diff options
author | Jackie Huang <jackie.huang@windriver.com> | 2017-05-24 10:22:36 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-06-01 08:01:34 -0700 |
commit | 37c47c164e4d02e6e9b1c106a73695e8a0094c30 (patch) | |
tree | 45ce1ecb1cadcdb38ad01f305791a902d87a0b32 /recipes-security/keyutils | |
parent | 20f2f496c2cfb32ec164ac0b3d20676a214c4341 (diff) | |
download | meta-security-37c47c164e4d02e6e9b1c106a73695e8a0094c30.tar.gz |
keyutils: add new recipe
keyutils is utilities to control the kernel key
management facility and to provide a mechanism by
which the kernel call back to userspace to get a
key instantiated.
It's required by ecryptfs-utils.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security/keyutils')
5 files changed, 159 insertions, 0 deletions
diff --git a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch new file mode 100644 index 0000000..acd91c0 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch | |||
@@ -0,0 +1,42 @@ | |||
1 | fix keyutils test error report | ||
2 | |||
3 | Upstream-Status: Pending | ||
4 | |||
5 | "Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED. | ||
6 | "Required key not available" may be the reason of EKEYREVOKED. | ||
7 | EXPIRED and REVOKED are 2 status of kernel security keys features. | ||
8 | But the userspace keyutils lib will output the error message, which may | ||
9 | have several reasons. | ||
10 | |||
11 | Signed-off-by: Han Chao <chan@windriver.com> | ||
12 | |||
13 | diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh | ||
14 | index bbca00a..739e9d0 100644 | ||
15 | --- a/tests/toolbox.inc.sh | ||
16 | +++ b/tests/toolbox.inc.sh | ||
17 | @@ -227,11 +227,12 @@ function expect_error () | ||
18 | ;; | ||
19 | EKEYEXPIRED) | ||
20 | my_err="Key has expired" | ||
21 | - alt_err="Unknown error 127" | ||
22 | + alt_err="Permission denied" | ||
23 | ;; | ||
24 | EKEYREVOKED) | ||
25 | my_err="Key has been revoked" | ||
26 | - alt_err="Unknown error 128" | ||
27 | + alt_err="Permission denied" | ||
28 | + alt2_err="Required key not available" | ||
29 | ;; | ||
30 | EKEYREJECTED) | ||
31 | my_err="Key has been rejected" | ||
32 | @@ -249,6 +250,9 @@ function expect_error () | ||
33 | elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null | ||
34 | then | ||
35 | : | ||
36 | + elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null | ||
37 | + then | ||
38 | + : | ||
39 | elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null | ||
40 | then | ||
41 | : | ||
42 | |||
diff --git a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch new file mode 100644 index 0000000..a4ffd50 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jackie Huang <jackie.huang@windriver.com> | ||
3 | Date: Mon, 15 May 2017 14:52:00 +0800 | ||
4 | Subject: [PATCH] keyutils: fix output format | ||
5 | |||
6 | keyutils ptest output format is incorrect, according to yocto | ||
7 | Development Manual | ||
8 | (http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest) | ||
9 | 5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake: | ||
10 | <result>: <testname> | ||
11 | where the result can be PASS, FAIL, or SKIP, and the testname can be any | ||
12 | identifying string. | ||
13 | So we should change the test result format to match yocto ptest rules. | ||
14 | |||
15 | Upstream-Status: Inappropriate [OE ptest specific] | ||
16 | |||
17 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
18 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
19 | --- | ||
20 | tests/runtest.sh | 5 +++++ | ||
21 | 1 file changed, 5 insertions(+) | ||
22 | |||
23 | diff --git a/tests/runtest.sh b/tests/runtest.sh | ||
24 | index b6eaa7c..84263fb 100644 | ||
25 | --- a/tests/runtest.sh | ||
26 | +++ b/tests/runtest.sh | ||
27 | @@ -21,6 +21,11 @@ for i in ${TESTS}; do | ||
28 | echo "### RUNNING TEST $i" | ||
29 | if [[ $AUTOMATED != 0 ]] ; then | ||
30 | bash ./runtest.sh | ||
31 | + if [ $? != 0 ]; then | ||
32 | + echo "FAIL: $i" | ||
33 | + else | ||
34 | + echo "PASS: $i" | ||
35 | + fi | ||
36 | else | ||
37 | bash ./runtest.sh || exit 1 | ||
38 | fi | ||
39 | -- | ||
40 | 2.11.0 | ||
41 | |||
diff --git a/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch new file mode 100644 index 0000000..dde1af4 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | Subject: [PATCH] keyutils: use relative path for link | ||
2 | |||
3 | The absolute path of the symlink will be invalid | ||
4 | when populated in sysroot, so use relative path instead. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
9 | --- | ||
10 | Makefile | 2 +- | ||
11 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
12 | |||
13 | diff --git a/Makefile b/Makefile | ||
14 | index 824bbbf..8ce3a13 100644 | ||
15 | --- a/Makefile | ||
16 | +++ b/Makefile | ||
17 | @@ -167,7 +167,7 @@ ifeq ($(NO_SOLIB),0) | ||
18 | $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME) | ||
19 | $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME) | ||
20 | mkdir -p $(DESTDIR)$(USRLIBDIR) | ||
21 | - $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) | ||
22 | + $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB) | ||
23 | endif | ||
24 | $(INSTALL) -D keyctl $(DESTDIR)$(BINDIR)/keyctl | ||
25 | $(INSTALL) -D request-key $(DESTDIR)$(SBINDIR)/request-key | ||
26 | -- | ||
27 | 2.11.0 | ||
28 | |||
diff --git a/recipes-security/keyutils/files/run-ptest b/recipes-security/keyutils/files/run-ptest new file mode 100755 index 0000000..305707f --- /dev/null +++ b/recipes-security/keyutils/files/run-ptest | |||
@@ -0,0 +1,3 @@ | |||
1 | #!/bin/sh | ||
2 | export AUTOMATED=1 | ||
3 | make -C tests run | ||
diff --git a/recipes-security/keyutils/keyutils_1.5.10.bb b/recipes-security/keyutils/keyutils_1.5.10.bb new file mode 100644 index 0000000..2ead8fa --- /dev/null +++ b/recipes-security/keyutils/keyutils_1.5.10.bb | |||
@@ -0,0 +1,45 @@ | |||
1 | SUMMARY = "Linux Key Management Utilities" | ||
2 | DESCRIPTION = "\ | ||
3 | Utilities to control the kernel key management facility and to provide \ | ||
4 | a mechanism by which the kernel call back to userspace to get a key \ | ||
5 | instantiated. \ | ||
6 | " | ||
7 | HOMEPAGE = "http://people.redhat.com/dhowells/keyutils" | ||
8 | SECTION = "base" | ||
9 | |||
10 | LICENSE = "LGPLv2.1+ & GPLv2.0+" | ||
11 | |||
12 | LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \ | ||
13 | file://LICENCE.LGPL;md5=7d1cacaa3ea752b72ea5e525df54a21f" | ||
14 | |||
15 | |||
16 | inherit siteinfo ptest | ||
17 | |||
18 | SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \ | ||
19 | file://keyutils-use-relative-path-for-link.patch \ | ||
20 | file://keyutils-test-fix-output-format.patch \ | ||
21 | file://keyutils-fix-error-report-by-adding-default-message.patch \ | ||
22 | file://run-ptest \ | ||
23 | " | ||
24 | |||
25 | SRC_URI[md5sum] = "3771676319bc7b84b1549b5c63ff5243" | ||
26 | SRC_URI[sha256sum] = "115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c93afb6" | ||
27 | |||
28 | EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \ | ||
29 | NO_ARLIB=1 \ | ||
30 | LIBDIR=${base_libdir} \ | ||
31 | USRLIBDIR=${base_libdir} \ | ||
32 | BUILDFOR=${SITEINFO_BITS}-bit \ | ||
33 | NO_GLIBC_KEYERR=1 \ | ||
34 | " | ||
35 | |||
36 | do_install () { | ||
37 | oe_runmake DESTDIR=${D} install | ||
38 | } | ||
39 | |||
40 | do_install_ptest () { | ||
41 | cp -r ${S}/tests ${D}${PTEST_PATH}/ | ||
42 | sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh | ||
43 | } | ||
44 | |||
45 | RDEPENDS_${PN}-ptest += "glibc-utils" | ||