[Buildroot] [PATCH] package/softhsm2: new package

Gilles Talis gilles.talis at gmail.com
Sun Oct 17 11:13:53 UTC 2021


Hi José,

Le ven. 15 oct. 2021 à 10:39, José Pekkarinen <jose.pekkarinen at unikie.com>
a écrit :

> The patch adds a basic config file and a basic
> recipe to build softhsm2.
>
> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
>
Thanks for your contribution.


> ---
>  package/softhsm2/Config.in   |  8 ++++++++
>  package/softhsm2/softhsm2.mk | 15 +++++++++++++++
>  2 files changed, 23 insertions(+)
>  create mode 100644 package/softhsm2/Config.in
>  create mode 100644 package/softhsm2/softhsm2.mk

You miss a few things here:
1)  an entry to the package/Config,in file that provides a link to your
package, thus a way to find it and select it. In your case, it would go
under "Security" menu.
2) a file that contains the hash sum of the package and its license file.
3) an entry to the DEVELOPERS file with your name and package.


> diff --git a/package/softhsm2/Config.in b/package/softhsm2/Config.in
> new file mode 100644
> index 0000000000..10c9f0e557
> --- /dev/null
> +++ b/package/softhsm2/Config.in
> @@ -0,0 +1,8 @@
> +config BR2_PACKAGE_SOFTHSM2
> +       bool "softhsm2"
>
what's a bit confusing is that the package name is SoftHSM on the
opendnssec website, but called SoftHSM version 2 on github. I assume we
could go for SoftHSM2


> +       depends on BR2_PACKAGE_LIBOPENSSL
>
Even though the package has openssl as a dependency, "select
BR2_PACKAGE_LIBOPENSSL" is more appropriate here. It means that openssl
will be automatically selected when softhsm2 is selected. "depends on"
means that your package will not appear in the list if openssl is not
already slected.
By the way, it seems like botan is a potential crypto library dependency.
If you want to give the user the choice between the crypto libraries to
use, please have a look at package/libcurl/Config.in in the "choice"
section.


> +       select BR2_PACKAGE_LIBTOOL
>
libtool does not need to be selected. buildroot build system will take care
of installing it for you.


> +       help
> +               SoftHSM is an implementation of a cryptographic store
> accessible through a PKCS\#11 interface. You can use it to explore PKCS\#11
> without having a Hardware Security Module.
>
The help text should be indented with one tab and two spaces, lines should
be wrapped to fit 72 columns, where tab counts for 8, so 62 characters in
the text itself. You don't need the "\" before the #11


> +
> +               https://github.com/opendnssec/SoftHSMv2

It seems like https://www.opendnssec.org/softhsm/ is the actual SoftHSM
home page.


> diff --git a/package/softhsm2/softhsm2.mk b/package/softhsm2/softhsm2.mk
> new file mode 100644
> index 0000000000..4496d70c3d
> --- /dev/null
> +++ b/package/softhsm2/softhsm2.mk
> @@ -0,0 +1,15 @@
>
> +################################################################################
> +#
> +# softhsm2
> +#
>
> +################################################################################
> +
> +SOFTHSM2_VERSION = 2.6.1
> +SOFTHSM2_SITE = $(call github,opendnssec,SoftHSMv2,$(SOFTHSM2_VERSION))
>
The home page provides a tarball in (
https://www.opendnssec.org/2020/04/1602/). We prefer to work with already
packaged tarballs.

+SOFTHSM2_LICENSE = GPL-2
>
It is actually BSD-2-Clause

+SOFTHSM2_LICENSE_FILES = LICENSE
> +SOFTHSM2_DEPENDENCIES = libtool openssl
>
As mentioned above, you do not need to mention libtool as a dependency.

+SOFTHSM2_AUTORECONF = YES
> +SOFTHSM2_INSTALL_TARGET = YES
>
It seems like SoftHSM also provides a library. In that case, you will need
a SOFTHSM2_INSTALL_STAGING = YES as well.


> +
> +$(eval $(autotools-package))
> --
> 2.25.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

Can you please review my comments and send a second version?
When in doubt, please consult the documentation:
https://buildroot.org/downloads/manual/manual.html#adding-packages

I would also recommend you run the following utilities to verify that your
patch is correct:
1) check-package (
https://buildroot.org/downloads/manual/manual.html#check-package) to check
the coding style of added files
2) test-pkg (chapter 18.24.3 of the buildroot documentation) to check if
your package can build in various configurations.

Thanks
Gilles.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211017/ee505f9e/attachment.html>


More information about the buildroot mailing list