kernel-module-dm-crypt \
> > > @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> > >  "
> > >
> > >  EXTRA_OECONF = "--enable-static"
> > > +# Building without largefile is not supported by upstream
> > > +EXTRA_OECONF += "--enable-largefile"
> > > +# Requires a static popt library
> > > +EXTRA_OECONF += "--disable-static-cryptsetup"
> > > +# There's no recipe for libargon2 yet
> > > +EXTRA_OECONF += "--disable-libargon2"
> > >
> > >  FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','
> > > ${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
> > >
> 
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Robert Joslyn]

On Thu, 2019-06-27 at 10:56 +0000, Peter Kjellerstedt wrote:
> It is no longer possible to build cryptsetup-native after this was
> merged. 
> It now fails with:
> 
> ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:.../meta-
> oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb DEPENDS on or otherwise
> requires it). Close matches:
>   fuse-native
>   unifdef-native
>   db-native
> ERROR: Required build target 'cryptsetup-native' has no buildable
> providers.
> Missing or unbuildable dependency chain was: ['cryptsetup-native',
> 'udev-native']
> 
> This is with systemd in DISTRO_FEATURES.
> 
> //Peter
> 

Sorry about that. Is there a reasonable set of options useful for the
native build? Any preference for an empty native PACKAGECONFIG or should
it be the same as the target (minus udev obviously)?

Thanks,
Robert

> > -----Original Message-----
> > From: openembedded-devel-bounces@lists.openembedded.org <openembedded-
> > devel-bounces@lists.openembedded.org> On Behalf Of Robert Joslyn
> > Sent: den 7 juni 2019 05:46
> > To: akuster808 <akuster808@gmail.com>; openembedded-
> > devel@lists.openembedded.org
> > Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> > options
> > 
> > On Thu, 2019-06-06 at 07:24 -0700, akuster808 wrote:
> > > On 6/2/19 4:12 PM, Robert Joslyn wrote:
> > > > Add various PACKAGECONFIG options, keeping the default options
> > > > enabled.
> > > the PACKCONFIG went from openssl to a lot more, how is that keeping
> > > the
> > > defaults?
> > 
> > My intent was to add PACKAGECONFIG options, but to keep the resulting
> > build the same as before. This should match the default options that
> > are set by upstream when you don't specify any --enable or --disable
> > options.
> > 
> > I can send a v2 with a better description if desired.
> > 
> > Thanks,
> > Robert
> > 
> > > > ---
> > > >  .../cryptsetup/cryptsetup_2.1.0.bb            | 51
> > > > ++++++++++++++++++-
> > > >  1 file changed, 49 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > index cf1d22242..51cecf5d2 100644
> > > > --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > @@ -9,7 +9,12 @@ SECTION = "console"
> > > >  LICENSE = "GPL-2.0-with-OpenSSL-exception"
> > > >  LIC_FILES_CHKSUM =
> > > > "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> > > > 
> > > > -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> > > > +DEPENDS = " \
> > > > +    json-c \
> > > > +    libdevmapper \
> > > > +    popt \
> > > > +    util-linux \
> > > > +"
> > > > 
> > > >  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('P
> > > > V
> > > > ').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
> > > >  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> > > > @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
> > > > 
> > > >  # Use openssl because libgcrypt drops root privileges
> > > >  # if libgcrypt is linked with libcap support
> > > > -PACKAGECONFIG ??= "openssl"
> > > > +PACKAGECONFIG ??= " \
> > > > +    keyring \
> > > > +    cryptsetup \
> > > > +    veritysetup \
> > > > +    cryptsetup-reencrypt \
> > > > +    integritysetup \
> > > > +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> > > > +    udev \
> > > > +    kernel_crypto \
> > > > +    internal-argon2 \
> > > > +    blkid \
> > > > +    luks-adjust-xts-keysize \
> > > > +    openssl \
> > > > +"
> > > > +
> > > > +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> > > > +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> > > > +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-
> > > > pwquality,libpwquality"
> > > > +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-
> > > > passwdqc,passwdqc"
> > > > +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-
> > > > cryptsetup"
> > > > +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-
> > > > veritysetup"
> > > > +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-
> > > > reencrypt,--disable-cryptsetup-reencrypt"
> > > > +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,
> > > > --disable-integritysetup"
> > > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> > > > +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> > > > +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-
> > > > kernel_crypto"
> > > > +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag
> > > > isn't
> > > > +# recognized.
> > > > +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> > > > +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,
> > > > --disable-internal-argon2"
> > > > +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-
> > > > argon2,--disable-internal-sse-argon2"
> > > > +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-
> > > > linux"
> > > > +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-
> > > > random"
> > > > +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-
> > > > xts-keysize,--disable-luks-adjust-xts-keysize"
> > > >  PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
> > > >  PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
> > > > +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> > > > +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> > > > +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
> > > > 
> > > >  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> > > >                       kernel-module-dm-crypt \
> > > > @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-generic
> > > > \
> > > >  "
> > > > 
> > > >  EXTRA_OECONF = "--enable-static"
> > > > +# Building without largefile is not supported by upstream
> > > > +EXTRA_OECONF += "--enable-largefile"
> > > > +# Requires a static popt library
> > > > +EXTRA_OECONF += "--disable-static-cryptsetup"
> > > > +# There's no recipe for libargon2 yet
> > > > +EXTRA_OECONF += "--disable-libargon2"
> > > > 
> > > >  FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd',
> > > > '
> > > > ${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
> > > > 
> > 
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Peter Kjellerstedt]

> -----Original Message-----
> From: Robert Joslyn <robert.joslyn@redrectangle.org>
> Sent: den 28 juni 2019 05:51
> To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; akuster808
> <akuster808@gmail.com>; openembedded-devel@lists.openembedded.org
> Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> options
> 
> On Thu, 2019-06-27 at 10:56 +0000, Peter Kjellerstedt wrote:
> > It is no longer possible to build cryptsetup-native after this was
> > merged.
> > It now fails with:
> >
> > ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:.../meta-
> > oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb DEPENDS on or otherwise
> > requires it). Close matches:
> >   fuse-native
> >   unifdef-native
> >   db-native
> > ERROR: Required build target 'cryptsetup-native' has no buildable > providers.
> > Missing or unbuildable dependency chain was: ['cryptsetup-native', 'udev-native']
> >
> > This is with systemd in DISTRO_FEATURES.
> >
> > //Peter
> 
> Sorry about that. Is there a reasonable set of options useful for the
> native build? Any preference for an empty native PACKAGECONFIG or
> should it be the same as the target (minus udev obviously)?

I have no idea. I don't even know why cryptsetup-native is being built, 
all I know is that it can't depend on udev-native. Locally, I have fixed  
it by adding a bbappend with PACKAGECONFIG_remove_class-native = "udev", 
so now it builds again. For meta-oe I would instead suggest to add the 
udev feature using PACKAGECONFIG_append_class-target = " udev".

One thing that worries me though is that you stated in the commit message 
that the set of enabled PACKAGECONFIGs should match the default when no 
enable/disable options are specified. However, this does not seem to hold 
true for udev, as there was no dependency on udev before your change. So 
maybe udev should not be enabled by default for target either?

> Thanks,
> Robert

//Peter

> > > -----Original Message-----
> > > From: openembedded-devel-bounces@lists.openembedded.org
> <openembedded-
> > > devel-bounces@lists.openembedded.org> On Behalf Of Robert Joslyn
> > > Sent: den 7 juni 2019 05:46
> > > To: akuster808 <akuster808@gmail.com>; openembedded-
> > > devel@lists.openembedded.org
> > > Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> > > options
> > >
> > > On Thu, 2019-06-06 at 07:24 -0700, akuster808 wrote:
> > > > On 6/2/19 4:12 PM, Robert Joslyn wrote:
> > > > > Add various PACKAGECONFIG options, keeping the default options
> > > > > enabled.
> > > > the PACKCONFIG went from openssl to a lot more, how is that
> keeping
> > > > the
> > > > defaults?
> > >
> > > My intent was to add PACKAGECONFIG options, but to keep the
> resulting
> > > build the same as before. This should match the default options
> that
> > > are set by upstream when you don't specify any --enable or --
> disable
> > > options.
> > >
> > > I can send a v2 with a better description if desired.
> > >
> > > Thanks,
> > > Robert
> > >
> > > > > ---
> > > > >  .../cryptsetup/cryptsetup_2.1.0.bb            | 51
> > > > > ++++++++++++++++++-
> > > > >  1 file changed, 49 insertions(+), 2 deletions(-)
> > > > >
> > > > > diff --git a/meta-oe/recipes-
> crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > index cf1d22242..51cecf5d2 100644
> > > > > --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > @@ -9,7 +9,12 @@ SECTION = "console"
> > > > >  LICENSE = "GPL-2.0-with-OpenSSL-exception"
> > > > >  LIC_FILES_CHKSUM =
> > > > > "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> > > > >
> > > > > -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> > > > > +DEPENDS = " \
> > > > > +    json-c \
> > > > > +    libdevmapper \
> > > > > +    popt \
> > > > > +    util-linux \
> > > > > +"
> > > > >
> > > > >  SRC_URI =
> "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('P
> > > > > V
> > > > >
> ').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
> > > > >  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> > > > > @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
> > > > >
> > > > >  # Use openssl because libgcrypt drops root privileges
> > > > >  # if libgcrypt is linked with libcap support
> > > > > -PACKAGECONFIG ??= "openssl"
> > > > > +PACKAGECONFIG ??= " \
> > > > > +    keyring \
> > > > > +    cryptsetup \
> > > > > +    veritysetup \
> > > > > +    cryptsetup-reencrypt \
> > > > > +    integritysetup \
> > > > > +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> > > > > +    udev \
> > > > > +    kernel_crypto \
> > > > > +    internal-argon2 \
> > > > > +    blkid \
> > > > > +    luks-adjust-xts-keysize \
> > > > > +    openssl \
> > > > > +"
> > > > > +
> > > > > +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> > > > > +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> > > > > +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-
> > > > > pwquality,libpwquality"
> > > > > +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-
> > > > > passwdqc,passwdqc"
> > > > > +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-
> > > > > cryptsetup"
> > > > > +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-
> > > > > veritysetup"
> > > > > +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-
> > > > > reencrypt,--disable-cryptsetup-reencrypt"
> > > > > +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,
> > > > > --disable-integritysetup"
> > > > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> > > > > +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> > > > > +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--
> disable-
> > > > > kernel_crypto"
> > > > > +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the
> flag
> > > > > isn't
> > > > > +# recognized.
> > > > > +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> > > > > +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,
> > > > > --disable-internal-argon2"
> > > > > +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-
> > > > > argon2,--disable-internal-sse-argon2"
> > > > > +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-
> > > > > linux"
> > > > > +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-
> dev-
> > > > > random"
> > > > > +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-
> adjust-
> > > > > xts-keysize,--disable-luks-adjust-xts-keysize"
> > > > >  PACKAGECONFIG[openssl] = "--with-
> crypto_backend=openssl,,openssl"
> > > > >  PACKAGECONFIG[gcrypt] = "--with-
> crypto_backend=gcrypt,,libgcrypt"
> > > > > +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> > > > > +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> > > > > +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
> > > > >
> > > > >  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> > > > >                       kernel-module-dm-crypt \
> > > > > @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-
> generic
> > > > > \
> > > > >  "
> > > > >
> > > > >  EXTRA_OECONF = "--enable-static"
> > > > > +# Building without largefile is not supported by upstream
> > > > > +EXTRA_OECONF += "--enable-largefile"
> > > > > +# Requires a static popt library
> > > > > +EXTRA_OECONF += "--disable-static-cryptsetup"
> > > > > +# There's no recipe for libargon2 yet
> > > > > +EXTRA_OECONF += "--disable-libargon2"
> > > > >
> > > > >  FILES_${PN} +=
> "${@bb.utils.contains('DISTRO_FEATURES','systemd',
> > > > > '
> > > > > ${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
> > > > >
> > >
> > > --
> > > _______________________________________________
> > > Openembedded-devel mailing list
> > > Openembedded-devel@lists.openembedded.org
> > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> 

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Mikko.Rapeli]

On Mon, Jul 01, 2019 at 11:53:05PM +0000, Peter Kjellerstedt wrote:
> > -----Original Message-----
> > From: Robert Joslyn <robert.joslyn@redrectangle.org>
> > Sent: den 28 juni 2019 05:51
> > To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; akuster808
> > <akuster808@gmail.com>; openembedded-devel@lists.openembedded.org
> > Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> > options
> > 
> > On Thu, 2019-06-27 at 10:56 +0000, Peter Kjellerstedt wrote:
> > > It is no longer possible to build cryptsetup-native after this was
> > > merged.
> > > It now fails with:
> > >
> > > ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:.../meta-
> > > oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb DEPENDS on or otherwise
> > > requires it). Close matches:
> > >   fuse-native
> > >   unifdef-native
> > >   db-native
> > > ERROR: Required build target 'cryptsetup-native' has no buildable > providers.
> > > Missing or unbuildable dependency chain was: ['cryptsetup-native', 'udev-native']
> > >
> > > This is with systemd in DISTRO_FEATURES.
> > >
> > > //Peter
> > 
> > Sorry about that. Is there a reasonable set of options useful for the
> > native build? Any preference for an empty native PACKAGECONFIG or
> > should it be the same as the target (minus udev obviously)?
> 
> I have no idea. I don't even know why cryptsetup-native is being built, 
> all I know is that it can't depend on udev-native. Locally, I have fixed  
> it by adding a bbappend with PACKAGECONFIG_remove_class-native = "udev", 
> so now it builds again. For meta-oe I would instead suggest to add the 
> udev feature using PACKAGECONFIG_append_class-target = " udev".

FWIW, I'm doing the same. Using cryptsetup-native for building
dmverity images and the udev-native dependency is not needed and causes
build failures with systemd-native...

-Mikko

> One thing that worries me though is that you stated in the commit message 
> that the set of enabled PACKAGECONFIGs should match the default when no 
> enable/disable options are specified. However, this does not seem to hold 
> true for udev, as there was no dependency on udev before your change. So 
> maybe udev should not be enabled by default for target either?
> 
> > Thanks,
> > Robert
> 
> //Peter
> 
> > > > -----Original Message-----
> > > > From: openembedded-devel-bounces@lists.openembedded.org
> > <openembedded-
> > > > devel-bounces@lists.openembedded.org> On Behalf Of Robert Joslyn
> > > > Sent: den 7 juni 2019 05:46
> > > > To: akuster808 <akuster808@gmail.com>; openembedded-
> > > > devel@lists.openembedded.org
> > > > Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> > > > options
> > > >
> > > > On Thu, 2019-06-06 at 07:24 -0700, akuster808 wrote:
> > > > > On 6/2/19 4:12 PM, Robert Joslyn wrote:
> > > > > > Add various PACKAGECONFIG options, keeping the default options
> > > > > > enabled.
> > > > > the PACKCONFIG went from openssl to a lot more, how is that
> > keeping
> > > > > the
> > > > > defaults?
> > > >
> > > > My intent was to add PACKAGECONFIG options, but to keep the
> > resulting
> > > > build the same as before. This should match the default options
> > that
> > > > are set by upstream when you don't specify any --enable or --
> > disable
> > > > options.
> > > >
> > > > I can send a v2 with a better description if desired.
> > > >
> > > > Thanks,
> > > > Robert
> > > >
> > > > > > ---
> > > > > >  .../cryptsetup/cryptsetup_2.1.0.bb            | 51
> > > > > > ++++++++++++++++++-
> > > > > >  1 file changed, 49 insertions(+), 2 deletions(-)
> > > > > >
> > > > > > diff --git a/meta-oe/recipes-
> > crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > > b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > > index cf1d22242..51cecf5d2 100644
> > > > > > --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > > +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb
> > > > > > @@ -9,7 +9,12 @@ SECTION = "console"
> > > > > >  LICENSE = "GPL-2.0-with-OpenSSL-exception"
> > > > > >  LIC_FILES_CHKSUM =
> > > > > > "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> > > > > >
> > > > > > -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c"
> > > > > > +DEPENDS = " \
> > > > > > +    json-c \
> > > > > > +    libdevmapper \
> > > > > > +    popt \
> > > > > > +    util-linux \
> > > > > > +"
> > > > > >
> > > > > >  SRC_URI =
> > "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('P
> > > > > > V
> > > > > >
> > ').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
> > > > > >  SRC_URI[md5sum] = "41d8b985ef69242852b93e95d53e8e28"
> > > > > > @@ -19,9 +24,45 @@ inherit autotools gettext pkgconfig
> > > > > >
> > > > > >  # Use openssl because libgcrypt drops root privileges
> > > > > >  # if libgcrypt is linked with libcap support
> > > > > > -PACKAGECONFIG ??= "openssl"
> > > > > > +PACKAGECONFIG ??= " \
> > > > > > +    keyring \
> > > > > > +    cryptsetup \
> > > > > > +    veritysetup \
> > > > > > +    cryptsetup-reencrypt \
> > > > > > +    integritysetup \
> > > > > > +    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
> > > > > > +    udev \
> > > > > > +    kernel_crypto \
> > > > > > +    internal-argon2 \
> > > > > > +    blkid \
> > > > > > +    luks-adjust-xts-keysize \
> > > > > > +    openssl \
> > > > > > +"
> > > > > > +
> > > > > > +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring"
> > > > > > +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips"
> > > > > > +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-
> > > > > > pwquality,libpwquality"
> > > > > > +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-
> > > > > > passwdqc,passwdqc"
> > > > > > +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-
> > > > > > cryptsetup"
> > > > > > +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-
> > > > > > veritysetup"
> > > > > > +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-
> > > > > > reencrypt,--disable-cryptsetup-reencrypt"
> > > > > > +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,
> > > > > > --disable-integritysetup"
> > > > > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
> > > > > > +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
> > > > > > +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--
> > disable-
> > > > > > kernel_crypto"
> > > > > > +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the
> > flag
> > > > > > isn't
> > > > > > +# recognized.
> > > > > > +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2"
> > > > > > +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,
> > > > > > --disable-internal-argon2"
> > > > > > +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-
> > > > > > argon2,--disable-internal-sse-argon2"
> > > > > > +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-
> > > > > > linux"
> > > > > > +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-
> > dev-
> > > > > > random"
> > > > > > +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-
> > adjust-
> > > > > > xts-keysize,--disable-luks-adjust-xts-keysize"
> > > > > >  PACKAGECONFIG[openssl] = "--with-
> > crypto_backend=openssl,,openssl"
> > > > > >  PACKAGECONFIG[gcrypt] = "--with-
> > crypto_backend=gcrypt,,libgcrypt"
> > > > > > +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss"
> > > > > > +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel"
> > > > > > +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle"
> > > > > >
> > > > > >  RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> > > > > >                       kernel-module-dm-crypt \
> > > > > > @@ -32,6 +73,12 @@ RRECOMMENDS_${PN} = "kernel-module-aes-
> > generic
> > > > > > \
> > > > > >  "
> > > > > >
> > > > > >  EXTRA_OECONF = "--enable-static"
> > > > > > +# Building without largefile is not supported by upstream
> > > > > > +EXTRA_OECONF += "--enable-largefile"
> > > > > > +# Requires a static popt library
> > > > > > +EXTRA_OECONF += "--disable-static-cryptsetup"
> > > > > > +# There's no recipe for libargon2 yet
> > > > > > +EXTRA_OECONF += "--disable-libargon2"
> > > > > >
> > > > > >  FILES_${PN} +=
> > "${@bb.utils.contains('DISTRO_FEATURES','systemd',
> > > > > > '
> > > > > > ${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}"
> > > > > >
> > > >
> > > > --
> > > > _______________________________________________
> > > > Openembedded-devel mailing list
> > > > Openembedded-devel@lists.openembedded.org
> > > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> > 
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG options

[Robert Joslyn]

On Mon, 2019-07-01 at 23:53 +0000, Peter Kjellerstedt wrote:
> > -----Original Message-----
> > From: Robert Joslyn <robert.joslyn@redrectangle.org>
> > Sent: den 28 juni 2019 05:51
> > To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; akuster808
> > <akuster808@gmail.com>; openembedded-devel@lists.openembedded.org
> > Subject: Re: [oe] [meta-oe][PATCH] cryptsetup: Add PACKAGECONFIG
> > options
> > 
> > On Thu, 2019-06-27 at 10:56 +0000, Peter Kjellerstedt wrote:
> > > It is no longer possible to build cryptsetup-native after this was
> > > merged.
> > > It now fails with:
> > > 
> > > ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:.../meta-
> > > oe/recipes-crypto/cryptsetup/cryptsetup_2.1.0.bb DEPENDS on or
> > > otherwise
> > > requires it). Close matches:
> > >   fuse-native
> > >   unifdef-native
> > >   db-native
> > > ERROR: Required build target 'cryptsetup-native' has no buildable >
> > > providers.
> > > Missing or unbuildable dependency chain was: ['cryptsetup-native',
> > > 'udev-native']
> > > 
> > > This is with systemd in DISTRO_FEATURES.
> > > 
> > > //Peter
> > 
> > Sorry about that. Is there a reasonable set of options useful for the
> > native build? Any preference for an empty native PACKAGECONFIG or
> > should it be the same as the target (minus udev obviously)?
> 
> I have no idea. I don't even know why cryptsetup-native is being built, 
> all I know is that it can't depend on udev-native. Locally, I have
> fixed  
> it by adding a bbappend with PACKAGECONFIG_remove_class-native =
> "udev", 
> so now it builds again. For meta-oe I would instead suggest to add the 
> udev feature using PACKAGECONFIG_append_class-target = " udev".
> 
> One thing that worries me though is that you stated in the commit
> message 
> that the set of enabled PACKAGECONFIGs should match the default when no 
> enable/disable options are specified. However, this does not seem to
> hold 
> true for udev, as there was no dependency on udev before your change.
> So 
> maybe udev should not be enabled by default for target either?

I looked at it again, and the behavior of --enable-udev and --disable-udev 
is a little different than I thought. --enable-udev is adding a check for
devmapper udev sync support at runtime (it adds a call to
dm_udev_get_sync_support()). So it doesn't need udev at build time for
this, just runtime. libdevmapper has udev support enabled by default for target builds, so that would have been pulling it in before.

I'll send a patch adding udev only for the target build and making it an
RDEPENDS only.

Thanks,
Robert