[Buildroot] [PATCH v2] package/softhsm2: new package
José Pekkarinen
jose.pekkarinen at unikie.com
Mon Oct 25 05:47:39 UTC 2021
On Sun, Oct 24, 2021 at 11:39 AM Gilles Talis <gilles.talis at gmail.com>
wrote:
> Hi José,
>
> Le mar. 19 oct. 2021 à 10:05, José Pekkarinen <jose.pekkarinen at unikie.com>
> a écrit :
>
>> This patch adds a package for softhsm2.
>>
>> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
>> ---
>> [ v1 -> v2 ]
>> - Added hash file and license information
>> - Moved recipe to use tarball
>> - Provided support to build against different ssl libraries
>> - Fixed toolchain dependencies and ssl select
>> - Referenced the package in package/Config.in
>> - Added myself as developer
>>
> thanks for this update. There are still a few things to fix in your patch.
>
Hi,
No problem, I'll get to them.
>
>> DEVELOPERS | 3 +++
>> package/Config.in | 1 +
>> package/softhsm2/Config.in | 35 ++++++++++++++++++++++++++++++++++
>> package/softhsm2/softhsm2.hash | 4 ++++
>> package/softhsm2/softhsm2.mk | 16 ++++++++++++++++
>> 5 files changed, 59 insertions(+)
>> create mode 100644 package/softhsm2/Config.in
>> create mode 100644 package/softhsm2/softhsm2.hash
>> create mode 100644 package/softhsm2/softhsm2.mk
>>
>> diff --git a/DEVELOPERS b/DEVELOPERS
>> index f6c39516b5..83d20d56cc 100644
>> --- a/DEVELOPERS
>> +++ b/DEVELOPERS
>> @@ -2927,3 +2927,6 @@ F: package/qjson/
>> F: package/quazip/
>> F: package/shapelib/
>> F: package/tinc/
>> +
>> +N: José Pekkarinen <jose.pekkarinen at unikie.com>
>> +F: package/softhsm2/
>> diff --git a/package/Config.in b/package/Config.in
>> index 7971726875..4f9cd38a97 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -2019,6 +2019,7 @@ menu "Security"
>> source "package/libsemanage/Config.in"
>> source "package/libsepol/Config.in"
>> source "package/safeclib/Config.in"
>> + source "package/softhsm2/Config.in"
>> endmenu
>>
>> menu "Text and terminal handling"
>> diff --git a/package/softhsm2/Config.in b/package/softhsm2/Config.in
>> new file mode 100644
>> index 0000000000..e4ca75de12
>> --- /dev/null
>> +++ b/package/softhsm2/Config.in
>> @@ -0,0 +1,35 @@
>> +config BR2_PACKAGE_SOFTHSM2
>> + bool "softhsm2"
>> + depends on BR2_INSTALL_LIBSTDCPP
>> + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
>> + depends on !BR2_STATIC_LIBS # dlopen()
>> + select BR2_PACKAGE_OPENSSL
>> + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
>>
> I know I somewhat confused you in my first review :-) But did you check
> whether your package could work with libressl. If it does, you do not need
> the select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
> Please refer to Arnout's comment on the first version of your patch.
>
Is this something I can quickly test by changing the
config snippet in test-pkg?
> + help
>> + SoftHSM is an implementation of a cryptographic store
>> + accessible through a PKCS#11 interface. You can use it
>> + to explore PKCS#11 without having a Hardware Security
>> + Module.
>> +
>> + https://www.opendnssec.org/softhsm
>
> The upstream url should have the same indentation as the help text above.
> Please make sure you run the "./utils/check-package" utility before pushing
> your patch.
>
Well, sorry, but I did, this is the output of the
patch before correcting the indentation:
$ ./utils/check-package package/softhsm2/*
55 lines processed
0 warnings generated
>
>> +
>> +choice
>> + prompt "SSL/TLS library to use"
>> +
>> +config BR2_PACKAGE_SOFTHSM2_OPENSSL
>> + bool "OpenSSL"
>> + depends on BR2_PACKAGE_OPENSSL
>> + select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_BEARSSL
>> + bool "BearSSL"
>> + depends on BR2_PACKAGE_BEARSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_WOLFSSL
>> + bool "WolfSSL"
>> + depends on BR2_PACKAGE_WOLFSSL
>> + select BR2_PACKAGE_WOLFSSL_ALL
>> +
>> +endchoice
>>
> This is not required. You can get rid of the choice menu, as you are not
> interested in supporting botan.
>
Alright, removing.
+
>> +comment "softhsm2 needs a toolchain with dynamic library"
>>
> a few comments there:
> 1) this should appear conditionally so you should mention the
> dependencies. Please refer to other packages that have the same type of
> constraints.
> 2) you should mention the CPP and C++11 requirements ("sofhsm2 needs a
> toolchain w/ C++, gcc >= 4.8 and dynamic library support")
>
>
>> diff --git a/package/softhsm2/softhsm2.hash
>> b/package/softhsm2/softhsm2.hash
>> new file mode 100644
>> index 0000000000..a33e0d7e6f
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.hash
>> @@ -0,0 +1,4 @@
>> +# From https://www.opendnssec.org/2020/04/1602/
>> +sha256 61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2
>> softhsm-2.6.1.tar.gz
>> +# Locally computed
>> +sha256 230cab7102816e99f7ce03ef476352fcad09d742fcbc6580d44393db6280b64c
>> LICENSE
>>
> the correct indentation is
> sha256 <2 spaces> sha256sum <2 spaces> package/license
>
Ack.
> diff --git a/package/softhsm2/softhsm2.mk b/package/softhsm2/softhsm2.mk
>> new file mode 100644
>> index 0000000000..4b47def3bf
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.mk
>> @@ -0,0 +1,16 @@
>>
>> +################################################################################
>> +#
>> +# softhsm2
>> +#
>>
>> +################################################################################
>> +
>> +SOFTHSM2_VERSION = 2.6.1
>> +SOFTHSM2_SOURCE = softhsm-$(SOFTHSM2_VERSION).tar.gz
>>
> This is not required as it is the default
>
Ack.
> +SOFTHSM2_SITE = https://dist.opendnssec.org/source
>> +SOFTHSM2_LICENSE = BSD-2-Clause
>> +SOFTHSM2_LICENSE_FILES = LICENSE
>> +SOFTHSM2_DEPENDENCIES = openssl
>> +SOFTHSM2_AUTORECONF = YES
>>
> you should explain why it is required, e.g. "no configure script provided"
>
Hum... I thought I removed this because of previous comments,
I'll recheck this out.
Thanks!
José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211025/ac6f75d5/attachment.html>
More information about the buildroot
mailing list