From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 .../ecryptfs-utils/ecryptfs-utils_111.bb           |  5 ++--
 .../files/0001-avoid-race-condition.patch          | 32 ++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 external/meta-security/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch

(limited to 'external/meta-security/recipes-security/ecryptfs-utils')

diff --git a/external/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/external/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 1f780f9e..d8cd06f8 100644
--- a/external/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/external/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -14,6 +14,7 @@ DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
 SRC_URI = "\
     https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar.gz \
     file://ecryptfs-utils-CVE-2016-6224.patch \
+    file://0001-avoid-race-condition.patch \
     file://ecryptfs.service \
     "
 
@@ -30,17 +31,17 @@ EXTRA_OECONF = "\
     --disable-pywrap \
     --disable-nls \
     --with-pamdir=${base_libdir}/security \
+    --disable-openssl \
     "
 
 PACKAGECONFIG ??= "nss \
     ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
     "
 PACKAGECONFIG[nss] = "--enable-nss,--disable-nss,nss,"
-PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,"
 PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,"
 
 do_configure_prepend() {
-    export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3"
+    export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr -I${STAGING_INCDIR}/nss3"
     export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3"
     export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}"
     export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils"
diff --git a/external/meta-security/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch b/external/meta-security/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
new file mode 100644
index 00000000..af28d581
--- /dev/null
+++ b/external/meta-security/recipes-security/ecryptfs-utils/files/0001-avoid-race-condition.patch
@@ -0,0 +1,32 @@
+From ab671b02e3aaf65dd1fd279789ea933b8140fe52 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 27 Aug 2019 16:08:00 +0800
+Subject: [PATCH] avoid race condition
+
+The rootsbin directory is self defined. The install-rootsbinPROGRAMS
+is actually treated as part of install-data.
+
+This would avoid race condition which causes install failure.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/utils/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
+index 83cf851..344883a 100644
+--- a/src/utils/Makefile.am
++++ b/src/utils/Makefile.am
+@@ -67,6 +67,6 @@ ecryptfs_stat_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+ test_SOURCES = test.c io.c
+ test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+ 
+-install-exec-hook:	install-rootsbinPROGRAMS
++install-data-hook:	install-rootsbinPROGRAMS
+ 	-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+ 	$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
+-- 
+2.17.1
+
-- 
cgit 1.2.3-korg