3 files changed, 153 insertions, 0 deletions
diff --git a/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch
new file mode 100644
index 0000000000..f05497bd1a
--- /dev/null
+++ b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch
@@ -0,0 +1,40 @@
+From 5a3c770b24a40a4e32154f25fdba3b685b0221d2 Mon Sep 17 00:00:00 2001
+From: Ayoub Zaki <ayoub.zaki@embetrix.com>
+Date: Thu, 19 Mar 2026 09:29:10 +0100
+Subject: [PATCH] fix: strip absolute build paths from DWARF debug info for
+ reproducible builds
+Upstream-Status: Backport [https://github.com/smuellerDD/leancrypto/commit/6561beeadf7376cc0815d937ee8d231a3bbbcba8]
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
+---
+ meson.build | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+diff --git a/meson.build b/meson.build
+index 03616319..ba9bbcbd 100644
+--- a/meson.build
+++ b/meson.build
+@@ -121,6 +121,19 @@ endif
+ if get_option('dilithium_debug').enabled()
+        add_global_arguments([ '-DLC_DILITHIUM_DEBUG' ], language: 'c')
+ endif
+
+# Strip build directory paths from debug info to avoid buildpaths warnings
+# in debug packages
+if cc.has_argument('-ffile-prefix-map=/dev/null=/dev/null')
+       add_global_arguments([
+               '-ffile-prefix-map=' + meson.project_source_root() + '/=',
+               '-ffile-prefix-map=' + meson.project_build_root() + '/=',
+       ], language: 'c')
+       add_project_link_arguments([
+               '-ffile-prefix-map=' + meson.project_source_root() + '/=',
+               '-ffile-prefix-map=' + meson.project_build_root() + '/=',
+       ], language : 'c')
+endif
+ if get_option('kyber_debug').enabled()
+        add_global_arguments([ '-DLC_KYBER_DEBUG' ], language: 'c')
+ endif
+-- 
+2.43.0
diff --git a/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh
new file mode 100644
index 0000000000..5db9c4dc8b
--- /dev/null
+++ b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+# SPDX-License-Identifier: MIT
+#
+# leancrypto test runner
+# Runs all leancrypto test binaries and reports pass/fail summary
+#
+TESTDIR="/usr/libexec/leancrypto/tests"
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[0;33m'
+NC='\033[0m'
+PASS=0
+FAIL=0
+SKIP=0
+FAILED=""
+if [ ! -d "$TESTDIR" ]; then
+    echo "ERROR: Test directory $TESTDIR not found"
+    exit 1
+fi
+count=$(find "$TESTDIR" -maxdepth 1 -type f -executable | wc -l)
+if [ "$count" -eq 0 ]; then
+    echo "ERROR: No test binaries found in $TESTDIR"
+    exit 1
+fi
+echo "Running $count leancrypto tests..."
+echo ""
+for t in "$TESTDIR"/*; do
+    [ -x "$t" ] || continue
+    name=$(basename "$t")
+    printf "%-60s " "$name"
+    "$t" > /dev/null 2>&1
+    rc=$?
+    if [ "$rc" -eq 0 ]; then
+        printf "${GREEN}PASS${NC}\n"
+        PASS=$((PASS + 1))
+    elif [ "$rc" -eq 77 ]; then
+        printf "${YELLOW}SKIP${NC}\n"
+        SKIP=$((SKIP + 1))
+    else
+        printf "${RED}FAIL${NC}\n"
+        FAIL=$((FAIL + 1))
+        FAILED="$FAILED $name"
+    fi
+done
+echo ""
+echo "Results: $PASS passed, $FAIL failed, $SKIP skipped, $((PASS + FAIL + SKIP)) total"
+if [ "$FAIL" -gt 0 ]; then
+    echo "Failed tests:$FAILED"
+    exit 1
+fi
diff --git a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb
new file mode 100644
index 0000000000..b46e6c26f5
--- /dev/null
+++ b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb
@@ -0,0 +1,56 @@
+SUMMARY = "Lean cryptographic library with PQC-resistant algorithms"
+DESCRIPTION = "leancrypto is a cryptographic library that exclusively contains \
+PQC-resistant cryptographic algorithms. It is lean, has minimal dependencies, \
+supports stack-only operation and provides optimized implementations for \
+ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more"
+HOMEPAGE = "https://leancrypto.org"
+LICENSE = "BSD-3-Clause | GPL-2.0-only"
+LIC_FILES_CHKSUM = " \
+    file://LICENSE;md5=7e96f38306550c165071e7cab7b6b824 \
+    file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
+    file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
+    "
+SECTION = "libs"
+SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https \
+           file://0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch \
+           file://leancrypto-tests.sh \
+           "
+# SRCREV tagged v1.6.0
+SRCREV = "38215249fbe3951d1992b12447fca3c0c5e7e245"
+inherit pkgconfig meson
+EXTRA_OEMESON = "-Dstrip=false"
+PACKAGECONFIG ??= "secure-exec apps tests"
+PACKAGECONFIG[apps] = "-Dapps=enabled,-Dapps=disabled"
+PACKAGECONFIG[small-stack] = "-Dsmall_stack=enabled,-Dsmall_stack=disabled"
+PACKAGECONFIG[no-asm] = "-Ddisable-asm=true,-Ddisable-asm=false"
+PACKAGECONFIG[efi] = "-Defi=enabled,-Defi=disabled"
+PACKAGECONFIG[secure-exec] = "-Dsecure_execution=enabled,-Dsecure_execution=disabled"
+PACKAGECONFIG[tests] = "-Dtests=enabled,-Dtests=disabled"
+do_install:append () {
+    if ${@bb.utils.contains('PACKAGECONFIG', 'tests', 'true', 'false', d)}; then
+        install -d ${D}${libexecdir}/leancrypto/tests
+        for t in $(find ${B} -maxdepth 3 -type f -executable \( -name '*_tester*' -o -name '*_test' \)); do
+            basename=$(basename "$t")
+            install -m 0755 "$t" ${D}${libexecdir}/leancrypto/tests/leancrypto_${basename}
+        done
+        install -d ${D}${bindir}
+        install -m 0755 ${UNPACKDIR}/leancrypto-tests.sh ${D}${bindir}/leancrypto-tests
+    fi
+}
+PACKAGES =+ "${PN}-tests ${PN}-apps"
+RDEPENDS:${PN}-apps += "${PN}"
+FILES:${PN}-apps = "${bindir}/lc_* \
+                    ${libexecdir}/leancrypto \
+                    "
+RDEPENDS:${PN}-tests += "${PN}"
+FILES:${PN}-tests = "${bindir}/leancrypto-tests \
+                    ${libexecdir}/leancrypto/tests \
+                    "
+BBCLASSEXTEND = "native nativesdk"

diff --git a/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch new file mode 100644 index 0000000000..f05497bd1a --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch
@@ -0,0 +1,40 @@
	1	From 5a3c770b24a40a4e32154f25fdba3b685b0221d2 Mon Sep 17 00:00:00 2001
	2	From: Ayoub Zaki <ayoub.zaki@embetrix.com>
	3	Date: Thu, 19 Mar 2026 09:29:10 +0100
	4	Subject: [PATCH] fix: strip absolute build paths from DWARF debug info for
	5	reproducible builds
	6
	7	Upstream-Status: Backport [https://github.com/smuellerDD/leancrypto/commit/6561beeadf7376cc0815d937ee8d231a3bbbcba8]
	8	Signed-off-by: Stephan Mueller <smueller@chronox.de>
	9	Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
	10	---
	11	meson.build \| 13 +++++++++++++
	12	1 file changed, 13 insertions(+)
	13
	14	diff --git a/meson.build b/meson.build
	15	index 03616319..ba9bbcbd 100644
	16	--- a/meson.build
	17	+++ b/meson.build
	18	@@ -121,6 +121,19 @@ endif
	19	if get_option('dilithium_debug').enabled()
	20	add_global_arguments([ '-DLC_DILITHIUM_DEBUG' ], language: 'c')
	21	endif
	22	+
	23	+# Strip build directory paths from debug info to avoid buildpaths warnings
	24	+# in debug packages
	25	+if cc.has_argument('-ffile-prefix-map=/dev/null=/dev/null')
	26	+ add_global_arguments([
	27	+ '-ffile-prefix-map=' + meson.project_source_root() + '/=',
	28	+ '-ffile-prefix-map=' + meson.project_build_root() + '/=',
	29	+ ], language: 'c')
	30	+ add_project_link_arguments([
	31	+ '-ffile-prefix-map=' + meson.project_source_root() + '/=',
	32	+ '-ffile-prefix-map=' + meson.project_build_root() + '/=',
	33	+ ], language : 'c')
	34	+endif
	35	if get_option('kyber_debug').enabled()
	36	add_global_arguments([ '-DLC_KYBER_DEBUG' ], language: 'c')
	37	endif
	38	--
	39	2.43.0
	40


diff --git a/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh new file mode 100644 index 0000000000..5db9c4dc8b --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh
@@ -0,0 +1,57 @@
	1	#!/bin/sh
	2	# SPDX-License-Identifier: MIT
	3	#
	4	# leancrypto test runner
	5	# Runs all leancrypto test binaries and reports pass/fail summary
	6	#
	7
	8	TESTDIR="/usr/libexec/leancrypto/tests"
	9	GREEN='\033[0;32m'
	10	RED='\033[0;31m'
	11	YELLOW='\033[0;33m'
	12	NC='\033[0m'
	13	PASS=0
	14	FAIL=0
	15	SKIP=0
	16	FAILED=""
	17
	18	if [ ! -d "$TESTDIR" ]; then
	19	echo "ERROR: Test directory $TESTDIR not found"
	20	exit 1
	21	fi
	22
	23	count=$(find "$TESTDIR" -maxdepth 1 -type f -executable \| wc -l)
	24	if [ "$count" -eq 0 ]; then
	25	echo "ERROR: No test binaries found in $TESTDIR"
	26	exit 1
	27	fi
	28
	29	echo "Running $count leancrypto tests..."
	30	echo ""
	31
	32	for t in "$TESTDIR"/*; do
	33	[ -x "$t" ] \|\| continue
	34	name=$(basename "$t")
	35	printf "%-60s " "$name"
	36	"$t" > /dev/null 2>&1
	37	rc=$?
	38	if [ "$rc" -eq 0 ]; then
	39	printf "${GREEN}PASS${NC}\n"
	40	PASS=$((PASS + 1))
	41	elif [ "$rc" -eq 77 ]; then
	42	printf "${YELLOW}SKIP${NC}\n"
	43	SKIP=$((SKIP + 1))
	44	else
	45	printf "${RED}FAIL${NC}\n"
	46	FAIL=$((FAIL + 1))
	47	FAILED="$FAILED $name"
	48	fi
	49	done
	50
	51	echo ""
	52	echo "Results: $PASS passed, $FAIL failed, $SKIP skipped, $((PASS + FAIL + SKIP)) total"
	53
	54	if [ "$FAIL" -gt 0 ]; then
	55	echo "Failed tests:$FAILED"
	56	exit 1
	57	fi


diff --git a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb new file mode 100644 index 0000000000..b46e6c26f5 --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb
@@ -0,0 +1,56 @@
	1	SUMMARY = "Lean cryptographic library with PQC-resistant algorithms"
	2	DESCRIPTION = "leancrypto is a cryptographic library that exclusively contains \
	3	PQC-resistant cryptographic algorithms. It is lean, has minimal dependencies, \
	4	supports stack-only operation and provides optimized implementations for \
	5	ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more"
	6	HOMEPAGE = "https://leancrypto.org"
	7	LICENSE = "BSD-3-Clause \| GPL-2.0-only"
	8	LIC_FILES_CHKSUM = " \
	9	file://LICENSE;md5=7e96f38306550c165071e7cab7b6b824 \
	10	file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
	11	file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
	12	"
	13	SECTION = "libs"
	14	SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https \
	15	file://0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch \
	16	file://leancrypto-tests.sh \
	17	"
	18	# SRCREV tagged v1.6.0
	19	SRCREV = "38215249fbe3951d1992b12447fca3c0c5e7e245"
	20
	21	inherit pkgconfig meson
	22
	23	EXTRA_OEMESON = "-Dstrip=false"
	24
	25	PACKAGECONFIG ??= "secure-exec apps tests"
	26	PACKAGECONFIG[apps] = "-Dapps=enabled,-Dapps=disabled"
	27	PACKAGECONFIG[small-stack] = "-Dsmall_stack=enabled,-Dsmall_stack=disabled"
	28	PACKAGECONFIG[no-asm] = "-Ddisable-asm=true,-Ddisable-asm=false"
	29	PACKAGECONFIG[efi] = "-Defi=enabled,-Defi=disabled"
	30	PACKAGECONFIG[secure-exec] = "-Dsecure_execution=enabled,-Dsecure_execution=disabled"
	31	PACKAGECONFIG[tests] = "-Dtests=enabled,-Dtests=disabled"
	32
	33	do_install:append () {
	34	if ${@bb.utils.contains('PACKAGECONFIG', 'tests', 'true', 'false', d)}; then
	35	install -d ${D}${libexecdir}/leancrypto/tests
	36	for t in $(find ${B} -maxdepth 3 -type f -executable \( -name '_tester' -o -name '*_test' \)); do
	37	basename=$(basename "$t")
	38	install -m 0755 "$t" ${D}${libexecdir}/leancrypto/tests/leancrypto_${basename}
	39	done
	40	install -d ${D}${bindir}
	41	install -m 0755 ${UNPACKDIR}/leancrypto-tests.sh ${D}${bindir}/leancrypto-tests
	42	fi
	43	}
	44
	45	PACKAGES =+ "${PN}-tests ${PN}-apps"
	46
	47	RDEPENDS:${PN}-apps += "${PN}"
	48	FILES:${PN}-apps = "${bindir}/lc_* \
	49	${libexecdir}/leancrypto \
	50	"
	51	RDEPENDS:${PN}-tests += "${PN}"
	52	FILES:${PN}-tests = "${bindir}/leancrypto-tests \
	53	${libexecdir}/leancrypto/tests \
	54	"
	55
	56	BBCLASSEXTEND = "native nativesdk"