[Buildroot] [PATCH v2] package/softhsm2: new package

Gilles Talis gilles.talis at gmail.com
Sun Oct 24 08:38:52 UTC 2021


Hi José,

Le mar. 19 oct. 2021 à 10:05, José Pekkarinen <jose.pekkarinen at unikie.com>
a écrit :

> This patch adds a package for softhsm2.
>
> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> ---
> [ v1 -> v2 ]
>   - Added hash file and license information
>   - Moved recipe to use tarball
>   - Provided support to build against different ssl libraries
>   - Fixed toolchain dependencies and ssl select
>   - Referenced the package in package/Config.in
>   - Added myself as developer
>
thanks for this update. There are still a few things to fix in your patch.


>  DEVELOPERS                     |  3 +++
>  package/Config.in              |  1 +
>  package/softhsm2/Config.in     | 35 ++++++++++++++++++++++++++++++++++
>  package/softhsm2/softhsm2.hash |  4 ++++
>  package/softhsm2/softhsm2.mk   | 16 ++++++++++++++++
>  5 files changed, 59 insertions(+)
>  create mode 100644 package/softhsm2/Config.in
>  create mode 100644 package/softhsm2/softhsm2.hash
>  create mode 100644 package/softhsm2/softhsm2.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index f6c39516b5..83d20d56cc 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -2927,3 +2927,6 @@ F:        package/qjson/
>  F:     package/quazip/
>  F:     package/shapelib/
>  F:     package/tinc/
> +
> +N:     José Pekkarinen <jose.pekkarinen at unikie.com>
> +F:     package/softhsm2/
> diff --git a/package/Config.in b/package/Config.in
> index 7971726875..4f9cd38a97 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2019,6 +2019,7 @@ menu "Security"
>         source "package/libsemanage/Config.in"
>         source "package/libsepol/Config.in"
>         source "package/safeclib/Config.in"
> +       source "package/softhsm2/Config.in"
>  endmenu
>
>  menu "Text and terminal handling"
> diff --git a/package/softhsm2/Config.in b/package/softhsm2/Config.in
> new file mode 100644
> index 0000000000..e4ca75de12
> --- /dev/null
> +++ b/package/softhsm2/Config.in
> @@ -0,0 +1,35 @@
> +config BR2_PACKAGE_SOFTHSM2
> +       bool "softhsm2"
> +       depends on BR2_INSTALL_LIBSTDCPP
> +       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
> +       depends on !BR2_STATIC_LIBS # dlopen()
> +       select BR2_PACKAGE_OPENSSL
> +       select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
>
I know I somewhat confused you in my first review :-) But did you check
whether your package could work with libressl. If it does, you do not need
the select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
Please refer to Arnout's comment on the first version of your patch.

+       help
> +         SoftHSM is an implementation of a cryptographic store
> +         accessible through a PKCS#11 interface. You can use it
> +         to explore PKCS#11 without having a Hardware Security
> +         Module.
> +
> +               https://www.opendnssec.org/softhsm

The upstream url should have the same indentation as the help text above.
Please make sure you run the "./utils/check-package" utility before pushing
your patch.


>
> +
> +choice
> +       prompt "SSL/TLS library to use"
> +
> +config BR2_PACKAGE_SOFTHSM2_OPENSSL
> +       bool "OpenSSL"
> +       depends on BR2_PACKAGE_OPENSSL
> +       select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
> +
> +config BR2_PACKAGE_SOFTHSM2_BEARSSL
> +       bool "BearSSL"
> +       depends on BR2_PACKAGE_BEARSSL
> +
> +config BR2_PACKAGE_SOFTHSM2_WOLFSSL
> +       bool "WolfSSL"
> +       depends on BR2_PACKAGE_WOLFSSL
> +       select BR2_PACKAGE_WOLFSSL_ALL
> +
> +endchoice
>
This is not required. You can get rid of the choice menu, as you are not
interested in supporting botan.

+
> +comment "softhsm2 needs a toolchain with dynamic library"
>
a few comments there:
1) this should appear conditionally so you should mention the dependencies.
Please refer to other packages that have the same type of constraints.
2) you should mention the CPP and C++11 requirements ("sofhsm2 needs a
toolchain w/ C++, gcc >= 4.8 and dynamic library support")


> diff --git a/package/softhsm2/softhsm2.hash
> b/package/softhsm2/softhsm2.hash
> new file mode 100644
> index 0000000000..a33e0d7e6f
> --- /dev/null
> +++ b/package/softhsm2/softhsm2.hash
> @@ -0,0 +1,4 @@
> +# From https://www.opendnssec.org/2020/04/1602/
> +sha256 61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2
> softhsm-2.6.1.tar.gz
> +# Locally computed
> +sha256 230cab7102816e99f7ce03ef476352fcad09d742fcbc6580d44393db6280b64c
> LICENSE
>
the correct indentation is
sha256 <2 spaces> sha256sum <2 spaces> package/license

diff --git a/package/softhsm2/softhsm2.mk b/package/softhsm2/softhsm2.mk
> new file mode 100644
> index 0000000000..4b47def3bf
> --- /dev/null
> +++ b/package/softhsm2/softhsm2.mk
> @@ -0,0 +1,16 @@
>
> +################################################################################
> +#
> +# softhsm2
> +#
>
> +################################################################################
> +
> +SOFTHSM2_VERSION = 2.6.1
> +SOFTHSM2_SOURCE = softhsm-$(SOFTHSM2_VERSION).tar.gz
>
This is not required as it is the default


> +SOFTHSM2_SITE = https://dist.opendnssec.org/source
> +SOFTHSM2_LICENSE = BSD-2-Clause
> +SOFTHSM2_LICENSE_FILES = LICENSE
> +SOFTHSM2_DEPENDENCIES = openssl
> +SOFTHSM2_AUTORECONF = YES
>
you should explain why it is required, e.g. "no configure script provided"

+SOFTHSM2_INSTALL_STAGING = YES
> +
> +$(eval $(autotools-package))
> --
> 2.25.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211024/f2be7769/attachment.html>


More information about the buildroot mailing list