diff options
author | leimaohui <leimaohui@fujitsu.com> | 2022-05-25 11:48:09 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-27 23:50:47 +0100 |
commit | f548200d231bad0b48ff0db32ddff497aec4f10d (patch) | |
tree | 6b86509c40870a4190dd8fa8beb5d5da9ad51451 | |
parent | 3d41555fdc95ca22df2b14c486f7ba765a5ac99f (diff) | |
download | poky-f548200d231bad0b48ff0db32ddff497aec4f10d.tar.gz |
gnutls: Added fips option.
- Added a patch to avoid excute fipshmac command. Because *.hmac
file should be created on target instead of on build environment.
- Added pkg_postinst_ontarget to make sure necessary files are
created on target.
(From OE-Core rev: 1b5c620d10aa678871b6cea46e113c8fe3b79822)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | 28 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 |
2 files changed, 51 insertions, 1 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000000..e40b2be362 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Lei Maohui <leimaohui@fujitsu.com> | ||
3 | Date: Mon, 23 May 2022 10:44:43 +0900 | ||
4 | Subject: [PATCH] Creating .hmac file should be excuted in target environment, | ||
5 | so deleted it from build process. | ||
6 | |||
7 | Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] | ||
8 | Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> | ||
9 | --- | ||
10 | lib/Makefile.am | 3 +-- | ||
11 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/lib/Makefile.am b/lib/Makefile.am | ||
14 | index 0b43ef9..cf263f0 100644 | ||
15 | --- a/lib/Makefile.am | ||
16 | +++ b/lib/Makefile.am | ||
17 | @@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac | ||
18 | |||
19 | all-local: $(hmac_files) | ||
20 | |||
21 | -.libs/.gnutls.hmac: libgnutls.la fipshmac | ||
22 | - $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ | ||
23 | +.libs/.gnutls.hmac: | ||
24 | |||
25 | CLEANFILES = $(hmac_files) | ||
26 | endif | ||
27 | -- | ||
28 | 2.25.1 | ||
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb b/meta/recipes-support/gnutls/gnutls_3.7.5.bb index 5feedb7fdc..63157eac97 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb | |||
@@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" | |||
21 | 21 | ||
22 | SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ | 22 | SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ |
23 | file://arm_eabi.patch \ | 23 | file://arm_eabi.patch \ |
24 | file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" | 27 | SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" |
@@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" | |||
36 | PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" | 37 | PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" |
37 | PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" | 38 | PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" |
38 | PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" | 39 | PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" |
40 | PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" | ||
39 | 41 | ||
40 | EXTRA_OECONF = " \ | 42 | EXTRA_OECONF = " \ |
41 | --enable-doc \ | 43 | --enable-doc \ |
@@ -59,10 +61,30 @@ do_configure:prepend() { | |||
59 | done | 61 | done |
60 | } | 62 | } |
61 | 63 | ||
62 | PACKAGES =+ "${PN}-openssl ${PN}-xx" | 64 | do_install:append:class-target() { |
65 | if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then | ||
66 | install -d ${D}${bindir}/bin | ||
67 | install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ | ||
68 | fi | ||
69 | } | ||
70 | |||
71 | PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" | ||
63 | 72 | ||
64 | FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" | 73 | FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" |
65 | FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" | 74 | FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" |
66 | FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" | 75 | FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" |
76 | FILES:${PN}-fips = "${bindir}/fipshmac" | ||
67 | 77 | ||
68 | BBCLASSEXTEND = "native nativesdk" | 78 | BBCLASSEXTEND = "native nativesdk" |
79 | |||
80 | pkg_postinst_ontarget:${PN}-fips () { | ||
81 | if test -x ${bindir}/fipshmac | ||
82 | then | ||
83 | mkdir ${sysconfdir}/gnutls | ||
84 | touch ${sysconfdir}/gnutls/config | ||
85 | ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac | ||
86 | ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac | ||
87 | ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac | ||
88 | ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac | ||
89 | fi | ||
90 | } | ||