Message ID | 20230613191758.29502-1-beniaminsandu@gmail.com |
---|---|
State | Under Review |
Headers | show |
Series | [meta-networking] mbedtls: add support for v3.x | expand |
this might be the reason for a new build failure while building mdns | mbedtls.c:41:10: fatal error: mbedtls/certs.h: No such file or directory | 41 | #include <mbedtls/certs.h> | | ^~~~~~~~~~~~~~~~~ | compilation terminated. | make[1]: *** [Makefile:510: objects/prod/mbedtls.c.o] Error 1 | make[1]: Leaving directory '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/mdns/1790.80.10-r0/git/mDNSPosix' for more details see https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/2821/steps/14/logs/stdio On Tue, Jun 13, 2023 at 12:19 PM Beniamin Sandu <beniaminsandu@gmail.com> wrote: > > Version 3.4.0 adds a lot of improvements and fixes (a notable one > being initial support for PKCS7 CMS), but since this is a pretty > big jump, let's keep both versions for a while, so the v2.x users > can upgrade to 3.x in a timely manner if needed. > > Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > --- > .../mbedtls/mbedtls_3.4.0.bb | 76 +++++++++++++++++++ > 1 file changed, 76 insertions(+) > create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > new file mode 100644 > index 000000000..351aa43ac > --- /dev/null > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > @@ -0,0 +1,76 @@ > +SUMMARY = "Lightweight crypto and SSL/TLS library" > +DESCRIPTION = "mbedtls is a lean open source crypto library \ > +for providing SSL and TLS support in your programs. It offers \ > +an intuitive API and documented header files, so you can actually \ > +understand what the code does. It features: \ > + \ > + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ > + Camellia and XTEA \ > + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ > + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ > + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ > + ECDSA and ECDH \ > + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ > + - Abstraction layers for ciphers, hashes, public key operations, \ > + platform abstraction and threading \ > +" > + > +HOMEPAGE = "https://tls.mbed.org/" > + > +LICENSE = "Apache-2.0" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > + > +SECTION = "libs" > + > +S = "${WORKDIR}/git" > +SRCREV = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33" > +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ > + file://run-ptest \ > + " > + > +inherit cmake update-alternatives ptest > + > +PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" > +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" > +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" > +# Make X.509 and TLS calls use PSA > +# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md > +PACKAGECONFIG[psa] = "" > +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" > + > +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}" > + > +# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS > +CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}" > + > +PROVIDES += "polarssl" > +RPROVIDES:${PN} = "polarssl" > + > +PACKAGES =+ "${PN}-programs" > +FILES:${PN}-programs = "${bindir}/" > + > +ALTERNATIVE:${PN}-programs = "hello" > +ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" > + > +BBCLASSEXTEND = "native nativesdk" > + > +CVE_PRODUCT = "mbed_tls" > + > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 > +CVE_CHECK_IGNORE += "CVE-2021-43666" > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c > +CVE_CHECK_IGNORE += "CVE-2021-45451" > + > +# Export source files/headers needed by Arm Trusted Firmware > +sysroot_stage_all:append() { > + sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" > + sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" > +} > + > +do_install_ptest () { > + install -d ${D}${PTEST_PATH}/tests > + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ > + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete > + cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/ > +} > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#103275): https://lists.openembedded.org/g/openembedded-devel/message/103275 > Mute This Topic: https://lists.openembedded.org/mt/99512869/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Thanks, looks like it. I will check as soon as possible. Cheers, Beni On Wed, Jun 14, 2023 at 10:42 AM Khem Raj <raj.khem@gmail.com> wrote: > > this might be the reason for a new build failure while building mdns > > | mbedtls.c:41:10: fatal error: mbedtls/certs.h: No such file or directory > | 41 | #include <mbedtls/certs.h> > | | ^~~~~~~~~~~~~~~~~ > | compilation terminated. > | make[1]: *** [Makefile:510: objects/prod/mbedtls.c.o] Error 1 > | make[1]: Leaving directory > '/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/mdns/1790.80.10-r0/git/mDNSPosix' > > for more details see > > https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/2821/steps/14/logs/stdio > > On Tue, Jun 13, 2023 at 12:19 PM Beniamin Sandu <beniaminsandu@gmail.com> wrote: > > > > Version 3.4.0 adds a lot of improvements and fixes (a notable one > > being initial support for PKCS7 CMS), but since this is a pretty > > big jump, let's keep both versions for a while, so the v2.x users > > can upgrade to 3.x in a timely manner if needed. > > > > Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> > > --- > > .../mbedtls/mbedtls_3.4.0.bb | 76 +++++++++++++++++++ > > 1 file changed, 76 insertions(+) > > create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > > > > diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > > new file mode 100644 > > index 000000000..351aa43ac > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb > > @@ -0,0 +1,76 @@ > > +SUMMARY = "Lightweight crypto and SSL/TLS library" > > +DESCRIPTION = "mbedtls is a lean open source crypto library \ > > +for providing SSL and TLS support in your programs. It offers \ > > +an intuitive API and documented header files, so you can actually \ > > +understand what the code does. It features: \ > > + \ > > + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ > > + Camellia and XTEA \ > > + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ > > + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ > > + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ > > + ECDSA and ECDH \ > > + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ > > + - Abstraction layers for ciphers, hashes, public key operations, \ > > + platform abstraction and threading \ > > +" > > + > > +HOMEPAGE = "https://tls.mbed.org/" > > + > > +LICENSE = "Apache-2.0" > > +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > > + > > +SECTION = "libs" > > + > > +S = "${WORKDIR}/git" > > +SRCREV = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33" > > +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ > > + file://run-ptest \ > > + " > > + > > +inherit cmake update-alternatives ptest > > + > > +PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" > > +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" > > +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" > > +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" > > +# Make X.509 and TLS calls use PSA > > +# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md > > +PACKAGECONFIG[psa] = "" > > +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" > > + > > +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}" > > + > > +# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS > > +CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}" > > + > > +PROVIDES += "polarssl" > > +RPROVIDES:${PN} = "polarssl" > > + > > +PACKAGES =+ "${PN}-programs" > > +FILES:${PN}-programs = "${bindir}/" > > + > > +ALTERNATIVE:${PN}-programs = "hello" > > +ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" > > + > > +BBCLASSEXTEND = "native nativesdk" > > + > > +CVE_PRODUCT = "mbed_tls" > > + > > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 > > +CVE_CHECK_IGNORE += "CVE-2021-43666" > > +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c > > +CVE_CHECK_IGNORE += "CVE-2021-45451" > > + > > +# Export source files/headers needed by Arm Trusted Firmware > > +sysroot_stage_all:append() { > > + sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" > > + sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" > > +} > > + > > +do_install_ptest () { > > + install -d ${D}${PTEST_PATH}/tests > > + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ > > + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete > > + cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/ > > +} > > -- > > 2.25.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#103275): https://lists.openembedded.org/g/openembedded-devel/message/103275 > > Mute This Topic: https://lists.openembedded.org/mt/99512869/1997914 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb new file mode 100644 index 000000000..351aa43ac --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb @@ -0,0 +1,76 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://tls.mbed.org/" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SECTION = "libs" + +S = "${WORKDIR}/git" +SRCREV = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ + file://run-ptest \ + " + +inherit cmake update-alternatives ptest + +PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" +# Make X.509 and TLS calls use PSA +# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md +PACKAGECONFIG[psa] = "" +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" + +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}" + +# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS +CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}" + +PROVIDES += "polarssl" +RPROVIDES:${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES:${PN}-programs = "${bindir}/" + +ALTERNATIVE:${PN}-programs = "hello" +ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "mbed_tls" + +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/pull/5310 +CVE_CHECK_IGNORE += "CVE-2021-43666" +# Fix merged upstream https://github.com/Mbed-TLS/mbedtls/commit/9a4a9c66a48edfe9ece03c7e4a53310adf73a86c +CVE_CHECK_IGNORE += "CVE-2021-45451" + +# Export source files/headers needed by Arm Trusted Firmware +sysroot_stage_all:append() { + sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" + sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH}/tests + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete + cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/ +}
Version 3.4.0 adds a lot of improvements and fixes (a notable one being initial support for PKCS7 CMS), but since this is a pretty big jump, let's keep both versions for a while, so the v2.x users can upgrade to 3.x in a timely manner if needed. Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> --- .../mbedtls/mbedtls_3.4.0.bb | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 meta-networking/recipes-connectivity/mbedtls/mbedtls_3.4.0.bb