[Buildroot] [PATCH 3/3] sbsigntools: new package

Peter Korsgaard peter at korsgaard.com
Tue Jul 17 21:25:31 UTC 2018


>>>>> "Celso" == Celso Varella <celso.neto.cwi at datacom.com.br> writes:

 > Linux user-space utility for signing and verifying files for UEFI Secure
 > Boot.

 > The recipe is a bit complicated because sbsigntools requires a specific
 > version of CCAN (see https://github.com/rustyrussell/ccan/) and uses a
 > script to download, configure and build it. We must patch configure.ac,
 > Makefile.am and the ccan Makefile to remove hard-coded paths and git
 > invocations.

Does the script (I take it that you are referring to
lib/ccan.git/tools/create-ccan-tree) really download anything? To me it
just looks like it copies a number of files from lib/ccan.git to
lib/ccan?

As this package comes from git and it already has submodule pointing to
the specific version of ccan, perhaps the easiest solution is to get it
from git and set SBSIGNTOOL_GIT_SUBMODULES = YES to also fetch the
submodule?

 > We must also apply two patches already sent to the maintainer by email

 > - Fix an automake warning that source file 'ccan/time/time.c' is in a
 >   subdirectory but option 'subdir-objects' is disabled.
 > - Improve error handling and prevent a memory leak in an internal
 >   function.

While certainly nice, these doesn't sound like something really
critical as sbsign isn't a long running program.

 > +################################################################################
 > +#
 > +# sbsigntools
 > +#
 > +################################################################################
 > +
 > +SBSIGNTOOLS_VERSION = 0.9.1
 > +SBSIGNTOOLS_SITE = https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/snapshot
 > +SBSIGNTOOLS_LICENSE = GPL-3.0+
 > +SBSIGNTOOLS_LICENSE_FILES = COPYING \
 > +	lib/ccan.git/licenses/BSD-3CLAUSE \
 > +	lib/ccan.git/licenses/BSD-MIT \
 > +	lib/ccan.git/licenses/GPL-2 \
 > +	lib/ccan.git/licenses/GPL-3 \
 > +	lib/ccan.git/licenses/LGPL-2.1 \
 > +	lib/ccan.git/licenses/LGPL-3
 > +SBSIGNTOOLS_AUTORECONF = YES
 > +
 > +SBSIGNTOOLS_DEPENDENCIES = host-pkgconf binutils gnu-efi openssl util-linux
 > +SBSIGNTOOLS_CFLAGS = \
 > +	-I$(BINUTILS_DIR)/bfd \
 > +	-I$(BINUTILS_DIR)/include \
 > +	 $(TARGET_CFLAGS)

Hmm, looking directly in the files of binutils isn't really
nice. Doesn't the binutils package install these under
$STAGING_DIR/usr/include? If not, shouldn't it?

 > +SBSIGNTOOLS_EFI_CPPFLAGS = -I$(HOST_DIR)/include/efi \
 > +	-I$(HOST_DIR)/include/efi/$(HOST_GNU_EFI_PLATFORM)

Hmm, why would a target package need to look at host includes? This
variable doesn't seem to be used anywhere?

 > +define SBSIGNTOOLS_FIX_EFI_CPPFLAGS
 > +	$(SED) 's|^EFI_ARCH=.*|EFI_ARCH=$(GNU_EFI_PLATFORM)|;\
 > +		s|/usr/include/efi|$(STAGING_DIR)/usr/include/efi|g' \
 > +		$(@D)/configure.ac
 > +endef
 > +define HOST_SBSIGNTOOLS_FIX_EFI_CPPFLAGS
 > +	$(SED) 's|^EFI_ARCH=.*|EFI_ARCH=$(HOST_GNU_EFI_PLATFORM)|;\
 > +		s|/usr/include/efi|$(HOST_DIR)/include/efi|g' \
 > +		$(@D)/configure.ac
 > +endef
 > +SBSIGNTOOLS_POST_EXTRACT_HOOKS += SBSIGNTOOLS_POST_EXTRACT SBSIGNTOOLS_FIX_EFI_CPPFLAGS
 > +HOST_SBSIGNTOOLS_POST_EXTRACT_HOOKS += SBSIGNTOOLS_POST_EXTRACT HOST_SBSIGNTOOLS_FIX_EFI_CPPFLAGS

As we already autoreconf this package it would be great if we could
create upstreamable patches add configure options for EFI_ARCH and the
efi includes.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list