diff options
Diffstat (limited to 'meta/recipes-support/gnutls')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch | 26 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch | 269 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch | 57 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/arm_eabi.patch | 7 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/run-ptest | 100 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.7.1.bb | 69 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/gnutls_3.8.5.bb | 101 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch | 26 | ||||
-rw-r--r-- | meta/recipes-support/gnutls/libtasn1_4.19.0.bb (renamed from meta/recipes-support/gnutls/libtasn1_4.16.0.bb) | 11 |
9 files changed, 580 insertions, 86 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch new file mode 100644 index 0000000000..d13bfee8ef --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch @@ -0,0 +1,26 @@ +From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Mon, 23 May 2022 10:44:43 +0900 +Subject: [PATCH] Creating .hmac file should be excuted in target environment, + so deleted it from build process. + +Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + lib/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index a50d311..193ea19 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -198,8 +198,7 @@ hmac_file = .libs/.$(gnutls_so).hmac + + all-local: $(hmac_file) + +-$(hmac_file): libgnutls.la fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@ ++.libs/.$(gnutls_so).hmac: + + CLEANFILES = $(hmac_file) + endif diff --git a/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch new file mode 100644 index 0000000000..cc39f5c9a5 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch @@ -0,0 +1,269 @@ +From 2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d Mon Sep 17 00:00:00 2001 +From: Zoltan Fridrich <zfridric@redhat.com> +Date: Wed, 10 Apr 2024 12:51:33 +0200 +Subject: [PATCH] Fix RSAES-PKCS1-v1_5 system-wide configuration + +Upstream-Status: Backport [expected for 3.8.6 https://gitlab.com/gnutls/gnutls/-/merge_requests/1830?commit_id=2d73d945c4b1dfcf8d2328c4d23187d62ffaab2d] + +Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> +Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> +--- + lib/priority.c | 125 +++++++++++------- + ...system-override-allow-rsa-pkcs1-encrypt.sh | 27 +++- + 2 files changed, 96 insertions(+), 56 deletions(-) + +diff --git a/lib/priority.c b/lib/priority.c +index 8abe00d1ff..3434619aad 100644 +--- a/lib/priority.c ++++ b/lib/priority.c +@@ -1018,6 +1018,12 @@ struct cfg { + bool force_ext_master_secret_set; + }; + ++static inline void cfg_init(struct cfg *cfg) ++{ ++ memset(cfg, 0, sizeof(*cfg)); ++ cfg->allow_rsa_pkcs1_encrypt = true; ++} ++ + static inline void cfg_deinit(struct cfg *cfg) + { + if (cfg->priority_strings) { +@@ -1095,6 +1101,12 @@ struct ini_ctx { + size_t curves_size; + }; + ++static inline void ini_ctx_init(struct ini_ctx *ctx) ++{ ++ memset(ctx, 0, sizeof(*ctx)); ++ cfg_init(&ctx->cfg); ++} ++ + static inline void ini_ctx_deinit(struct ini_ctx *ctx) + { + cfg_deinit(&ctx->cfg); +@@ -1423,9 +1435,6 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) + _gnutls_default_priority_string = cfg->default_priority_string; + } + +- /* enable RSA-PKCS1-V1_5 by default */ +- cfg->allow_rsa_pkcs1_encrypt = true; +- + if (cfg->allowlisting) { + /* also updates `flags` of global `hash_algorithms[]` */ + ret = cfg_hashes_set_array(cfg, ctx->hashes, ctx->hashes_size); +@@ -2217,22 +2226,73 @@ update_system_wide_priority_string(void) + return 0; + } + ++/* Returns false on parse error, otherwise true. ++ * The system_wide_config must be locked for writing. ++ */ ++static inline bool load_system_priority_file(void) ++{ ++ int err; ++ FILE *fp; ++ struct ini_ctx ctx; ++ ++ cfg_init(&system_wide_config); ++ ++ fp = fopen(system_priority_file, "re"); ++ if (fp == NULL) { ++ _gnutls_debug_log("cfg: unable to open: %s: %d\n", ++ system_priority_file, errno); ++ return true; ++ } ++ ++ /* Parsing the configuration file needs to be done in 2 phases: ++ * first parsing the [global] section ++ * and then the other sections, ++ * because the [global] section modifies the parsing behavior. ++ */ ++ ini_ctx_init(&ctx); ++ err = ini_parse_file(fp, global_ini_handler, &ctx); ++ if (!err) { ++ if (fseek(fp, 0L, SEEK_SET) < 0) { ++ _gnutls_debug_log("cfg: unable to rewind: %s\n", ++ system_priority_file); ++ if (fail_on_invalid_config) ++ exit(1); ++ } ++ err = ini_parse_file(fp, cfg_ini_handler, &ctx); ++ } ++ fclose(fp); ++ if (err) { ++ ini_ctx_deinit(&ctx); ++ _gnutls_debug_log("cfg: unable to parse: %s: %d\n", ++ system_priority_file, err); ++ return false; ++ } ++ cfg_apply(&system_wide_config, &ctx); ++ ini_ctx_deinit(&ctx); ++ return true; ++} ++ + static int _gnutls_update_system_priorities(bool defer_system_wide) + { +- int ret, err = 0; ++ int ret; ++ bool config_parse_error = false; + struct stat sb; +- FILE *fp; + gnutls_buffer_st buf; +- struct ini_ctx ctx; + + ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock); +- if (ret < 0) { ++ if (ret < 0) + return gnutls_assert_val(ret); +- } + + if (stat(system_priority_file, &sb) < 0) { + _gnutls_debug_log("cfg: unable to access: %s: %d\n", + system_priority_file, errno); ++ ++ (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); ++ ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); ++ if (ret < 0) ++ goto out; ++ /* If system-wide config is unavailable, apply the defaults */ ++ cfg_init(&system_wide_config); + goto out; + } + +@@ -2240,63 +2300,27 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) + system_priority_last_mod == sb.st_mtime) { + _gnutls_debug_log("cfg: system priority %s has not changed\n", + system_priority_file); +- if (system_wide_config.priority_string) { ++ if (system_wide_config.priority_string) + goto out; /* nothing to do */ +- } + } + + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); + + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); +- if (ret < 0) { ++ if (ret < 0) + return gnutls_assert_val(ret); +- } + + /* Another thread could have successfully re-read system-wide config, + * skip re-reading if the mtime it has used is exactly the same. + */ +- if (system_priority_file_loaded) { ++ if (system_priority_file_loaded) + system_priority_file_loaded = + (system_priority_last_mod == sb.st_mtime); +- } + + if (!system_priority_file_loaded) { +- _name_val_array_clear(&system_wide_config.priority_strings); +- +- gnutls_free(system_wide_config.priority_string); +- system_wide_config.priority_string = NULL; +- +- fp = fopen(system_priority_file, "re"); +- if (fp == NULL) { +- _gnutls_debug_log("cfg: unable to open: %s: %d\n", +- system_priority_file, errno); ++ config_parse_error = !load_system_priority_file(); ++ if (config_parse_error) + goto out; +- } +- /* Parsing the configuration file needs to be done in 2 phases: +- * first parsing the [global] section +- * and then the other sections, +- * because the [global] section modifies the parsing behavior. +- */ +- memset(&ctx, 0, sizeof(ctx)); +- err = ini_parse_file(fp, global_ini_handler, &ctx); +- if (!err) { +- if (fseek(fp, 0L, SEEK_SET) < 0) { +- _gnutls_debug_log("cfg: unable to rewind: %s\n", +- system_priority_file); +- if (fail_on_invalid_config) +- exit(1); +- } +- err = ini_parse_file(fp, cfg_ini_handler, &ctx); +- } +- fclose(fp); +- if (err) { +- ini_ctx_deinit(&ctx); +- _gnutls_debug_log("cfg: unable to parse: %s: %d\n", +- system_priority_file, err); +- goto out; +- } +- cfg_apply(&system_wide_config, &ctx); +- ini_ctx_deinit(&ctx); + _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n", + system_priority_file, + (unsigned long long)sb.st_mtime); +@@ -2332,9 +2356,8 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) + out: + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); + +- if (err && fail_on_invalid_config) { ++ if (config_parse_error && fail_on_invalid_config) + exit(1); +- } + + return ret; + } +diff --git a/tests/system-override-allow-rsa-pkcs1-encrypt.sh b/tests/system-override-allow-rsa-pkcs1-encrypt.sh +index b7d477c96e..714d0af946 100755 +--- a/tests/system-override-allow-rsa-pkcs1-encrypt.sh ++++ b/tests/system-override-allow-rsa-pkcs1-encrypt.sh +@@ -19,9 +19,8 @@ + # You should have received a copy of the GNU Lesser General Public License + # along with this program. If not, see <https://www.gnu.org/licenses/> + +-: ${srcdir=.} +-TEST=${srcdir}/rsaes-pkcs1-v1_5 +-CONF=${srcdir}/config.$$.tmp ++TEST=${builddir}/rsaes-pkcs1-v1_5 ++CONF=config.$$.tmp + export GNUTLS_SYSTEM_PRIORITY_FILE=${CONF} + export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +@@ -38,15 +37,33 @@ cat <<_EOF_ > ${CONF} + allow-rsa-pkcs1-encrypt = true + _EOF_ + +-${TEST} && fail "RSAES-PKCS1-v1_5 expected to succeed" ++${TEST} ++if [ $? != 0 ]; then ++ echo "${TEST} expected to succeed" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully enabled" + + cat <<_EOF_ > ${CONF} + [overrides] + allow-rsa-pkcs1-encrypt = false + _EOF_ + +-${TEST} || fail "RSAES-PKCS1-v1_5 expected to fail" ++${TEST} ++if [ $? = 0 ]; then ++ echo "${TEST} expected to fail" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully disabled" + + unset GNUTLS_SYSTEM_PRIORITY_FILE + unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID ++ ++${TEST} ++if [ $? != 0 ]; then ++ echo "${TEST} expected to succeed by default" ++ exit 1 ++fi ++echo "RSAES-PKCS1-v1_5 successfully enabled by default" ++ + exit 0 +-- +GitLab + + diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch new file mode 100644 index 0000000000..8edd31d6b9 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch @@ -0,0 +1,57 @@ +From bfa70adcbda4e505cf2e597907852e78e0439ee2 Mon Sep 17 00:00:00 2001 +From: Ravineet Singh <ravineet.a.singh@est.tech> +Date: Tue, 10 Jan 2023 16:11:10 +0100 +Subject: [PATCH] gnutls: add ptest support + +Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech> +--- + Makefile.am | 3 +++ + configure.ac | 2 ++ + tests/Makefile.am | 6 ++++++ + 3 files changed, 11 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index 843193f..816b09f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -191,6 +191,9 @@ dist-hook: + mv ChangeLog $(distdir) + touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info + ++install-ptest: ++ $(MAKE) -C tests DESTDIR=$(DESTDIR)/tests $@ ++ + .PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS + + include $(top_srcdir)/cligen/cligen.mk +diff --git a/configure.ac b/configure.ac +index 934377e..4406eae 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS) + + AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") + ++AM_EXTRA_RECURSIVE_TARGETS([buildtest-TESTS]) ++ + AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.]) + + hw_features= +diff --git a/tests/Makefile.am b/tests/Makefile.am +index e39a3b3..861dd63 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -663,6 +663,12 @@ SH_LOG_COMPILER = $(SHELL) + AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind + LOG_COMPILER = $(LOG_VALGRIND) + ++install-ptest: $(check_PROGRAMS) ++ @$(INSTALL) -d $(DESTDIR) ++ @for file in $^; do \ ++ $(INSTALL_PROGRAM) $$file $(DESTDIR) ; \ ++ done ++ + distclean-local: + rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d + diff --git a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch index 6eb1edbdb1..883d0123db 100644 --- a/meta/recipes-support/gnutls/gnutls/arm_eabi.patch +++ b/meta/recipes-support/gnutls/gnutls/arm_eabi.patch @@ -1,4 +1,4 @@ -From 8a5c96057cf305bbeac0d6e0e59ee24fbb9497fe Mon Sep 17 00:00:00 2001 +From d17ae0ef31c3c186766a338e8c40c87d1b98820e Mon Sep 17 00:00:00 2001 From: Joe Slater <jslater@windriver.com> Date: Wed, 25 Jan 2017 13:52:59 -0800 Subject: [PATCH] gnutls: account for ARM_EABI @@ -9,16 +9,15 @@ reference to them. Upstream-Status: Pending Signed-off-by: Joe Slater <jslater@windriver.com> - --- tests/seccomp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/seccomp.c b/tests/seccomp.c -index ed14d00..3c5b726 100644 +index 881f0bb..5f9204a 100644 --- a/tests/seccomp.c +++ b/tests/seccomp.c -@@ -53,7 +53,9 @@ int disable_system_calls(void) +@@ -55,7 +55,9 @@ int disable_system_calls(void) ADD_SYSCALL(nanosleep, 0); ADD_SYSCALL(clock_nanosleep, 0); diff --git a/meta/recipes-support/gnutls/gnutls/run-ptest b/meta/recipes-support/gnutls/gnutls/run-ptest new file mode 100644 index 0000000000..17e26eae70 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/run-ptest @@ -0,0 +1,100 @@ +#!/bin/sh + +rjob() { + local job=$1 + local log=$2 + + # TODO: Output will be garbled + ./${job} >> ${log} 2>&1 + + ret=$? + case $ret in + 0) + echo "PASS: $t" >> ${log} + echo "PASS: $t" + ;; + 77) + echo "SKIP: $t" >> ${log} + echo "SKIP: $t" + ;; + *) + echo "FAIL: $t" >> ${log} + echo "FAIL: $t" + ;; + esac +} + +is_disallowed() { + local key=$1 + $(echo ${test_disallowlist} | grep -w -q ${key}) + return $? +} + +# TODO +# This list should probably be in a external file +# Testcases defined here either take very long time (dtls-stress) +# or are dependent on local files (certs, etc) in local file system +# currently not exported to target. + +test_disallowlist="" +test_disallowlist="${test_disallowlist} dtls-stress" +test_disallowlist="${test_disallowlist} handshake-large-cert" +test_disallowlist="${test_disallowlist} id-on-xmppAddr" +test_disallowlist="${test_disallowlist} mini-x509-cas" +test_disallowlist="${test_disallowlist} pkcs12_simple" +test_disallowlist="${test_disallowlist} protocol-set-allowlist" +test_disallowlist="${test_disallowlist} psk-file" +test_disallowlist="${test_disallowlist} rawpk-api" +test_disallowlist="${test_disallowlist} set_pkcs12_cred" +test_disallowlist="${test_disallowlist} system-override-curves-allowlist" +test_disallowlist="${test_disallowlist} system-override-hash" +test_disallowlist="${test_disallowlist} system-override-sig" +test_disallowlist="${test_disallowlist} system-override-sig-tls" +test_disallowlist="${test_disallowlist} system-prio-file" +test_disallowlist="${test_disallowlist} x509cert-tl" + +LOG=${PWD}/tests.log +cd tests +max_njobs=$(grep -c ^processor /proc/cpuinfo) +njobs=0 + +set +e + +for t in *; do + [ -x $t ] || continue + [ -f $t ] || continue + + is_disallowed ${t} + [ $? -eq 0 ] && continue + + rjob ${t} ${LOG} & + one=1 + njobs=$(expr ${njobs} + ${one}) + if [ ${njobs} -eq ${max_njobs} ]; then + wait + njobs=0 + fi +done +wait + +skipped=$(grep -c SKIP ${LOG}) +passed=$(grep -c PASS ${LOG}) +failed=$(grep -c FAIL ${LOG}) +total=$(expr ${passed} + ${failed} + ${skipped}) + +if [ ${failed} -ne 0 ]; then + echo + echo "Tests failed for gnutls, log is:" + echo "--------------------" + cat ${LOG} + echo +fi + +echo +echo "gnutls test summary:" +echo "--------------------" +echo "total: ${total}" +echo "pass : ${passed}" +echo "fail : ${failed}" +echo "skip : ${skipped}" +echo diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb deleted file mode 100644 index 350d0a018b..0000000000 --- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb +++ /dev/null @@ -1,69 +0,0 @@ -SUMMARY = "GNU Transport Layer Security Library" -DESCRIPTION = "a secure communications library implementing the SSL, \ -TLS and DTLS protocols and technologies around them." -HOMEPAGE = "https://gnutls.org/" -BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" - -LICENSE = "GPLv3+ & LGPLv2.1+" -LICENSE_${PN} = "LGPLv2.1+" -LICENSE_${PN}-xx = "LGPLv2.1+" -LICENSE_${PN}-bin = "GPLv3+" -LICENSE_${PN}-openssl = "GPLv3+" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ - file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \ - file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" - -DEPENDS = "nettle gmp virtual/libiconv libunistring" -DEPENDS_append_libc-musl = " argp-standalone" - -SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" - -SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ - file://arm_eabi.patch \ - " - -SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f" - -inherit autotools texinfo pkgconfig gettext lib_package gtk-doc - -PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" - -# You must also have CONFIG_SECCOMP enabled in the kernel for -# seccomp to work. -PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp" -PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" -PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" -PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" -PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" - -EXTRA_OECONF = " \ - --enable-doc \ - --disable-libdane \ - --disable-guile \ - --disable-rpath \ - --enable-local-libopts \ - --enable-openssl-compatibility \ - --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ - --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ - --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ -" - -# Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. -export POSIX_SHELL="${base_bindir}/sh" - -LDFLAGS_append_libc-musl = " -largp" - -do_configure_prepend() { - for dir in . lib; do - rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 - done -} - -PACKAGES =+ "${PN}-openssl ${PN}-xx" - -FILES_${PN}-dev += "${bindir}/gnutls-cli-debug" -FILES_${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" -FILES_${PN}-xx = "${libdir}/libgnutlsxx.so.*" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/gnutls/gnutls_3.8.5.bb b/meta/recipes-support/gnutls/gnutls_3.8.5.bb new file mode 100644 index 0000000000..52a1c00c4a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls_3.8.5.bb @@ -0,0 +1,101 @@ +SUMMARY = "GNU Transport Layer Security Library" +DESCRIPTION = "a secure communications library implementing the SSL, \ +TLS and DTLS protocols and technologies around them." +HOMEPAGE = "https://gnutls.org/" +BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" + +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" +LICENSE:${PN}-xx = "LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN}-openssl = "GPL-3.0-or-later" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ + file://doc/COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ + file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c" + +DEPENDS = "nettle gmp virtual/libiconv libunistring" + +SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" + +SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ + file://arm_eabi.patch \ + file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \ + file://0001-Fix-RSAES-PKCS1-v1_5-system-wide-configuration.patch \ + file://run-ptest \ + file://Add-ptest-support.patch \ + " + +SRC_URI[sha256sum] = "66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc" + +inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest + +PACKAGECONFIG ??= "libidn libtasn1 ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}" + +# You must also have CONFIG_SECCOMP enabled in the kernel for +# seccomp to work. +PACKAGECONFIG[seccomp] = "--with-libseccomp-prefix=${STAGING_EXECPREFIXDIR},ac_cv_libseccomp=no,libseccomp" +PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" +PACKAGECONFIG[libtasn1] = "--without-included-libtasn1,--with-included-libtasn1,libtasn1" +PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" +PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR}" +PACKAGECONFIG[dane] = "--enable-libdane,--disable-libdane,unbound" +# Certificate compression +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +EXTRA_OECONF = " \ + --enable-doc \ + --disable-rpath \ + --enable-openssl-compatibility \ + --with-libpthread-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-librt-prefix=${STAGING_DIR_HOST}${prefix} \ + --with-default-trust-store-file=${sysconfdir}/ssl/certs/ca-certificates.crt \ +" + +# Otherwise the tools try and use HOSTTOOLS_DIR/bash as a shell. +export POSIX_SHELL="${base_bindir}/sh" + +do_configure:prepend() { + for dir in . lib; do + rm -f ${dir}/aclocal.m4 ${dir}/m4/libtool.m4 ${dir}/m4/lt*.m4 + done +} + +do_compile_ptest() { + oe_runmake -C tests buildtest-TESTS +} + +do_install:append:class-target() { + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then + install -d ${D}${bindir}/bin + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${bindir}/ + fi +} + +PACKAGES =+ "${PN}-dane ${PN}-openssl ${PN}-xx ${PN}-fips" + +FILES:${PN}-dev += "${bindir}/gnutls-cli-debug" + +FILES:${PN}-dane = "${libdir}/libgnutls-dane.so.*" +FILES:${PN}-openssl = "${libdir}/libgnutls-openssl.so.*" +FILES:${PN}-xx = "${libdir}/libgnutlsxx.so.*" +FILES:${PN}-fips = "${bindir}/fipshmac" + +RDEPENDS:${PN}-ptest += "python3" + +BBCLASSEXTEND = "native nativesdk" + +pkg_postinst_ontarget:${PN}-fips () { + if test -x ${bindir}/fipshmac + then + mkdir ${sysconfdir}/gnutls + touch ${sysconfdir}/gnutls/config + ${bindir}/fipshmac ${libdir}/libgnutls.so.30.*.* > ${libdir}/.libgnutls.so.30.hmac + ${bindir}/fipshmac ${libdir}/libnettle.so.8.* > ${libdir}/.libnettle.so.8.hmac + ${bindir}/fipshmac ${libdir}/libgmp.so.10.*.* > ${libdir}/.libgmp.so.10.hmac + ${bindir}/fipshmac ${libdir}/libhogweed.so.6.* > ${libdir}/.libhogweed.so.6.hmac + fi +} diff --git a/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch b/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch index 2ac89f3b32..216d636793 100644 --- a/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch +++ b/meta/recipes-support/gnutls/libtasn1/dont-depend-on-help2man.patch @@ -1,14 +1,26 @@ +From 629fc6427710e48b78f8b1f300dd698fe898cfd4 Mon Sep 17 00:00:00 2001 +From: Marko Lindqvist <cazfi74@gmail.com> +Date: Mon, 7 Jan 2013 01:49:40 +0200 +Subject: [PATCH] libtasn1: remove help2man dependency + Upstream-Status: Inappropriate Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> -diff -Nurd libtasn1-2.14/doc/Makefile.am libtasn1-2.14/doc/Makefile.am ---- libtasn1-2.14/doc/Makefile.am 2012-09-24 15:08:42.000000000 +0300 -+++ libtasn1-2.14/doc/Makefile.am 2013-01-03 07:35:26.702763403 +0200 -@@ -31,7 +31,7 @@ - AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \ - --no-split --number-sections --css-include=texinfo.css +--- + doc/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index a0171a5..8aa4d3d 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -28,7 +28,7 @@ libtasn1_TEXINFOS += asn1Coding-help.texi asn1Decoding-help.texi asn1Parser-help + + AM_MAKEINFOHTMLFLAGS = --no-split $(AM_MAKEINFOFLAGS) + -dist_man_MANS = $(gdoc_MANS) asn1Parser.1 asn1Coding.1 asn1Decoding.1 +dist_man_MANS = $(gdoc_MANS) - + HELP2MAN_OPTS = --info-page libtasn1 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb index 21ef5c3de4..5fb8b54c06 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb @@ -3,12 +3,12 @@ DESCRIPTION = "A highly portable C library that encodes and decodes \ DER/BER data following an ASN.1 schema. " HOMEPAGE = "http://www.gnu.org/software/libtasn1/" -LICENSE = "GPLv3+ & LGPLv2.1+" -LICENSE_${PN}-bin = "GPLv3+" -LICENSE_${PN} = "LGPLv2.1+" +LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later" +LICENSE:${PN}-bin = "GPL-3.0-or-later" +LICENSE:${PN} = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://doc/COPYING.LESSER;md5=4fbd65380cdd255951079008b364516c \ - file://LICENSE;md5=75ac100ec923f959898182307970c360" + file://COPYING;md5=75ac100ec923f959898182307970c360" SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ @@ -16,8 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ DEPENDS = "bison-native" -SRC_URI[md5sum] = "531208de3729d42e2af0a32890f08736" -SRC_URI[sha256sum] = "0e0fb0903839117cb6e3b56e68222771bebf22ad7fc2295a0ed7d576e8d4329d" +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a" inherit autotools texinfo lib_package gtk-doc |