keyutils: add new recipe

keyutils is utilities to control the kernel key management facility and to provide a mechanism by which the kernel call back to userspace to get a key instantiated. It's required by ecryptfs-utils. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Jackie Huang <jackie.huang@windriver.com> 2017-05-24 10:22:36 +0800
committer: Armin Kuster <akuster808@gmail.com> 2017-06-01 08:01:34 -0700
commit: 37c47c164e4d02e6e9b1c106a73695e8a0094c30 (patch)
tree: 45ce1ecb1cadcdb38ad01f305791a902d87a0b32 /recipes-security
parent: 20f2f496c2cfb32ec164ac0b3d20676a214c4341 (diff)
download: meta-security-37c47c164e4d02e6e9b1c106a73695e8a0094c30.tar.gz
5 files changed, 159 insertions, 0 deletions
diff --git a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
new file mode 100644
index 0000000..acd91c0
--- /dev/null
+++ b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
@@ -0,0 +1,42 @@
+fix keyutils test error report
+Upstream-Status: Pending
+"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED.
+"Required key not available" may be the reason of EKEYREVOKED.
+EXPIRED and REVOKED are 2 status of kernel security keys features.
+But the userspace keyutils lib will output the error message, which may
+have several reasons.
+Signed-off-by: Han Chao <chan@windriver.com>
+diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
+index bbca00a..739e9d0 100644
+--- a/tests/toolbox.inc.sh
+++ b/tests/toolbox.inc.sh
+@@ -227,11 +227,12 @@ function expect_error ()
+            ;;
+        EKEYEXPIRED)
+            my_err="Key has expired"
+-           alt_err="Unknown error 127"
+           alt_err="Permission denied"
+            ;;
+        EKEYREVOKED)
+            my_err="Key has been revoked"
+-           alt_err="Unknown error 128"
+           alt_err="Permission denied"
+           alt2_err="Required key not available"
+            ;;
+        EKEYREJECTED)
+            my_err="Key has been rejected"
+@@ -249,6 +250,9 @@ function expect_error ()
+     elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null
+     then
+        :
+    elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null
+    then
+       :
+     elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null
+     then
+        :
diff --git a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
new file mode 100644
index 0000000..a4ffd50
--- /dev/null
+++ b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
@@ -0,0 +1,41 @@
+From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Mon, 15 May 2017 14:52:00 +0800
+Subject: [PATCH] keyutils: fix output format
+keyutils ptest output format is incorrect, according to yocto
+Development Manual
+(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest)
+5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake:
+<result>: <testname>
+where the result can be PASS, FAIL, or SKIP, and the testname can be any
+identifying string.
+So we should change the test result format to match yocto ptest rules.
+Upstream-Status: Inappropriate [OE ptest specific]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ tests/runtest.sh | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/tests/runtest.sh b/tests/runtest.sh
+index b6eaa7c..84263fb 100644
+--- a/tests/runtest.sh
+++ b/tests/runtest.sh
+@@ -21,6 +21,11 @@ for i in ${TESTS}; do
+     echo "### RUNNING TEST $i"
+     if [[ $AUTOMATED != 0 ]] ; then
+         bash ./runtest.sh
+        if [ $? != 0 ]; then
+            echo "FAIL: $i"
+        else
+            echo "PASS: $i"
+        fi
+     else
+         bash ./runtest.sh || exit 1
+     fi
+-- 
+2.11.0
diff --git a/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch
new file mode 100644
index 0000000..dde1af4
--- /dev/null
+++ b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch
@@ -0,0 +1,28 @@
+Subject: [PATCH] keyutils: use relative path for link
+The absolute path of the symlink will be invalid
+when populated in sysroot, so use relative path instead.
+Upstream-Status: Pending
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/Makefile b/Makefile
+index 824bbbf..8ce3a13 100644
+--- a/Makefile
+++ b/Makefile
+@@ -167,7 +167,7 @@ ifeq ($(NO_SOLIB),0)
+        $(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
+        $(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
+        mkdir -p $(DESTDIR)$(USRLIBDIR)
+-       $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
+       $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
+ endif
+        $(INSTALL) -D keyctl $(DESTDIR)$(BINDIR)/keyctl
+        $(INSTALL) -D request-key $(DESTDIR)$(SBINDIR)/request-key
+-- 
+2.11.0
diff --git a/recipes-security/keyutils/files/run-ptest b/recipes-security/keyutils/files/run-ptest
new file mode 100755
index 0000000..305707f
--- /dev/null
+++ b/recipes-security/keyutils/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+export AUTOMATED=1
+make -C tests run
diff --git a/recipes-security/keyutils/keyutils_1.5.10.bb b/recipes-security/keyutils/keyutils_1.5.10.bb
new file mode 100644
index 0000000..2ead8fa
--- /dev/null
+++ b/recipes-security/keyutils/keyutils_1.5.10.bb
@@ -0,0 +1,45 @@
+SUMMARY = "Linux Key Management Utilities"
+DESCRIPTION = "\
+    Utilities to control the kernel key management facility and to provide \
+    a mechanism by which the kernel call back to userspace to get a key \
+    instantiated. \
+    "
+HOMEPAGE = "http://people.redhat.com/dhowells/keyutils"
+SECTION = "base"
+LICENSE = "LGPLv2.1+ & GPLv2.0+"
+LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \
+                    file://LICENCE.LGPL;md5=7d1cacaa3ea752b72ea5e525df54a21f"
+inherit siteinfo ptest
+SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \
+           file://keyutils-use-relative-path-for-link.patch \
+           file://keyutils-test-fix-output-format.patch \
+           file://keyutils-fix-error-report-by-adding-default-message.patch \
+           file://run-ptest \
+           "
+SRC_URI[md5sum] = "3771676319bc7b84b1549b5c63ff5243"
+SRC_URI[sha256sum] = "115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c93afb6"
+EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \
+    NO_ARLIB=1 \
+    LIBDIR=${base_libdir} \
+    USRLIBDIR=${base_libdir} \
+    BUILDFOR=${SITEINFO_BITS}-bit \
+    NO_GLIBC_KEYERR=1 \
+    "
+do_install () {
+    oe_runmake DESTDIR=${D} install
+}
+do_install_ptest () {
+    cp -r ${S}/tests ${D}${PTEST_PATH}/
+    sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh
+}
+RDEPENDS_${PN}-ptest += "glibc-utils"
author	Jackie Huang <jackie.huang@windriver.com>	2017-05-24 10:22:36 +0800
committer	Armin Kuster <akuster808@gmail.com>	2017-06-01 08:01:34 -0700
commit	37c47c164e4d02e6e9b1c106a73695e8a0094c30 (patch)
tree	45ce1ecb1cadcdb38ad01f305791a902d87a0b32 /recipes-security
parent	20f2f496c2cfb32ec164ac0b3d20676a214c4341 (diff)
download	meta-security-37c47c164e4d02e6e9b1c106a73695e8a0094c30.tar.gz

diff --git a/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch new file mode 100644 index 0000000..acd91c0 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
@@ -0,0 +1,42 @@
	1	fix keyutils test error report
	2
	3	Upstream-Status: Pending
	4
	5	"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED.
	6	"Required key not available" may be the reason of EKEYREVOKED.
	7	EXPIRED and REVOKED are 2 status of kernel security keys features.
	8	But the userspace keyutils lib will output the error message, which may
	9	have several reasons.
	10
	11	Signed-off-by: Han Chao <chan@windriver.com>
	12
	13	diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
	14	index bbca00a..739e9d0 100644
	15	--- a/tests/toolbox.inc.sh
	16	+++ b/tests/toolbox.inc.sh
	17	@@ -227,11 +227,12 @@ function expect_error ()
	18	;;
	19	EKEYEXPIRED)
	20	my_err="Key has expired"
	21	- alt_err="Unknown error 127"
	22	+ alt_err="Permission denied"
	23	;;
	24	EKEYREVOKED)
	25	my_err="Key has been revoked"
	26	- alt_err="Unknown error 128"
	27	+ alt_err="Permission denied"
	28	+ alt2_err="Required key not available"
	29	;;
	30	EKEYREJECTED)
	31	my_err="Key has been rejected"
	32	@@ -249,6 +250,9 @@ function expect_error ()
	33	elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null
	34	then
	35	:
	36	+ elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null
	37	+ then
	38	+ :
	39	elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null
	40	then
	41	:
	42


diff --git a/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch new file mode 100644 index 0000000..a4ffd50 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
@@ -0,0 +1,41 @@
	1	From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001
	2	From: Jackie Huang <jackie.huang@windriver.com>
	3	Date: Mon, 15 May 2017 14:52:00 +0800
	4	Subject: [PATCH] keyutils: fix output format
	5
	6	keyutils ptest output format is incorrect, according to yocto
	7	Development Manual
	8	(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest)
	9	5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake:
	10	<result>: <testname>
	11	where the result can be PASS, FAIL, or SKIP, and the testname can be any
	12	identifying string.
	13	So we should change the test result format to match yocto ptest rules.
	14
	15	Upstream-Status: Inappropriate [OE ptest specific]
	16
	17	Signed-off-by: Li Wang <li.wang@windriver.com>
	18	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
	19	---
	20	tests/runtest.sh \| 5 +++++
	21	1 file changed, 5 insertions(+)
	22
	23	diff --git a/tests/runtest.sh b/tests/runtest.sh
	24	index b6eaa7c..84263fb 100644
	25	--- a/tests/runtest.sh
	26	+++ b/tests/runtest.sh
	27	@@ -21,6 +21,11 @@ for i in ${TESTS}; do
	28	echo "### RUNNING TEST $i"
	29	if [[ $AUTOMATED != 0 ]] ; then
	30	bash ./runtest.sh
	31	+ if [ $? != 0 ]; then
	32	+ echo "FAIL: $i"
	33	+ else
	34	+ echo "PASS: $i"
	35	+ fi
	36	else
	37	bash ./runtest.sh \|\| exit 1
	38	fi
	39	--
	40	2.11.0
	41


diff --git a/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch new file mode 100644 index 0000000..dde1af4 --- /dev/null +++ b/recipes-security/keyutils/files/keyutils-use-relative-path-for-link.patch
@@ -0,0 +1,28 @@
	1	Subject: [PATCH] keyutils: use relative path for link
	2
	3	The absolute path of the symlink will be invalid
	4	when populated in sysroot, so use relative path instead.
	5
	6	Upstream-Status: Pending
	7
	8	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
	9	---
	10	Makefile \| 2 +-
	11	1 file changed, 1 insertion(+), 1 deletion(-)
	12
	13	diff --git a/Makefile b/Makefile
	14	index 824bbbf..8ce3a13 100644
	15	--- a/Makefile
	16	+++ b/Makefile
	17	@@ -167,7 +167,7 @@ ifeq ($(NO_SOLIB),0)
	18	$(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
	19	$(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
	20	mkdir -p $(DESTDIR)$(USRLIBDIR)
	21	- $(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
	22	+ $(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
	23	endif
	24	$(INSTALL) -D keyctl $(DESTDIR)$(BINDIR)/keyctl
	25	$(INSTALL) -D request-key $(DESTDIR)$(SBINDIR)/request-key
	26	--
	27	2.11.0
	28


diff --git a/recipes-security/keyutils/files/run-ptest b/recipes-security/keyutils/files/run-ptest new file mode 100755 index 0000000..305707f --- /dev/null +++ b/recipes-security/keyutils/files/run-ptest
@@ -0,0 +1,3 @@
	1	#!/bin/sh
	2	export AUTOMATED=1
	3	make -C tests run


diff --git a/recipes-security/keyutils/keyutils_1.5.10.bb b/recipes-security/keyutils/keyutils_1.5.10.bb new file mode 100644 index 0000000..2ead8fa --- /dev/null +++ b/recipes-security/keyutils/keyutils_1.5.10.bb
@@ -0,0 +1,45 @@
	1	SUMMARY = "Linux Key Management Utilities"
	2	DESCRIPTION = "\
	3	Utilities to control the kernel key management facility and to provide \
	4	a mechanism by which the kernel call back to userspace to get a key \
	5	instantiated. \
	6	"
	7	HOMEPAGE = "http://people.redhat.com/dhowells/keyutils"
	8	SECTION = "base"
	9
	10	LICENSE = "LGPLv2.1+ & GPLv2.0+"
	11
	12	LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \
	13	file://LICENCE.LGPL;md5=7d1cacaa3ea752b72ea5e525df54a21f"
	14
	15
	16	inherit siteinfo ptest
	17
	18	SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \
	19	file://keyutils-use-relative-path-for-link.patch \
	20	file://keyutils-test-fix-output-format.patch \
	21	file://keyutils-fix-error-report-by-adding-default-message.patch \
	22	file://run-ptest \
	23	"
	24
	25	SRC_URI[md5sum] = "3771676319bc7b84b1549b5c63ff5243"
	26	SRC_URI[sha256sum] = "115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c93afb6"
	27
	28	EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \
	29	NO_ARLIB=1 \
	30	LIBDIR=${base_libdir} \
	31	USRLIBDIR=${base_libdir} \
	32	BUILDFOR=${SITEINFO_BITS}-bit \
	33	NO_GLIBC_KEYERR=1 \
	34	"
	35
	36	do_install () {
	37	oe_runmake DESTDIR=${D} install
	38	}
	39
	40	do_install_ptest () {
	41	cp -r ${S}/tests ${D}${PTEST_PATH}/
	42	sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh
	43	}
	44
	45	RDEPENDS_${PN}-ptest += "glibc-utils"