Message ID | 1653355715-22875-1-git-send-email-leimaohui@fujitsu.com |
---|---|
State | Accepted, archived |
Commit | 1b5c620d10aa678871b6cea46e113c8fe3b79822 |
Headers | show |
Series | [v4] gnutls: Added fips option. | expand |
Please correct the upstream status to inappropriate, ‘submitted’ means the patch was actually sent upstream, ‘inappropriate’ means the patch was not submitted, but an issue was raised with upstream to find a solution. Alex On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com> wrote: > - Added a patch to avoid excute fipshmac command. Because *.hmac > file should be created on target instead of on build environment. > - Added pkg_postinst_ontarget to make sure necessary files are > created on target. > > Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> > --- > ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++ > meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++- > 2 files changed, 51 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > > diff --git > a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > new file mode 100644 > index 0000000000..f4a2f0cd35 > --- /dev/null > +++ > b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > @@ -0,0 +1,28 @@ > +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 > +From: Lei Maohui <leimaohui@fujitsu.com> > +Date: Mon, 23 May 2022 10:44:43 +0900 > +Subject: [PATCH] Creating .hmac file should be excuted in target > environment, > + so deleted it from build process. > + > +Upstream-Status: Submitted [ > https://gitlab.com/gnutls/gnutls/-/issues/1373] > +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> > +--- > + lib/Makefile.am | 3 +-- > + 1 file changed, 1 insertion(+), 2 deletions(-) > + > +diff --git a/lib/Makefile.am b/lib/Makefile.am > +index 0b43ef9..cf263f0 100644 > +--- a/lib/Makefile.am > ++++ b/lib/Makefile.am > +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac > + > + all-local: $(hmac_files) > + > +-.libs/.gnutls.hmac: libgnutls.la fipshmac > +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ > ++.libs/.gnutls.hmac: > + > + CLEANFILES = $(hmac_files) > + endif > +-- > +2.25.1 > diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb > b/meta/recipes-support/gnutls/gnutls_3.7.5.bb > index 5feedb7fdc..b796494b8d 100644 > --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb > +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb > @@ -21,6 +21,7 @@ SHRT_VER = > "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" > > SRC_URI = " > https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ > file://arm_eabi.patch \ > + > file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ > " > > SRC_URI[sha256sum] = > "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" > @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = > "--with-idn,--without-idn,libidn2" > PACKAGECONFIG[libtasn1] = > "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" > PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" > PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" > +PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR}" > > EXTRA_OECONF = " \ > --enable-doc \ > @@ -59,10 +61,30 @@ do_configure:prepend() { > done > } > > -PACKAGES =+ "${PN}-openssl ${PN}-xx" > +do_install:append:class-target() { > + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', > d)}; then > + install -d ${D}${bindir}/bin > + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ > + fi > +} > + > +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" > > FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" > FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" > FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" > +FILES:${PN}-fips = "${bindir}/fipshmac" > > BBCLASSEXTEND = "native nativesdk" > + > +pkg_postinst_ontarget:${PN}-fips () { > + if test -x ${bindir}/fipshmac > + then > + mkdir ${sysconfdir}/gnutls > + touch ${sysconfdir}/gnutls/config > + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > > ${libdir}/.libgnutls.so.30.hmac > + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > > ${libdir}/.libnettle.so.8.hmac > + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > > ${libdir}/.libgmp.so.10.hmac > + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > > ${libdir}/.libhogweed.so.6.hmac > + fi > +} > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#166043): > https://lists.openembedded.org/g/openembedded-core/message/166043 > Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hi, Alex I’m sorry, I think I got it, but it is better to confirm it with you.^-^ “Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373]” Should be corrected to : “Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373]” Am I right? Best regards Lei From: Alexander Kanavin <alex.kanavin@gmail.com> Sent: Tuesday, May 24, 2022 12:37 PM To: Lei, Maohui <leimaohui@fujitsu.com> Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core] [PATCH v4] gnutls: Added fips option. Please correct the upstream status to inappropriate, ‘submitted’ means the patch was actually sent upstream, ‘inappropriate’ means the patch was not submitted, but an issue was raised with upstream to find a solution. Alex On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>> wrote: - Added a patch to avoid excute fipshmac command. Because *.hmac file should be created on target instead of on build environment. - Added pkg_postinst_ontarget to make sure necessary files are created on target. Signed-off-by: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>> --- ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> | 24 +++++++++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000000..f4a2f0cd35 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -0,0 +1,28 @@ +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>> +Date: Mon, 23 May 2022 10:44:43 +0900 +Subject: [PATCH] Creating .hmac file should be excuted in target environment, + so deleted it from build process. + +Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com<mailto:leimaohui@fujitsu.com>> +--- + lib/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index 0b43ef9..cf263f0 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac + + all-local: $(hmac_files) + +-.libs/.gnutls.hmac: libgnutls.la<http://libgnutls.la> fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ ++.libs/.gnutls.hmac: + + CLEANFILES = $(hmac_files) + endif +-- +2.25.1 diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> b/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> index 5feedb7fdc..b796494b8d 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb<http://gnutls_3.7.5.bb> @@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}<mailto:$%7b@d.getVar('PV').split('.')[0]%7d.$%7b@d.getVar('PV').split('.')[1]%7d>" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz<https://www.gnupg.org/ftp/gcrypt/gnutls/v$%7BSHRT_VER%7D/gnutls-$%7BPV%7D.tar.xz> \ file://arm_eabi.patch \ + file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ " SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" EXTRA_OECONF = " \ --enable-doc \ @@ -59,10 +61,30 @@ do_configure:prepend() { done } -PACKAGES =+ "${PN}-openssl ${PN}-xx" +do_install:append:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG<mailto:$%7b@bb.utils.contains('PACKAGECONFIG>', 'fips', 'true', 'false', d)}; then + install -d ${D}${bindir}/bin + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ + fi +} + +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" +FILES:${PN}-fips = "${bindir}/fipshmac" BBCLASSEXTEND = "native nativesdk" + +pkg_postinst_ontarget:${PN}-fips () { + if test -x ${bindir}/fipshmac + then + mkdir ${sysconfdir}/gnutls + touch ${sysconfdir}/gnutls/config + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac + fi +} -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166043): https://lists.openembedded.org/g/openembedded-core/message/166043 Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489 Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com<mailto:alex.kanavin@gmail.com>] -=-=-=-=-=-=-=-=-=-=-=-
Yes please, that is correct. Alex On Wed 25. May 2022 at 2.15, leimaohui@fujitsu.com <leimaohui@fujitsu.com> wrote: > Hi, Alex > > > > I’m sorry, I think I got it, but it is better to confirm it with you.^-^ > > > > “Upstream-Status: Submitted [ > https://gitlab.com/gnutls/gnutls/-/issues/1373]” > > Should be corrected to : > > “Upstream-Status: Inappropriate [ > https://gitlab.com/gnutls/gnutls/-/issues/1373]” > > > > Am I right? > > > > Best regards > > Lei > > > > > > *From:* Alexander Kanavin <alex.kanavin@gmail.com> > *Sent:* Tuesday, May 24, 2022 12:37 PM > *To:* Lei, Maohui <leimaohui@fujitsu.com> > *Cc:* openembedded-core@lists.openembedded.org > *Subject:* Re: [OE-core] [PATCH v4] gnutls: Added fips option. > > > > Please correct the upstream status to inappropriate, ‘submitted’ means > the patch was actually sent upstream, ‘inappropriate’ means the patch was > not submitted, but an issue was raised with upstream to find a solution. > > > > Alex > > > > On Tue 24. May 2022 at 3.28, leimaohui <leimaohui@fujitsu.com> wrote: > > - Added a patch to avoid excute fipshmac command. Because *.hmac > file should be created on target instead of on build environment. > - Added pkg_postinst_ontarget to make sure necessary files are > created on target. > > Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> > --- > ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++ > meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++- > 2 files changed, 51 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > > diff --git > a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > new file mode 100644 > index 0000000000..f4a2f0cd35 > --- /dev/null > +++ > b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch > @@ -0,0 +1,28 @@ > +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 > +From: Lei Maohui <leimaohui@fujitsu.com> > +Date: Mon, 23 May 2022 10:44:43 +0900 > +Subject: [PATCH] Creating .hmac file should be excuted in target > environment, > + so deleted it from build process. > + > +Upstream-Status: Submitted [ > https://gitlab.com/gnutls/gnutls/-/issues/1373] > +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> > +--- > + lib/Makefile.am | 3 +-- > + 1 file changed, 1 insertion(+), 2 deletions(-) > + > +diff --git a/lib/Makefile.am b/lib/Makefile.am > +index 0b43ef9..cf263f0 100644 > +--- a/lib/Makefile.am > ++++ b/lib/Makefile.am > +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac > + > + all-local: $(hmac_files) > + > +-.libs/.gnutls.hmac: libgnutls.la fipshmac > +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ > ++.libs/.gnutls.hmac: > + > + CLEANFILES = $(hmac_files) > + endif > +-- > +2.25.1 > diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb > b/meta/recipes-support/gnutls/gnutls_3.7.5.bb > index 5feedb7fdc..b796494b8d 100644 > --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb > +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb > @@ -21,6 +21,7 @@ SHRT_VER = " > ${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" > > SRC_URI = " > https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ > file://arm_eabi.patch \ > + > file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ > " > > SRC_URI[sha256sum] = > "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" > @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = > "--with-idn,--without-idn,libidn2" > PACKAGECONFIG[libtasn1] = > "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" > PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" > PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" > +PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR}" > > EXTRA_OECONF = " \ > --enable-doc \ > @@ -59,10 +61,30 @@ do_configure:prepend() { > done > } > > -PACKAGES =+ "${PN}-openssl ${PN}-xx" > +do_install:append:class-target() { > + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', > 'false', d)}; then > + install -d ${D}${bindir}/bin > + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ > + fi > +} > + > +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" > > FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" > FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" > FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" > +FILES:${PN}-fips = "${bindir}/fipshmac" > > BBCLASSEXTEND = "native nativesdk" > + > +pkg_postinst_ontarget:${PN}-fips () { > + if test -x ${bindir}/fipshmac > + then > + mkdir ${sysconfdir}/gnutls > + touch ${sysconfdir}/gnutls/config > + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > > ${libdir}/.libgnutls.so.30.hmac > + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > > ${libdir}/.libnettle.so.8.hmac > + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > > ${libdir}/.libgmp.so.10.hmac > + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > > ${libdir}/.libhogweed.so.6.hmac > + fi > +} > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#166043): > https://lists.openembedded.org/g/openembedded-core/message/166043 > Mute This Topic: https://lists.openembedded.org/mt/91303156/1686489 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > alex.kanavin@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000000..f4a2f0cd35 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -0,0 +1,28 @@ +From b729a356538d499fe25e82bfc78ea663bdaca0a8 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Mon, 23 May 2022 10:44:43 +0900 +Subject: [PATCH] Creating .hmac file should be excuted in target environment, + so deleted it from build process. + +Upstream-Status: Submitted [https://gitlab.com/gnutls/gnutls/-/issues/1373] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + lib/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index 0b43ef9..cf263f0 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -206,8 +206,7 @@ hmac_files = .libs/.gnutls.hmac + + all-local: $(hmac_files) + +-.libs/.gnutls.hmac: libgnutls.la fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ ++.libs/.gnutls.hmac: + + CLEANFILES = $(hmac_files) + endif +-- +2.25.1 diff --git a/meta/recipes-support/gnutls/gnutls_3.7.5.bb b/meta/recipes-support/gnutls/gnutls_3.7.5.bb index 5feedb7fdc..b796494b8d 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.5.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.5.bb @@ -21,6 +21,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ + file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ " SRC_URI[sha256sum] = "1f85028475b4f255cc5b480af0c37e61eab43024c1507c8b75d6be506c0553ad" @@ -36,6 +37,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" EXTRA_OECONF = " \ --enable-doc \ @@ -59,10 +61,30 @@ do_configure:prepend() { done } -PACKAGES =+ "${PN}-openssl ${PN}-xx" +do_install:append:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then + install -d ${D}${bindir}/bin + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ + fi +} + +PACKAGES =+ "${PN}-openssl ${PN}-xx ${PN}-fips" FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" +FILES:${PN}-fips = "${bindir}/fipshmac" BBCLASSEXTEND = "native nativesdk" + +pkg_postinst_ontarget:${PN}-fips () { + if test -x ${bindir}/fipshmac + then + mkdir ${sysconfdir}/gnutls + touch ${sysconfdir}/gnutls/config + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac + fi +}
- Added a patch to avoid excute fipshmac command. Because *.hmac file should be created on target instead of on build environment. - Added pkg_postinst_ontarget to make sure necessary files are created on target. Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> --- ...ile-should-be-excuted-in-target-envi.patch | 28 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.5.bb | 24 +++++++++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch