[Buildroot] [PATCH v2] package/softhsm2: new package

José Pekkarinen jose.pekkarinen at unikie.com
Mon Oct 25 05:47:39 UTC 2021


On Sun, Oct 24, 2021 at 11:39 AM Gilles Talis <gilles.talis at gmail.com>
wrote:

> Hi José,
>
> Le mar. 19 oct. 2021 à 10:05, José Pekkarinen <jose.pekkarinen at unikie.com>
> a écrit :
>
>> This patch adds a package for softhsm2.
>>
>> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
>> ---
>> [ v1 -> v2 ]
>>   - Added hash file and license information
>>   - Moved recipe to use tarball
>>   - Provided support to build against different ssl libraries
>>   - Fixed toolchain dependencies and ssl select
>>   - Referenced the package in package/Config.in
>>   - Added myself as developer
>>
> thanks for this update. There are still a few things to fix in your patch.
>

Hi,

No problem, I'll get to them.



>
>>  DEVELOPERS                     |  3 +++
>>  package/Config.in              |  1 +
>>  package/softhsm2/Config.in     | 35 ++++++++++++++++++++++++++++++++++
>>  package/softhsm2/softhsm2.hash |  4 ++++
>>  package/softhsm2/softhsm2.mk   | 16 ++++++++++++++++
>>  5 files changed, 59 insertions(+)
>>  create mode 100644 package/softhsm2/Config.in
>>  create mode 100644 package/softhsm2/softhsm2.hash
>>  create mode 100644 package/softhsm2/softhsm2.mk
>>
>> diff --git a/DEVELOPERS b/DEVELOPERS
>> index f6c39516b5..83d20d56cc 100644
>> --- a/DEVELOPERS
>> +++ b/DEVELOPERS
>> @@ -2927,3 +2927,6 @@ F:        package/qjson/
>>  F:     package/quazip/
>>  F:     package/shapelib/
>>  F:     package/tinc/
>> +
>> +N:     José Pekkarinen <jose.pekkarinen at unikie.com>
>> +F:     package/softhsm2/
>> diff --git a/package/Config.in b/package/Config.in
>> index 7971726875..4f9cd38a97 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -2019,6 +2019,7 @@ menu "Security"
>>         source "package/libsemanage/Config.in"
>>         source "package/libsepol/Config.in"
>>         source "package/safeclib/Config.in"
>> +       source "package/softhsm2/Config.in"
>>  endmenu
>>
>>  menu "Text and terminal handling"
>> diff --git a/package/softhsm2/Config.in b/package/softhsm2/Config.in
>> new file mode 100644
>> index 0000000000..e4ca75de12
>> --- /dev/null
>> +++ b/package/softhsm2/Config.in
>> @@ -0,0 +1,35 @@
>> +config BR2_PACKAGE_SOFTHSM2
>> +       bool "softhsm2"
>> +       depends on BR2_INSTALL_LIBSTDCPP
>> +       depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
>> +       depends on !BR2_STATIC_LIBS # dlopen()
>> +       select BR2_PACKAGE_OPENSSL
>> +       select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
>>
> I know I somewhat confused you in my first review :-) But did you check
> whether your package could work with libressl. If it does, you do not need
> the select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
> Please refer to Arnout's comment on the first version of your patch.
>

Is this something I can quickly test by changing the

config snippet in test-pkg?


> +       help
>> +         SoftHSM is an implementation of a cryptographic store
>> +         accessible through a PKCS#11 interface. You can use it
>> +         to explore PKCS#11 without having a Hardware Security
>> +         Module.
>> +
>> +               https://www.opendnssec.org/softhsm
>
> The upstream url should have the same indentation as the help text above.
> Please make sure you run the "./utils/check-package" utility before pushing
> your patch.
>

Well, sorry, but I did, this is the output of the

patch before correcting the indentation:

$ ./utils/check-package package/softhsm2/*
55 lines processed
0 warnings generated


>
>> +
>> +choice
>> +       prompt "SSL/TLS library to use"
>> +
>> +config BR2_PACKAGE_SOFTHSM2_OPENSSL
>> +       bool "OpenSSL"
>> +       depends on BR2_PACKAGE_OPENSSL
>> +       select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_BEARSSL
>> +       bool "BearSSL"
>> +       depends on BR2_PACKAGE_BEARSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_WOLFSSL
>> +       bool "WolfSSL"
>> +       depends on BR2_PACKAGE_WOLFSSL
>> +       select BR2_PACKAGE_WOLFSSL_ALL
>> +
>> +endchoice
>>
> This is not required. You can get rid of the choice menu, as you are not
> interested in supporting botan.
>

Alright, removing.


+
>> +comment "softhsm2 needs a toolchain with dynamic library"
>>
> a few comments there:
> 1) this should appear conditionally so you should mention the
> dependencies. Please refer to other packages that have the same type of
> constraints.
> 2) you should mention the CPP and C++11 requirements ("sofhsm2 needs a
> toolchain w/ C++, gcc >= 4.8 and dynamic library support")
>
>
>> diff --git a/package/softhsm2/softhsm2.hash
>> b/package/softhsm2/softhsm2.hash
>> new file mode 100644
>> index 0000000000..a33e0d7e6f
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.hash
>> @@ -0,0 +1,4 @@
>> +# From https://www.opendnssec.org/2020/04/1602/
>> +sha256 61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2
>> softhsm-2.6.1.tar.gz
>> +# Locally computed
>> +sha256 230cab7102816e99f7ce03ef476352fcad09d742fcbc6580d44393db6280b64c
>> LICENSE
>>
> the correct indentation is
> sha256 <2 spaces> sha256sum <2 spaces> package/license
>

Ack.



> diff --git a/package/softhsm2/softhsm2.mk b/package/softhsm2/softhsm2.mk
>> new file mode 100644
>> index 0000000000..4b47def3bf
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.mk
>> @@ -0,0 +1,16 @@
>>
>> +################################################################################
>> +#
>> +# softhsm2
>> +#
>>
>> +################################################################################
>> +
>> +SOFTHSM2_VERSION = 2.6.1
>> +SOFTHSM2_SOURCE = softhsm-$(SOFTHSM2_VERSION).tar.gz
>>
> This is not required as it is the default
>

Ack.



> +SOFTHSM2_SITE = https://dist.opendnssec.org/source
>> +SOFTHSM2_LICENSE = BSD-2-Clause
>> +SOFTHSM2_LICENSE_FILES = LICENSE
>> +SOFTHSM2_DEPENDENCIES = openssl
>> +SOFTHSM2_AUTORECONF = YES
>>
> you should explain why it is required, e.g. "no configure script provided"
>

Hum... I thought I removed this because of previous comments,

I'll recheck this out.

Thanks!


José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211025/ac6f75d5/attachment.html>


More information about the buildroot mailing list