Message ID | 1651808269-3775-1-git-send-email-leimaohui@fujitsu.com |
---|---|
State | New |
Headers | show |
Series | [v2] gnutls: Added fips support option. | expand |
On Fri, 6 May 2022 at 05:38, leimaohui <leimaohui@fujitsu.com> wrote: > +DEPENDS:append:class-target = " gnutls-native" > +DEPENDS:append:class-nativesdk = " gnutls-native" > +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" I think the unconditional DEPENDS lines can be avoided if you use: PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-native" Alex
Hi, Alex > I think the unconditional DEPENDS lines can be avoided if you use: > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > e" But because gnutls-native also need to enable fips, circular dependency error will occur in this way. --------------------------------------------- ERROR: 288 unbuildable tasks were found.################################ | ETA: 0:00:00 These are usually caused by circular dependencies and any circular dependency chains found will be printed below. Increase the debug level to see a list of unbuildable tasks. Identifying dependency loops (this may take a short while)... ...... --------------------------------------------- Best regards Lei > -----Original Message----- > From: Alexander Kanavin <alex.kanavin@gmail.com> > Sent: Friday, May 6, 2022 2:30 PM > To: Lei, Maohui <leimaohui@fujitsu.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > On Fri, 6 May 2022 at 05:38, leimaohui <leimaohui@fujitsu.com> wrote: > > +DEPENDS:append:class-target = " gnutls-native" > > +DEPENDS:append:class-nativesdk = " gnutls-native" > > +PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" > > I think the unconditional DEPENDS lines can be avoided if you use: > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > e" > > Alex
On Sat, 7 May 2022 at 04:31, leimaohui@fujitsu.com <leimaohui@fujitsu.com> wrote: > > I think the unconditional DEPENDS lines can be avoided if you use: > But because gnutls-native also need to enable fips, circular dependency error will occur in this way. > --------------------------------------------- > ERROR: 288 unbuildable tasks were found.################################ | ETA: 0:00:00 > These are usually caused by circular dependencies and any circular dependency chains found will be printed below. Increase the debug level to see a list of unbuildable tasks. > > Identifying dependency loops (this may take a short while)... Perhaps there could be PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-native" PACKAGECONFIG[fips-native] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" You can have different sets of packageconfig options for -native and target. Alex
Hi, Alex > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > e" > PACKAGECONFIG[fips-native] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" I'm sorry that this way doesn’t work, because PACKAGECONFIG[fips-native] means PACKAGECONFIG is set for fips-native not for fips. And I don't find any existing recipes that config PACKAGECONFIG[xxx] for native or target separately. I wonder If you can tell me any recipe for reference. Thank you. Best regards Lei > -----Original Message----- > From: Alexander Kanavin <alex.kanavin@gmail.com> > Sent: Saturday, May 7, 2022 3:36 PM > To: Lei, Maohui <leimaohui@fujitsu.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > On Sat, 7 May 2022 at 04:31, leimaohui@fujitsu.com <leimaohui@fujitsu.com> > wrote: > > > I think the unconditional DEPENDS lines can be avoided if you use: > > But because gnutls-native also need to enable fips, circular dependency error > will occur in this way. > > --------------------------------------------- > > ERROR: 288 unbuildable tasks were > found.################################ > | ETA: 0:00:00 > > These are usually caused by circular dependencies and any circular > dependency chains found will be printed below. Increase the debug level to see a > list of unbuildable tasks. > > > > Identifying dependency loops (this may take a short while)... > > Perhaps there could be > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > e" > PACKAGECONFIG[fips-native] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" > > You can have different sets of packageconfig options for -native and target. > > Alex
On Mon, 9 May 2022 at 03:30, leimaohui@fujitsu.com <leimaohui@fujitsu.com> wrote: > > PACKAGECONFIG[fips] = "--enable-fips140-mode > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnutls-nativ > > e" > > PACKAGECONFIG[fips-native] = "--enable-fips140-mode > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" > > I'm sorry that this way doesn’t work, because PACKAGECONFIG[fips-native] means PACKAGECONFIG is set for fips-native not for fips. > And I don't find any existing recipes that config PACKAGECONFIG[xxx] for native or target separately. > I wonder If you can tell me any recipe for reference. > Thank you. You can issue this in poky/meta and plenty of examples will come up: [ak@fedora meta]$ grep -ir PACKAGECONFIG *|grep class-native Alex
Hi Alex > You can issue this in poky/meta and plenty of examples will come up: > [ak@fedora meta]$ grep -ir PACKAGECONFIG *|grep class-native I'm afraid I'm not quite with you. Searched poky by the following command and there is no example about how to config PACKAGECONFIG[xxx] for target or native separately. The result is all about how to config PACKAGECONFIG for target or native. ---------------------------------------- $ grep -ir PACKAGECONFIG *|grep class-native meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??= "" meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = "" meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?= "fts4 fts5 rtree dyn_ext" ...... ---------------------------------------- But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For example, in libcap_2.64.bb file: $ cat meta/recipes-support/libcap/libcap_2.64.bb ...... PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} " //not here ...... PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your comment means modify here ....... Did I misunderstand? Best regards Lei > -----Original Message----- > From: openembedded-core@lists.openembedded.org > <openembedded-core@lists.openembedded.org> On Behalf Of Alexander > Kanavin > Sent: Monday, May 9, 2022 4:44 PM > To: Lei, Maohui <leimaohui@fujitsu.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > On Mon, 9 May 2022 at 03:30, leimaohui@fujitsu.com <leimaohui@fujitsu.com> > wrote: > > > PACKAGECONFIG[fips] = "--enable-fips140-mode > > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode,gnu > > > tls-nativ > > > e" > > > PACKAGECONFIG[fips-native] = "--enable-fips140-mode > > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" > > > > I'm sorry that this way doesn’t work, because PACKAGECONFIG[fips-native] > means PACKAGECONFIG is set for fips-native not for fips. > > And I don't find any existing recipes that config PACKAGECONFIG[xxx] for native > or target separately. > > I wonder If you can tell me any recipe for reference. > > Thank you. > > You can issue this in poky/meta and plenty of examples will come up: > [ak@fedora meta]$ grep -ir PACKAGECONFIG *|grep class-native > > Alex
On Tue, 10 May 2022 at 02:54, leimaohui@fujitsu.com <leimaohui@fujitsu.com> wrote: > I'm afraid I'm not quite with you. Searched poky by the following command and there is no example about how to config PACKAGECONFIG[xxx] for target or native separately. > The result is all about how to config PACKAGECONFIG for target or native. > ---------------------------------------- > $ grep -ir PACKAGECONFIG *|grep class-native > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??= "" > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = "" > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?= "fts4 fts5 rtree dyn_ext" > ...... > ---------------------------------------- > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For example, in libcap_2.64.bb file: > $ cat meta/recipes-support/libcap/libcap_2.64.bb > ...... > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} " //not here > ...... > PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your comment means modify here > ....... > > Did I misunderstand? Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is used for two different purposes. What I meant is something like this: PACKAGECONFIG ??= "fips" PACKAGECONFIG:class-native ??= "fips-native" Alex
Hi, Alex > PACKAGECONFIG ??= "fips" > PACKAGECONFIG:class-native ??= "fips-native" I got it. It seems an unusual method because there is no recipe using this way in . In this way, it means that if user want to enable fips, the following PACKAGECONFIG should be added in recipe. PACKAGECONFIG:append:class-target = fips PACKAGECONFIG:append:class-nativesdk = fips PACKAGECONFIG:append:class-target = fips-native So, I'll send a v3 patch in this way, is it ok? Best regards Lei > -----Original Message----- > From: Alexander Kanavin <alex.kanavin@gmail.com> > Sent: Wednesday, May 11, 2022 1:40 PM > To: Lei, Maohui <leimaohui@fujitsu.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > On Tue, 10 May 2022 at 02:54, leimaohui@fujitsu.com <leimaohui@fujitsu.com> > wrote: > > I'm afraid I'm not quite with you. Searched poky by the following command and > there is no example about how to config PACKAGECONFIG[xxx] for target or > native separately. > > The result is all about how to config PACKAGECONFIG for target or native. > > ---------------------------------------- > > $ grep -ir PACKAGECONFIG *|grep class-native > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??= > "" > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = "" > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?= "fts4 > fts5 rtree dyn_ext" > > ...... > > ---------------------------------------- > > > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For > example, in libcap_2.64.bb file: > > $ cat meta/recipes-support/libcap/libcap_2.64.bb > > ...... > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', > > 'seccomp', d)} " //not here ...... > > PACKAGECONFIG[fips] = "--enable-fips140-mode > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your > comment means modify here > > ....... > > > > Did I misunderstand? > > Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is used for > two different purposes. > > What I meant is something like this: > > PACKAGECONFIG ??= "fips" > PACKAGECONFIG:class-native ??= "fips-native" > > Alex
On Wed, 11 May 2022 at 10:15, leimaohui@fujitsu.com <leimaohui@fujitsu.com> wrote: > I got it. It seems an unusual method because there is no recipe using this way in . > In this way, it means that if user want to enable fips, the following PACKAGECONFIG should be added in recipe. > > PACKAGECONFIG:append:class-target = fips > PACKAGECONFIG:append:class-nativesdk = fips > PACKAGECONFIG:append:class-target = fips-native Yes, this should be fine. You can add a comment in the recipe explaining how to do it. > So, I'll send a v3 patch in this way, is it ok? Yes please. The real problem here is that gnutls upstream didn't consider how fips build is supposed to work in cross-compilation, so you should also file a ticket with them and hopefully discuss how the problem can be properly solved. There are two options: - do what your patch does and use the needed binary from the host system, subject to ./configure flag. - build the needed binary twice, first for the host (using BUILD_CC), then for the cross-target. Alex > > > -----Original Message----- > > From: Alexander Kanavin <alex.kanavin@gmail.com> > > Sent: Wednesday, May 11, 2022 1:40 PM > > To: Lei, Maohui <leimaohui@fujitsu.com> > > Cc: OE-core <openembedded-core@lists.openembedded.org> > > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > > > On Tue, 10 May 2022 at 02:54, leimaohui@fujitsu.com <leimaohui@fujitsu.com> > > wrote: > > > I'm afraid I'm not quite with you. Searched poky by the following command and > > there is no example about how to config PACKAGECONFIG[xxx] for target or > > native separately. > > > The result is all about how to config PACKAGECONFIG for target or native. > > > ---------------------------------------- > > > $ grep -ir PACKAGECONFIG *|grep class-native > > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??= > > "" > > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = "" > > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?= "fts4 > > fts5 rtree dyn_ext" > > > ...... > > > ---------------------------------------- > > > > > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For > > example, in libcap_2.64.bb file: > > > $ cat meta/recipes-support/libcap/libcap_2.64.bb > > > ...... > > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', > > > 'seccomp', d)} " //not here ...... > > > PACKAGECONFIG[fips] = "--enable-fips140-mode > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your > > comment means modify here > > > ....... > > > > > > Did I misunderstand? > > > > Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is used for > > two different purposes. > > > > What I meant is something like this: > > > > PACKAGECONFIG ??= "fips" > > PACKAGECONFIG:class-native ??= "fips-native" > > > > Alex
Hi, Alex > > So, I'll send a v3 patch in this way, is it ok? > > Yes please. OK, I'll submit a V3 patch later. The real problem here is that gnutls upstream didn't consider how fips > build is supposed to work in cross-compilation, so you should also file a ticket > with them and hopefully discuss how the problem can be properly solved. > > There are two options: > - do what your patch does and use the needed binary from the host system, > subject to ./configure flag. > - build the needed binary twice, first for the host (using BUILD_CC), then for the > cross-target. Thanks for your comment and I'll submit a question to gnutls upstream. Best regards Lei > -----Original Message----- > From: Alexander Kanavin <alex.kanavin@gmail.com> > Sent: Wednesday, May 11, 2022 7:09 PM > To: Lei, Maohui <leimaohui@fujitsu.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > On Wed, 11 May 2022 at 10:15, leimaohui@fujitsu.com <leimaohui@fujitsu.com> > wrote: > > I got it. It seems an unusual method because there is no recipe using this way > in . > > In this way, it means that if user want to enable fips, the following > PACKAGECONFIG should be added in recipe. > > > > PACKAGECONFIG:append:class-target = fips > > PACKAGECONFIG:append:class-nativesdk = fips > > PACKAGECONFIG:append:class-target = fips-native > > Yes, this should be fine. You can add a comment in the recipe explaining how to > do it. > > > So, I'll send a v3 patch in this way, is it ok? > > Yes please. The real problem here is that gnutls upstream didn't consider how fips > build is supposed to work in cross-compilation, so you should also file a ticket > with them and hopefully discuss how the problem can be properly solved. > > There are two options: > - do what your patch does and use the needed binary from the host system, > subject to ./configure flag. > - build the needed binary twice, first for the host (using BUILD_CC), then for the > cross-target. > > Alex > > > > > > > -----Original Message----- > > > From: Alexander Kanavin <alex.kanavin@gmail.com> > > > Sent: Wednesday, May 11, 2022 1:40 PM > > > To: Lei, Maohui <leimaohui@fujitsu.com> > > > Cc: OE-core <openembedded-core@lists.openembedded.org> > > > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option. > > > > > > On Tue, 10 May 2022 at 02:54, leimaohui@fujitsu.com > > > <leimaohui@fujitsu.com> > > > wrote: > > > > I'm afraid I'm not quite with you. Searched poky by the following > > > > command and > > > there is no example about how to config PACKAGECONFIG[xxx] for > > > target or native separately. > > > > The result is all about how to config PACKAGECONFIG for target or native. > > > > ---------------------------------------- > > > > $ grep -ir PACKAGECONFIG *|grep class-native > > > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-nat > > > > ive ??= > > > "" > > > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = "" > > > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native > > > > ?= "fts4 > > > fts5 rtree dyn_ext" > > > > ...... > > > > ---------------------------------------- > > > > > > > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. > > > > For > > > example, in libcap_2.64.bb file: > > > > $ cat meta/recipes-support/libcap/libcap_2.64.bb > > > > ...... > > > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', > > > > 'seccomp', d)} " //not here ...... > > > > PACKAGECONFIG[fips] = "--enable-fips140-mode > > > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" > //Your > > > comment means modify here > > > > ....... > > > > > > > > Did I misunderstand? > > > > > > Sorry, it's always a bit confusing with PACKAGECONFIG, as the > > > keyword is used for two different purposes. > > > > > > What I meant is something like this: > > > > > > PACKAGECONFIG ??= "fips" > > > PACKAGECONFIG:class-native ??= "fips-native" > > > > > > Alex
diff --git a/meta/recipes-support/gnutls/gnutls/0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch b/meta/recipes-support/gnutls/gnutls/0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch new file mode 100644 index 0000000000..0eeebb9b5e --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch @@ -0,0 +1,28 @@ +From 755494234d71063ef1db6470d780a558ddfd1c56 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@fujitsu.com> +Date: Fri, 6 May 2022 10:51:39 +0900 +Subject: [PATCH] Fix build bug for cross-compile when enable fips.Using binary + from gnutls-native instead of target. + +Upstream-Status: Inappropriate [embedded specific] +Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> +--- + lib/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index c3d7b6e..0f099f4 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -207,7 +207,7 @@ hmac_files = .libs/.$(gnutls_so).hmac + all-local: $(hmac_files) + + .libs/.$(gnutls_so).hmac: libgnutls.la fipshmac +- $(AM_V_GEN) $(builddir)/fipshmac .libs/$(gnutls_so) > $@-t && mv $@-t $@ ++ $(AM_V_GEN) fipshmac .libs/$(gnutls_so) > $@-t && mv $@-t $@ + + CLEANFILES = $(hmac_files) + endif +-- +2.25.1 + diff --git a/meta/recipes-support/gnutls/gnutls_3.7.4.bb b/meta/recipes-support/gnutls/gnutls_3.7.4.bb index b34eb7f5f0..5882e980e7 100644 --- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb +++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \ file://doc/COPYING.LESSER;md5=a6f89e2100d9b6cdffcea4f398e37343" DEPENDS = "nettle gmp virtual/libiconv libunistring" +DEPENDS:append:class-target = " gnutls-native" +DEPENDS:append:class-nativesdk = " gnutls-native" DEPENDS:append:libc-musl = " argp-standalone" SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" @@ -22,6 +24,12 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ file://arm_eabi.patch \ " +SRC_URI:append:class-target = "\ + file://0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch \ + " +SRC_URI:append:class-nativesdk = "\ + file://0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch \ + " SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f" @@ -36,6 +44,7 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn2" PACKAGECONFIG[libtasn1] = "--with-included-libtasn1=no,--with-included-libtasn1,libtasn1" PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit" PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers" +PACKAGECONFIG[fips] = "--enable-fips140-mode --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" EXTRA_OECONF = " \ --enable-doc \ @@ -59,6 +68,15 @@ do_configure:prepend() { done } +do_install:append:class-native() { + if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then + install -d ${D}${base_prefix}/bin + install -d ${D}${base_prefix}/bin/.libs + install -m 0755 ${B}/lib/fipshmac ${D}${base_prefix}/bin/ + install -m 0755 ${B}/lib/.libs/fipshmac ${D}/${base_prefix}/bin/.libs/ + fi +} + PACKAGES =+ "${PN}-openssl ${PN}-xx" FILES:${PN}-dev += "${bindir}/gnutls-cli-debug"
- Added fips option. - Fixed a cross compile bug when enable fips. Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> --- ...r-cross-compile-when-enable-fips.Usi.patch | 28 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_3.7.4.bb | 18 ++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/0001-Fix-build-bug-for-cross-compile-when-enable-fips.Usi.patch