gnutls: fix postinst script for ${PN}-fips for multilibs

When enabling multilibs,the mkdir command will be failed which will cause subsequent command not being executed.
So append "-p" parameter.

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
---
 meta/recipes-support/gnutls/gnutls_3.8.10.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

On 28 Nov 2025, at 06:59, Yiding Liu (Fujitsu) via lists.openembedded.org <liuyd.fnst=fujitsu.com@lists.openembedded.org> wrote:
> 
> When enabling multilibs,the mkdir command will be failed which will cause subsequent command not being executed.
> So append "-p" parameter.
> 
> Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
> ---
> meta/recipes-support/gnutls/gnutls_3.8.10.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.10.bb b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> index 2ef71a1213..56a84f76f0 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> @@ -90,7 +90,7 @@ BBCLASSEXTEND = "native nativesdk"
> pkg_postinst_ontarget:${PN}-fips () {
>     if test -x ${bindir}/fipshmac
>     then
> -        mkdir ${sysconfdir}/gnutls
> +        mkdir -p ${sysconfdir}/gnutls
>         touch ${sysconfdir}/gnutls/config
>         ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
>         ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac

I don’t understand how this happens, as sysconfdir is /etc in all multilib configurations?

Can you explain what path is the problem here, this appears to be saying that /etc doesn’t exist on target, which doesn’t seem likely.

Ross

Hi Ross
    I will make an example to explain it.
    When I use "gnutls-cli --fips140-mode" in multilib environment, it shows library not found error.
     root@qemux86-64:~# gnutls-cli --fips140-mode
      library is NOT in FIPS140-2 mode

    And it was caused by lacking hmac files.
    root@qemux86-64:~# ls /usr/lib64/.*hmac
    ls: cannot access '/usr/lib64/.libgnutl*': No such file or directory

   The reason is as following:
    When '${sysconfdir}/gnutls' was created by 'mkdir' with lib32-gnutls, the dir will not be created again by  'mkdir' with lib-gnutls, and the subsequent command will not be executed, so hmac files were missing in lib64 environment.
    ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac

    So append "-p" parameter can avoid this error.

Liu

________________________________
发件人: Ross Burton <Ross.Burton@arm.com>
发送时间: 2025年12月5日 02:35
收件人: Liu, Yiding/刘 乙丁 <liuyd.fnst@fujitsu.com>
抄送: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
主题: Re: [OE-core][PATCH] gnutls: fix postinst script for ${PN}-fips for multilibs

On 28 Nov 2025, at 06:59, Yiding Liu (Fujitsu) via lists.openembedded.org <liuyd.fnst=fujitsu.com@lists.openembedded.org> wrote:
>
> When enabling multilibs,the mkdir command will be failed which will cause subsequent command not being executed.
> So append "-p" parameter.
>
> Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
> ---
> meta/recipes-support/gnutls/gnutls_3.8.10.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.10.bb b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> index 2ef71a1213..56a84f76f0 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> @@ -90,7 +90,7 @@ BBCLASSEXTEND = "native nativesdk"
> pkg_postinst_ontarget:${PN}-fips () {
>     if test -x ${bindir}/fipshmac
>     then
> -        mkdir ${sysconfdir}/gnutls
> +        mkdir -p ${sysconfdir}/gnutls
>         touch ${sysconfdir}/gnutls/config
>         ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
>         ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac

I don’t understand how this happens, as sysconfdir is /etc in all multilib configurations?

Can you explain what path is the problem here, this appears to be saying that /etc doesn’t exist on target, which doesn’t seem likely.

Ross

The explanation below does not make sense. There is no dependency between the mkdir ${sysconfdir}/gnutls command and the following commands, except if it actually fails. However, that would mean that the /etc directory does not exist, which seems unlikely.

//Peter

From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Yiding Liu (Fujitsu) via lists.openembedded.org
Sent: den 8 december 2025 02:52
To: Ross Burton <Ross.Burton@arm.com>
Cc: openembedded-core@lists.openembedded.org
Subject: 回复: [OE-core][PATCH] gnutls: fix postinst script for ${PN}-fips for multilibs

Hi Ross
    I will make an example to explain it.
    When I use "gnutls-cli --fips140-mode" in multilib environment, it shows library not found error.
     root@qemux86-64:~# gnutls-cli --fips140-mode
      library is NOT in FIPS140-2 mode

    And it was caused by lacking hmac files.
    root@qemux86-64:~# ls /usr/lib64/.*hmac
    ls: cannot access '/usr/lib64/.libgnutl*': No such file or directory

   The reason is as following:
    When '${sysconfdir}/gnutls' was created by 'mkdir' with lib32-gnutls, the dir will not be created again by  'mkdir' with lib-gnutls, and the subsequent command will not be executed, so hmac files were missing in lib64 environment.
    ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac

    So append "-p" parameter can avoid this error.

Liu
________________________________
发件人: Ross Burton <Ross.Burton@arm.com<mailto:Ross.Burton@arm.com>>
发送时间: 2025年12月5日 02:35
收件人: Liu, Yiding/刘 乙丁 <liuyd.fnst@fujitsu.com<mailto:liuyd.fnst@fujitsu.com>>
抄送: openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org> <openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org>>
主题: Re: [OE-core][PATCH] gnutls: fix postinst script for ${PN}-fips for multilibs

On 28 Nov 2025, at 06:59, Yiding Liu (Fujitsu) via lists.openembedded.org <liuyd.fnst=fujitsu.com@lists.openembedded.org<mailto:liuyd.fnst=fujitsu.com@lists.openembedded.org>> wrote:
>
> When enabling multilibs,the mkdir command will be failed which will cause subsequent command not being executed.
> So append "-p" parameter.
>
> Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com<mailto:liuyd.fnst@fujitsu.com>>
> ---
> meta/recipes-support/gnutls/gnutls_3.8.10.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.8.10.bb b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> index 2ef71a1213..56a84f76f0 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.8.10.bb
> @@ -90,7 +90,7 @@ BBCLASSEXTEND = "native nativesdk"
> pkg_postinst_ontarget:${PN}-fips () {
>     if test -x ${bindir}/fipshmac
>     then
> -        mkdir ${sysconfdir}/gnutls
> +        mkdir -p ${sysconfdir}/gnutls
>         touch ${sysconfdir}/gnutls/config
>         ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac
>         ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac

I don’t understand how this happens, as sysconfdir is /etc in all multilib configurations?

Can you explain what path is the problem here, this appears to be saying that /etc doesn’t exist on target, which doesn’t seem likely.

Ross

On Mon, 8 Dec 2025 at 20:26, Peter Kjellerstedt via
lists.openembedded.org
<peter.kjellerstedt=axis.com@lists.openembedded.org> wrote:
>
> The explanation below does not make sense. There is no dependency between the mkdir ${sysconfdir}/gnutls command and the following commands, except if it actually fails. However, that would mean that the /etc directory does not exist, which seems unlikely.
>

I think the error is something else: that /etc/gnutls already exists,
as it was previously created by a different package. Then the rest of
the script isn't executed, and because it's marked as ontarget, that
does not happen in do_rootfs.

Alex

Hi Alex

     Can this fix method be accepted or we should find another way to fix this problem?
________________________________
发件人: Alexander Kanavin <alex.kanavin@gmail.com>
发送时间: 2025年12月9日 04:01
收件人: peter.kjellerstedt@axis.com <peter.kjellerstedt@axis.com>
抄送: Liu, Yiding/刘 乙丁 <liuyd.fnst@fujitsu.com>; Ross Burton <Ross.Burton@arm.com>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
主题: Re: [OE-core][PATCH] gnutls: fix postinst script for ${PN}-fips for multilibs

On Mon, 8 Dec 2025 at 20:26, Peter Kjellerstedt via
lists.openembedded.org
<peter.kjellerstedt=axis.com@lists.openembedded.org> wrote:
>
> The explanation below does not make sense. There is no dependency between the mkdir ${sysconfdir}/gnutls command and the following commands, except if it actually fails. However, that would mean that the /etc directory does not exist, which seems unlikely.
>

I think the error is something else: that /etc/gnutls already exists,
as it was previously created by a different package. Then the rest of
the script isn't executed, and because it's marked as ontarget, that
does not happen in do_rootfs.

Alex

On Thu, 11 Dec 2025 at 10:54, Yiding Liu (Fujitsu)
<liuyd.fnst@fujitsu.com> wrote:
>      Can this fix method be accepted or we should find another way to fix this problem?

Hello Liu,

this was just discussed in the patch review. I think the patch is
correct, but the agreement was that the commit message should
specifically say what the failure is, e.g. copy-paste it from your
builds, and it should explain why it happens. Can you send a v2?

Alex