[Buildroot] [git commit] package/libp11: new package
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu Apr 4 19:31:58 UTC 2019
commit: https://git.buildroot.net/buildroot/commit/?id=c4fc706f556c80046bf5cba93b1964c376c71208
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Library for using PKCS#11, which includes an engine for OpenSSL that
lets it use PKCS#11 modules. Which is really what this package is
about, not that libp11 library itself, which has no users outside the
of OpenSSL engine.
If p11-kit is enabled, configure the engine to use that as the default
PKCS#11 module. That module is a sort of multiplexer that allows
multiple modules to be used at once, so it makes sense to use it even
if there are other modules present, e.g. softhsm2, nssckbi,
pkcs11-proxy, ykcs11, etc.
A host package is created too, with a host configuration option.
Since this a dynamically loaded module, there is no build time reason
to select it from a host package. It could be used by host openssl,
to allow host rauc to sign a software update bundle using a key from a
HSM with a PKCS#11 interface.
Signed-off-by: Trent Piepho <tpiepho at impinj.com>
Tested-by: Frank Hunleth <fhunleth at troodon-software.com>
[Thomas:
- add entry in DEVELOPERS file
- add missing !BR2_STATIC_LIBS dependency
- fix license information, as noticed by Frank Hunleth
- add missing dependency on host-pkgconf, needed by the configure
script to detect openssl
- explicitly pass --with-enginesdir as the value returned by
pkg-config is incorrectly prefixed by the sysroot]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
DEVELOPERS | 3 +++
package/Config.in | 1 +
package/Config.in.host | 1 +
package/libp11/Config.in | 12 ++++++++++++
package/libp11/Config.in.host | 6 ++++++
package/libp11/libp11.hash | 3 +++
package/libp11/libp11.mk | 26 ++++++++++++++++++++++++++
7 files changed, 52 insertions(+)
diff --git a/DEVELOPERS b/DEVELOPERS
index 8c6d5f9959..cce56c5ef2 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -2202,6 +2202,9 @@ F: toolchain/
N: Timo Ketola <timo.ketola at exertus.fi>
F: package/fbgrab/
+N: Trent Piepho <tpiepho at impinj.com>
+F: package/libp11/
+
N: Tzu-Jung Lee <roylee17 at gmail.com>
F: package/dropwatch/
F: package/tstools/
diff --git a/package/Config.in b/package/Config.in
index 5c42fb141d..dda4a6e98f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1198,6 +1198,7 @@ menu "Crypto"
source "package/libmcrypt/Config.in"
source "package/libmhash/Config.in"
source "package/libnss/Config.in"
+ source "package/libp11/Config.in"
source "package/libscrypt/Config.in"
source "package/libsecret/Config.in"
source "package/libsha1/Config.in"
diff --git a/package/Config.in.host b/package/Config.in.host
index fcbeb5b7f4..bc7e71882b 100644
--- a/package/Config.in.host
+++ b/package/Config.in.host
@@ -31,6 +31,7 @@ menu "Host utilities"
source "package/imx-usb-loader/Config.in.host"
source "package/jq/Config.in.host"
source "package/jsmin/Config.in.host"
+ source "package/libp11/Config.in.host"
source "package/lpc3250loader/Config.in.host"
source "package/lttng-babeltrace/Config.in.host"
source "package/mender-artifact/Config.in.host"
diff --git a/package/libp11/Config.in b/package/libp11/Config.in
new file mode 100644
index 0000000000..4d7ff56895
--- /dev/null
+++ b/package/libp11/Config.in
@@ -0,0 +1,12 @@
+config BR2_PACKAGE_LIBP11
+ bool "libp11"
+ depends on !BR2_STATIC_LIBS # dlopen
+ select BR2_PACKAGE_OPENSSL
+ help
+ OpenSSL engine for PKCS#11 modules. Part of the OpenSC
+ project.
+
+ https://github.com/OpenSC/OpenSC/wiki
+
+comment "libp11 needs a toolchain w/ dynamic library"
+ depends on BR2_STATIC_LIBS
diff --git a/package/libp11/Config.in.host b/package/libp11/Config.in.host
new file mode 100644
index 0000000000..ccc171025a
--- /dev/null
+++ b/package/libp11/Config.in.host
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_HOST_LIBP11
+ bool "host libp11"
+ help
+ OpenSSL engine for PKCS#11 modules. Part of the OpenSC project.
+
+ https://github.com/OpenSC/OpenSC/wiki
diff --git a/package/libp11/libp11.hash b/package/libp11/libp11.hash
new file mode 100644
index 0000000000..01cea6466b
--- /dev/null
+++ b/package/libp11/libp11.hash
@@ -0,0 +1,3 @@
+# Locally computed:
+sha256 9d1c76d74c21ca224f96204982097ebc6b956f645b2b0b5f9c502a20e9ffcfd8 libp11-0.4.9.tar.gz
+sha256 d80c9d084ebfb50ea1ed91bfbc2410d6ce542097a32c43b00781b83adcb8c77f COPYING
diff --git a/package/libp11/libp11.mk b/package/libp11/libp11.mk
new file mode 100644
index 0000000000..08c32dcd15
--- /dev/null
+++ b/package/libp11/libp11.mk
@@ -0,0 +1,26 @@
+################################################################################
+#
+# libp11
+#
+################################################################################
+
+LIBP11_VERSION = 0.4.9
+LIBP11_SITE = https://github.com/OpenSC/libp11/releases/download/libp11-$(LIBP11_VERSION)
+LIBP11_DEPENDENCIES = openssl host-pkgconf
+LIBP11_INSTALL_STAGING = YES
+LIBP11_LICENSE = LGPL-2.1+
+LIBP11_LICENSE_FILES = COPYING
+
+# pkg-config returns a libcrypto enginesdir prefixed with the sysroot,
+# so let's rip it out.
+LIBP11_CONF_OPTS = \
+ --with-enginesdir=`$(PKG_CONFIG_HOST_BINARY) --variable enginesdir libcrypto | xargs readlink -f | sed 's%^$(STAGING_DIR)%%'`
+
+ifeq ($(BR2_PACKAGE_P11_KIT),y)
+LIBP11_CONF_OPTS += --with-pkcs11-module=/usr/lib/p11-kit-proxy.so
+endif
+
+HOST_LIBP11_DEPENDENCIES = host-openssl
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))
More information about the buildroot
mailing list