diff options
Diffstat (limited to 'external/meta-openembedded/meta-oe/recipes-crypto')
8 files changed, 230 insertions, 61 deletions
diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.7.0.bb b/external/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.14.0.bb index 92853d00..42e89f63 100644 --- a/external/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.7.0.bb +++ b/external/meta-openembedded/meta-oe/recipes-crypto/botan/botan_2.14.0.bb @@ -1,18 +1,14 @@ -# Copyright (C) 2018 Khem Raj <raj.khem@gmail.com> -# Released under the MIT license (see COPYING.MIT for the terms) - -DESCRIPTION = "Crypto and TLS for C++11" +SUMMARY = "Crypto and TLS for C++11" HOMEPAGE = "https://botan.randombit.net" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://license.txt;md5=bf361fc63df3fa25652ee82c43b7601a" +LIC_FILES_CHKSUM = "file://license.txt;md5=a02e03c8fa2c5e7b9b3fcc1b9811fd3b" SECTION = "libs" +SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz" +SRC_URI[md5sum] = "ebc68c08b99bbc4b4fc9bdbfad398b02" +SRC_URI[sha256sum] = "0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5" -#v2.7.0 -SRCREV = "5874000d42c338ec95a7ff24cdc0c64e70f967b5" -SRC_URI = "git://github.com/randombit/botan.git" - -S = "${WORKDIR}/git" +S = "${WORKDIR}/Botan-${PV}" inherit python3native siteinfo lib_package @@ -23,14 +19,15 @@ CPU_armv7ve = "armv7" do_configure() { python3 ${S}/configure.py \ - --prefix="${D}${prefix}" \ + --prefix="${D}${exec_prefix}" \ + --libdir="${D}${libdir}" \ --cpu="${CPU}" \ --cc-bin="${CXX}" \ --cxxflags="${CXXFLAGS}" \ --ldflags="${LDFLAGS}" \ --with-endian=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ ${@bb.utils.contains("TUNE_FEATURES","neon","","--disable-neon",d)} \ - --with-sysroot-dir=${STAGING_DIR_TARGET} \ + --with-sysroot-dir=${STAGING_DIR_HOST} \ --with-build-dir="${B}" \ --optimize-for-size \ --with-stack-protector \ @@ -52,4 +49,3 @@ PACKAGES += "${PN}-python3" FILES_${PN}-python3 = "${libdir}/python3" RDEPENDS_${PN}-python3 += "python3" - diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.0.4.bb b/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.0.4.bb deleted file mode 100644 index cc7bc6e0..00000000 --- a/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.0.4.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" -DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ -device-mapper mappings. These include plain dm-crypt volumes and \ -LUKS volumes. The difference is that LUKS uses a metadata header \ -and can hence offer more features than plain dm-crypt. On the other \ -hand, the header is visible and vulnerable to damage." -HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" -SECTION = "console" -LICENSE = "GPL-2.0-with-OpenSSL-exception" -LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" - -DEPENDS = "util-linux libdevmapper popt libgcrypt json-c" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v2.0/${BP}.tar.xz" -SRC_URI[md5sum] = "ed42b31f67d05b05e392d1943d467b8d" -SRC_URI[sha256sum] = "9d3a3c7033293e0c97f0ad0501fd5b4d4913ae497cbf70cca06633ccc54b5734" - -inherit autotools gettext pkgconfig - -# Use openssl because libgcrypt drops root privileges -# if libgcrypt is linked with libcap support -PACKAGECONFIG ??= "openssl" -PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" -PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" - -RRECOMMENDS_${PN} = "kernel-module-aes-generic \ - kernel-module-dm-crypt \ - kernel-module-md5 \ - kernel-module-cbc \ - kernel-module-sha256-generic \ - kernel-module-xts \ -" - -EXTRA_OECONF = "--enable-static" - -FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" - -BBCLASSEXTEND = "native nativesdk" diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb b/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb new file mode 100644 index 00000000..b9668eb0 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.2.bb @@ -0,0 +1,92 @@ +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ +device-mapper mappings. These include plain dm-crypt volumes and \ +LUKS volumes. The difference is that LUKS uses a metadata header \ +and can hence offer more features than plain dm-crypt. On the other \ +hand, the header is visible and vulnerable to damage." +HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" +SECTION = "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS = " \ + json-c \ + libdevmapper \ + popt \ + util-linux \ +" + +RDEPENDS_${PN} = " \ + libdevmapper \ +" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" +SRC_URI[md5sum] = "6e4ffb6d35a73f7539a5d0c1354654cd" +SRC_URI[sha256sum] = "a89e13dff0798fd0280e801d5f0cc8cfdb2aa5b1929bec1b7322e13d3eca95fb" + +inherit autotools gettext pkgconfig + +# Use openssl because libgcrypt drops root privileges +# if libgcrypt is linked with libcap support +PACKAGECONFIG ??= " \ + keyring \ + cryptsetup \ + veritysetup \ + cryptsetup-reencrypt \ + integritysetup \ + ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ + kernel_crypto \ + internal-argon2 \ + blkid \ + luks-adjust-xts-keysize \ + openssl \ +" +PACKAGECONFIG_append_class-target = " \ + udev \ +" + +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" +PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt" +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev" +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't +# recognized. +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" +PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" + +RRECOMMENDS_${PN} = "kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ +" + +EXTRA_OECONF = "--enable-static" +# Building without largefile is not supported by upstream +EXTRA_OECONF += "--enable-largefile" +# Requires a static popt library +EXTRA_OECONF += "--disable-static-cryptsetup" +# There's no recipe for libargon2 yet +EXTRA_OECONF += "--disable-libargon2" + +FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" + +BBCLASSEXTEND = "native nativesdk" diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-Use-__builtin_bswap32-on-Clang-if-supported.patch b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-Use-__builtin_bswap32-on-Clang-if-supported.patch new file mode 100644 index 00000000..e713665a --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-Use-__builtin_bswap32-on-Clang-if-supported.patch @@ -0,0 +1,39 @@ +From 7b5dd67fee58f9f54c8a676abe2131776c0a3c52 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 20 Nov 2019 13:41:39 -0800 +Subject: [PATCH] Use __builtin_bswap32 on Clang if supported + +clang pretends to be gcc 4.2.1 so GCC_VERSION macro will decide that +__builtin_bswap32 is not supported on clang, whereas in reality it might +so its better to add a check for enquiring clang if it supports +__builtin_bswap32 or not + +Upstream-Status: Submitted [https://github.com/smuellerDD/libkcapi/pull/83] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + lib/kcapi-kdf.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c +index 9e53a0b..f32fbe9 100644 +--- a/lib/kcapi-kdf.c ++++ b/lib/kcapi-kdf.c +@@ -54,10 +54,14 @@ + #include "kcapi.h" + #include "internal.h" + ++#ifndef __has_builtin ++# define __has_builtin(x) 0 ++#endif ++ + #define GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) +-#if GCC_VERSION >= 40400 ++#if GCC_VERSION >= 40400 || (defined(__clang__) && __has_builtin(__builtin_bswap32)) + # define __HAVE_BUILTIN_BSWAP32__ + #endif + +-- +2.24.0 + diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-kcapi-kdf-Move-code-to-fix.patch b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-kcapi-kdf-Move-code-to-fix.patch new file mode 100644 index 00000000..7ed9caf0 --- /dev/null +++ b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi/0001-kcapi-kdf-Move-code-to-fix.patch @@ -0,0 +1,73 @@ +From 8f961521add49278b48c9721fc53e05ee3543b74 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 16 Nov 2019 23:03:51 -0800 +Subject: [PATCH] kcapi-kdf: Move code to fix + +Fixes clang build +unused function '_bswap32' [-Werror,-Wunused-function] + +Upstream-Status: Submitted [https://github.com/smuellerDD/libkcapi/pull/83] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + lib/kcapi-kdf.c | 37 +++++++++++++++++-------------------- + 1 file changed, 17 insertions(+), 20 deletions(-) + +diff --git a/lib/kcapi-kdf.c b/lib/kcapi-kdf.c +index ea39846..9e53a0b 100644 +--- a/lib/kcapi-kdf.c ++++ b/lib/kcapi-kdf.c +@@ -54,6 +54,20 @@ + #include "kcapi.h" + #include "internal.h" + ++#define GCC_VERSION (__GNUC__ * 10000 \ ++ + __GNUC_MINOR__ * 100 \ ++ + __GNUC_PATCHLEVEL__) ++#if GCC_VERSION >= 40400 ++# define __HAVE_BUILTIN_BSWAP32__ ++#endif ++ ++/* Endian dependent byte swap operations. */ ++#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ++# define be_bswap32(x) ((uint32_t)(x)) ++#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ++# ifdef __HAVE_BUILTIN_BSWAP32__ ++# define be_bswap32(x) (uint32_t)__builtin_bswap32((uint32_t)(x)) ++# else + static inline uint32_t rol32(uint32_t x, int n) + { + return ( (x << (n&(32-1))) | (x >> ((32-n)&(32-1))) ); +@@ -68,27 +82,10 @@ static inline uint32_t _bswap32(uint32_t x) + { + return ((rol32(x, 8) & 0x00ff00ffL) | (ror32(x, 8) & 0xff00ff00L)); + } +- +-#define GCC_VERSION (__GNUC__ * 10000 \ +- + __GNUC_MINOR__ * 100 \ +- + __GNUC_PATCHLEVEL__) +-#if GCC_VERSION >= 40400 +-# define __HAVE_BUILTIN_BSWAP32__ +-#endif +- +-#ifdef __HAVE_BUILTIN_BSWAP32__ +-# define _swap32(x) (uint32_t)__builtin_bswap32((uint32_t)(x)) +-#else +-# define _swap32(x) _bswap32(x) +-#endif +- +-/* Endian dependent byte swap operations. */ +-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +-# define be_bswap32(x) ((uint32_t)(x)) +-#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +-# define be_bswap32(x) _swap32(x) ++# define be_bswap32(x) _bswap32(x) ++# endif + #else +-#error "Endianess not defined" ++# error "endianess not defined" + #endif + + DSO_PUBLIC +-- +2.24.0 + diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb index a93ddc82..4e217a35 100644 --- a/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb +++ b/external/meta-openembedded/meta-oe/recipes-crypto/libkcapi/libkcapi_git.bb @@ -1,28 +1,33 @@ SUMMARY = "Linux Kernel Crypto API User Space Interface Library" HOMEPAGE = "http://www.chronox.de/libkcapi.html" LICENSE = "BSD | GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=d0421cf231423bda10cea691b613e866" +LIC_FILES_CHKSUM = "file://COPYING;md5=14d5a68b28755c04ebdba226e888b157" DEPENDS = "libtool" S = "${WORKDIR}/git" -# Use v1.1.3 with changes on top for building in OE -SRCREV = "1c736c43eb71fbb5640d00efaf34a1edf1972c49" -PV = "1.1.3+git${SRCPV}" +SRCREV = "5649050d201856bf06c8738b5d2aa1710c86ac2f" +PV = "1.1.5" SRC_URI = " \ git://github.com/smuellerDD/libkcapi.git \ + file://0001-kcapi-kdf-Move-code-to-fix.patch \ + file://0001-Use-__builtin_bswap32-on-Clang-if-supported.patch \ " inherit autotools PACKAGECONFIG ??= "" -PACKAGECONFIG[testapp] = "--enable-kcapi-test,,," +PACKAGECONFIG[testapp] = "--enable-kcapi-test,,,bash" PACKAGECONFIG[apps] = "--enable-kcapi-speed --enable-kcapi-hasher --enable-kcapi-rngapp --enable-kcapi-encapp --enable-kcapi-dgstapp,,," do_install_append() { # bindir contains testapp and apps. However it is always created, even # when no binaries are installed (empty bin_PROGRAMS in Makefile.am), rmdir --ignore-fail-on-non-empty ${D}${bindir} + + # Remove the generated binary checksum files + rm -f ${D}${bindir}/.*.hmac + rm -f ${D}${libdir}/.*.hmac } CPPFLAGS_append_libc-musl_toolchain-clang = " -Wno-error=sign-compare" diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/libsodium/libsodium_1.0.16.bb b/external/meta-openembedded/meta-oe/recipes-crypto/libsodium/libsodium_1.0.18.bb index 57f38fec..53b3ddc2 100644 --- a/external/meta-openembedded/meta-oe/recipes-crypto/libsodium/libsodium_1.0.16.bb +++ b/external/meta-openembedded/meta-oe/recipes-crypto/libsodium/libsodium_1.0.18.bb @@ -2,11 +2,11 @@ SUMMARY = "The Sodium crypto library" HOMEPAGE = "http://libsodium.org/" BUGTRACKER = "https://github.com/jedisct1/libsodium/issues" LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=7f5ecba1fa793fc1f3c8f32d6cb5a37b" +LIC_FILES_CHKSUM = "file://LICENSE;md5=47203c753972e855179dfffe15188bee" SRC_URI = "https://download.libsodium.org/libsodium/releases/${BPN}-${PV}.tar.gz" -SRC_URI[md5sum] = "37b18839e57e7a62834231395c8e962b" -SRC_URI[sha256sum] = "eeadc7e1e1bcef09680fb4837d448fbdf57224978f865ac1c16745868fbd0533" +SRC_URI[md5sum] = "3ca9ebc13b6b4735acae0a6a4c4f9a95" +SRC_URI[sha256sum] = "6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1" inherit autotools diff --git a/external/meta-openembedded/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.25.1.bb b/external/meta-openembedded/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb index 271f2eaa..9b6e7ccb 100644 --- a/external/meta-openembedded/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.25.1.bb +++ b/external/meta-openembedded/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb @@ -18,8 +18,10 @@ LIC_FILES_CHKSUM = " \ SRC_URI = "git://github.com/OpenSC/${BPN}.git" S = "${WORKDIR}/git" -# v1.25.1 -SRCREV = "2713cb09dcd90104cb7bceb5f14cd6f90834f7b1" +# v1.26 +SRCREV = "c7a0cfa08ddc75d963a835d3588170af0e5f1115" + +UPSTREAM_CHECK_GITTAGREGEX = "pkcs11-helper-(?P<pver>\d+(\.\d+)+)" DEPENDS = "zlib nettle gnutls gmp openssl nss nspr" |