| Message ID | 20260423105654.3659814-1-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-networking] mbedtls: add recipe for v4.1.0 | expand |
Errors out on AB with below error ERROR: Logfile of failure stored in: /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/temp/log.do_compile.2783809 Log data follows: | DEBUG: Executing shell function do_compile | NOTE: VERBOSE=1 cmake --build /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build --target all -- | Change Dir: '/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build' | | Run Build Command(s): ninja -v -j 16 all | [1/846] cd /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core && /srv/pokybuild/buildbot-venv/bin/python3 /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/sources/mbedtls-4.1.0/tf-psa-crypto/scripts/generate_driver_wrappers.py /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core | FAILED: [code=1] tf-psa-crypto/core/psa_crypto_driver_wrappers.h tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core/psa_crypto_driver_wrappers.h /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core/psa_crypto_driver_wrappers_no_static.c | cd /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core && /srv/pokybuild/buildbot-venv/bin/python3 /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/sources/mbedtls-4.1.0/tf-psa-crypto/scripts/generate_driver_wrappers.py /srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/build/tf-psa-crypto/core | Traceback (most recent call last): | File "/srv/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/x86-64-v3-poky-linux/mbedtls/4.1.0/sources/mbedtls-4.1.0/tf-psa-crypto/scripts/generate_driver_wrappers.py", line 18, in <module> | import jsonschema | ModuleNotFoundError: No module named 'jsonschema' Full log autobuilder.yoctoproject.org/valkyrie/api/v2/logs/6493294/raw_inline On Thu, Apr 23, 2026 at 3:56 AM Gyorgy Sarvari via lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org> wrote: > This is the current LTS version for mbedtls, add it next to the existing > recipe > for v3.6. This new version will be supported longer than v3.6, but there > are > some incompatibilities between the two (see migration guide[1] and > changelog[2]). > > This recipe is based on the v3.6 recipe. psa PACKAGECONFIG was dropped, as > it is > now the regular behavior, without an option to turn it off. > update-alternatives > class is also removed - it was required due to a sample program called > "hello", > which has been removed from this release. > > Added two small patches: > - one to handle the CC env var correctly from Python. This is submitted > for upstream. > - one to use qemu to run cross-compiled binaries instead of running them > as they are. > This is not upstreamed, as it is OE specific. > > Ptests passed successfully: > > root@qemux86-64:~# ptest-runner > START: ptest-runner > 2026-04-23T07:29 > BEGIN: /usr/lib/mbedtls/ptest > PASS: test_suite_config.mbedtls_boolean > PASS: test_suite_config.tls_combinations > PASS: test_suite_constant_time_hmac > PASS: test_suite_debug > PASS: test_suite_error > PASS: test_suite_mps > PASS: test_suite_net > PASS: test_suite_pkcs7 > PASS: test_suite_ssl > PASS: test_suite_ssl.records > PASS: test_suite_ssl.tls-defrag > PASS: test_suite_ssl_decrypt.misc > PASS: test_suite_test_helpers > PASS: test_suite_timing > PASS: test_suite_version > PASS: test_suite_x509_oid > PASS: test_suite_x509parse > PASS: test_suite_x509write > DURATION: 7 > END: /usr/lib/mbedtls/ptest > 2026-04-23T07:29 > STOP: ptest-runner > TOTAL: 1 FAIL: 0 > > [1]: > https://github.com/Mbed-TLS/mbedtls/blob/development/docs/4.0-migration-guide.md > [2]: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.1.0 > > Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> > --- > ...c_build_helper-Split-cc-command-line.patch | 33 +++++++ > ...wrapper-to-run-cross-compiled-binary.patch | 29 ++++++ > .../mbedtls/mbedtls_4.1.0.bb | 93 +++++++++++++++++++ > 3 files changed, 155 insertions(+) > create mode 100644 > meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch > create mode 100644 > meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch > create mode 100644 meta-networking/recipes-connectivity/mbedtls/ > mbedtls_4.1.0.bb > > diff --git > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch > new file mode 100644 > index 0000000000..adddb7ad8e > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch > @@ -0,0 +1,33 @@ > +From 178e089683bf42097ac6d27522820d07483bc6bd Mon Sep 17 00:00:00 2001 > +From: Gyorgy Sarvari <skandigraun@gmail.com> > +Date: Thu, 23 Apr 2026 08:54:02 +0200 > +Subject: [PATCH] c_build_helper: Split cc command line > + > +Optionally the CC/HOSTCC environment variable can hold the command to > +invoke the C compiler, however this command can also contain extra > +arguments, not only the binary name. In this particular case Python > +was treating the whole value as a single binary name, and was trying > +to execute as such (e.g. "cc -arg1 -arg2" instead of "cc" and the > arguments > +separately), which results in failure. > + > +Split the compiler command into its components to invoke it correctly. > + > +Upstream-Status: Submitted [ > https://github.com/Mbed-TLS/mbedtls-framework/pull/301] > +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> > +--- > + scripts/mbedtls_framework/c_build_helper.py | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/scripts/mbedtls_framework/c_build_helper.py > b/scripts/mbedtls_framework/c_build_helper.py > +index 59bb326e2..85dbb628f 100644 > +--- a/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py > ++++ b/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py > +@@ -98,7 +98,7 @@ def compile_c_file(c_filename, exe_filename, > include_dirs): > + cc = os.getenv('HOSTCC', None) > + if cc is None: > + cc = os.getenv('CC', 'cc') > +- cmd = [cc] > ++ cmd = cc.split() > + > + proc = subprocess.Popen(cmd, > + stdout=subprocess.DEVNULL, > diff --git > a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch > new file mode 100644 > index 0000000000..a9e8bb2ed9 > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch > @@ -0,0 +1,29 @@ > +From 46f0ea3eb35e8d0d33e88298a9e7c3dbdd49ec17 Mon Sep 17 00:00:00 2001 > +From: Gyorgy Sarvari <skandigraun@gmail.com> > +Date: Thu, 23 Apr 2026 09:14:40 +0200 > +Subject: [PATCH] use qemuwrapper to run cross-compiled binary > + > +The build process executes a compiled binary to get some details, > +however this results in a failure in case of cross-compiling. > + > +Run it with qemuwrapper, that is created in the recipe. > + > +Upstream-Status: Inappropriate [cross-compile specific] > +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> > +--- > + scripts/mbedtls_framework/c_build_helper.py | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/scripts/mbedtls_framework/c_build_helper.py > b/scripts/mbedtls_framework/c_build_helper.py > +index 59bb326e2..5c4c211ee 100644 > +--- a/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py > ++++ b/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py > +@@ -169,7 +169,7 @@ def get_c_expression_values( > + .format(caller, c_name)) > + else: > + os.remove(c_name) > +- output = subprocess.check_output([exe_name]) > ++ output = subprocess.check_output(['../../../qemuwrapper', > exe_name]) > + return output.decode('ascii').strip().split('\n') > + finally: > + remove_file_if_exists(exe_name) > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb > b/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb > new file mode 100644 > index 0000000000..aa637db776 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb > @@ -0,0 +1,93 @@ > +SUMMARY = "Lightweight crypto and SSL/TLS library" > +DESCRIPTION = "mbedtls is a lean open source crypto library \ > +for providing SSL and TLS support in your programs. It offers \ > +an intuitive API and documented header files, so you can actually \ > +understand what the code does. It features: \ > + \ > + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ > + Camellia and XTEA \ > + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ > + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ > + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ > + ECDSA and ECDH \ > + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ > + - Abstraction layers for ciphers, hashes, public key operations, \ > + platform abstraction and threading \ > +" > + > +HOMEPAGE = "https://www.trustedfirmware.org/projects/mbed-tls/" > +BUGTRACKER = "https://github.com/Mbed-TLS/mbedtls/issues" > + > +LICENSE = "Apache-2.0 | GPL-2.0-or-later" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" > + > +SECTION = "libs" > + > +SRC_URI = "gitsm:// > github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-4.1;tag=v${PV} > <http://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-4.1;tag=v$%7BPV%7D> > \ > + file://run-ptest \ > + file://0001-c_build_helper-Split-cc-command-line.patch \ > + " > + > +SRC_URI:append:class-target = " > file://0001-use-qemuwrapper-to-run-cross-compiled-binary.patch" > + > +SRCREV = "0fe989b6b514192783c469039edd325fd0989806" > + > +DEPENDS += "python3-jinja2-native qemu-native" > + > +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" > + > +inherit cmake ptest python3-dir qemu > + > +PACKAGECONFIG ??= "shared-libs programs > ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > +PACKAGECONFIG[shared-libs] = > "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" > +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" > +PACKAGECONFIG[werror] = > "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" > +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" > + > +PROVIDES += "polarssl" > +RPROVIDES:${PN} = "polarssl" > + > +PACKAGES =+ "${PN}-programs" > +FILES:${PN}-programs = "${bindir}/" > + > +BBCLASSEXTEND = "native nativesdk" > + > +CVE_PRODUCT = "mbed_tls" > + > +PYTHONPATH:class-target = > "${RECIPE_SYSROOT_NATIVE}${PYTHON_SITEPACKAGES_DIR}" > +PYTHONPATH:class-native = "${PYTHON_SITEPACKAGES_DIR}" > +export PYTHONPATH > + > +do_configure:prepend() { > + # during building > tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py > + # runs some of the cross-compiled binaries. > + > + qemu_binary="${@qemu_wrapper_cmdline(d, > d.getVar('STAGING_DIR_HOST'), > [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_LIBDIR}')])}" > + cat > ${WORKDIR}/qemuwrapper << EOF > +#!/bin/sh > +$qemu_binary "\$@" > +EOF > + > + chmod +x ${WORKDIR}/qemuwrapper > + > +} > + > +# Strip host paths from autogenerated test files > +do_compile:append() { > + sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : > + sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || : > +} > + > +# Export source files/headers needed by Arm Trusted Firmware > +sysroot_stage_all:append() { > + sysroot_stage_dir "${S}/library" > "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" > + sysroot_stage_dir "${S}/include" > "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" > +} > + > +do_install_ptest () { > + install -d ${D}${PTEST_PATH}/tests > + install -d ${D}${PTEST_PATH}/framework > + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ > + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete > + cp -fR ${S}/framework/data_files ${D}${PTEST_PATH}/framework/ > +} > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#126573): > https://lists.openembedded.org/g/openembedded-devel/message/126573 > Mute This Topic: https://lists.openembedded.org/mt/118969482/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ > raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch new file mode 100644 index 0000000000..adddb7ad8e --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch @@ -0,0 +1,33 @@ +From 178e089683bf42097ac6d27522820d07483bc6bd Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <skandigraun@gmail.com> +Date: Thu, 23 Apr 2026 08:54:02 +0200 +Subject: [PATCH] c_build_helper: Split cc command line + +Optionally the CC/HOSTCC environment variable can hold the command to +invoke the C compiler, however this command can also contain extra +arguments, not only the binary name. In this particular case Python +was treating the whole value as a single binary name, and was trying +to execute as such (e.g. "cc -arg1 -arg2" instead of "cc" and the arguments +separately), which results in failure. + +Split the compiler command into its components to invoke it correctly. + +Upstream-Status: Submitted [https://github.com/Mbed-TLS/mbedtls-framework/pull/301] +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> +--- + scripts/mbedtls_framework/c_build_helper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/mbedtls_framework/c_build_helper.py b/scripts/mbedtls_framework/c_build_helper.py +index 59bb326e2..85dbb628f 100644 +--- a/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py ++++ b/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py +@@ -98,7 +98,7 @@ def compile_c_file(c_filename, exe_filename, include_dirs): + cc = os.getenv('HOSTCC', None) + if cc is None: + cc = os.getenv('CC', 'cc') +- cmd = [cc] ++ cmd = cc.split() + + proc = subprocess.Popen(cmd, + stdout=subprocess.DEVNULL, diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch new file mode 100644 index 0000000000..a9e8bb2ed9 --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch @@ -0,0 +1,29 @@ +From 46f0ea3eb35e8d0d33e88298a9e7c3dbdd49ec17 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <skandigraun@gmail.com> +Date: Thu, 23 Apr 2026 09:14:40 +0200 +Subject: [PATCH] use qemuwrapper to run cross-compiled binary + +The build process executes a compiled binary to get some details, +however this results in a failure in case of cross-compiling. + +Run it with qemuwrapper, that is created in the recipe. + +Upstream-Status: Inappropriate [cross-compile specific] +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> +--- + scripts/mbedtls_framework/c_build_helper.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/mbedtls_framework/c_build_helper.py b/scripts/mbedtls_framework/c_build_helper.py +index 59bb326e2..5c4c211ee 100644 +--- a/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py ++++ b/tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py +@@ -169,7 +169,7 @@ def get_c_expression_values( + .format(caller, c_name)) + else: + os.remove(c_name) +- output = subprocess.check_output([exe_name]) ++ output = subprocess.check_output(['../../../qemuwrapper', exe_name]) + return output.decode('ascii').strip().split('\n') + finally: + remove_file_if_exists(exe_name) diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb new file mode 100644 index 0000000000..aa637db776 --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb @@ -0,0 +1,93 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://www.trustedfirmware.org/projects/mbed-tls/" +BUGTRACKER = "https://github.com/Mbed-TLS/mbedtls/issues" + +LICENSE = "Apache-2.0 | GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" + +SECTION = "libs" + +SRC_URI = "gitsm://github.com/Mbed-TLS/mbedtls.git;protocol=https;branch=mbedtls-4.1;tag=v${PV} \ + file://run-ptest \ + file://0001-c_build_helper-Split-cc-command-line.patch \ + " + +SRC_URI:append:class-target = " file://0001-use-qemuwrapper-to-run-cross-compiled-binary.patch" + +SRCREV = "0fe989b6b514192783c469039edd325fd0989806" + +DEPENDS += "python3-jinja2-native qemu-native" + +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +inherit cmake ptest python3-dir qemu + +PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" + +PROVIDES += "polarssl" +RPROVIDES:${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES:${PN}-programs = "${bindir}/" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "mbed_tls" + +PYTHONPATH:class-target = "${RECIPE_SYSROOT_NATIVE}${PYTHON_SITEPACKAGES_DIR}" +PYTHONPATH:class-native = "${PYTHON_SITEPACKAGES_DIR}" +export PYTHONPATH + +do_configure:prepend() { + # during building tf-psa-crypto/framework/scripts/mbedtls_framework/c_build_helper.py + # runs some of the cross-compiled binaries. + + qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_LIBDIR}')])}" + cat > ${WORKDIR}/qemuwrapper << EOF +#!/bin/sh +$qemu_binary "\$@" +EOF + + chmod +x ${WORKDIR}/qemuwrapper + +} + +# Strip host paths from autogenerated test files +do_compile:append() { + sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : + sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || : +} + +# Export source files/headers needed by Arm Trusted Firmware +sysroot_stage_all:append() { + sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" + sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH}/tests + install -d ${D}${PTEST_PATH}/framework + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete + cp -fR ${S}/framework/data_files ${D}${PTEST_PATH}/framework/ +}
This is the current LTS version for mbedtls, add it next to the existing recipe for v3.6. This new version will be supported longer than v3.6, but there are some incompatibilities between the two (see migration guide[1] and changelog[2]). This recipe is based on the v3.6 recipe. psa PACKAGECONFIG was dropped, as it is now the regular behavior, without an option to turn it off. update-alternatives class is also removed - it was required due to a sample program called "hello", which has been removed from this release. Added two small patches: - one to handle the CC env var correctly from Python. This is submitted for upstream. - one to use qemu to run cross-compiled binaries instead of running them as they are. This is not upstreamed, as it is OE specific. Ptests passed successfully: root@qemux86-64:~# ptest-runner START: ptest-runner 2026-04-23T07:29 BEGIN: /usr/lib/mbedtls/ptest PASS: test_suite_config.mbedtls_boolean PASS: test_suite_config.tls_combinations PASS: test_suite_constant_time_hmac PASS: test_suite_debug PASS: test_suite_error PASS: test_suite_mps PASS: test_suite_net PASS: test_suite_pkcs7 PASS: test_suite_ssl PASS: test_suite_ssl.records PASS: test_suite_ssl.tls-defrag PASS: test_suite_ssl_decrypt.misc PASS: test_suite_test_helpers PASS: test_suite_timing PASS: test_suite_version PASS: test_suite_x509_oid PASS: test_suite_x509parse PASS: test_suite_x509write DURATION: 7 END: /usr/lib/mbedtls/ptest 2026-04-23T07:29 STOP: ptest-runner TOTAL: 1 FAIL: 0 [1]: https://github.com/Mbed-TLS/mbedtls/blob/development/docs/4.0-migration-guide.md [2]: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.1.0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- ...c_build_helper-Split-cc-command-line.patch | 33 +++++++ ...wrapper-to-run-cross-compiled-binary.patch | 29 ++++++ .../mbedtls/mbedtls_4.1.0.bb | 93 +++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-c_build_helper-Split-cc-command-line.patch create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-use-qemuwrapper-to-run-cross-compiled-binary.patch create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_4.1.0.bb