[Buildroot] [PATCH v2] package/softhsm2: new package
José Pekkarinen
jose.pekkarinen at unikie.com
Mon Oct 25 07:20:16 UTC 2021
On Sun, Oct 24, 2021 at 11:39 AM Gilles Talis <gilles.talis at gmail.com>
wrote:
> Hi José,
>
> Le mar. 19 oct. 2021 à 10:05, José Pekkarinen <jose.pekkarinen at unikie.com>
> a écrit :
>
>> This patch adds a package for softhsm2.
>>
>> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
>> ---
>> [ v1 -> v2 ]
>> - Added hash file and license information
>> - Moved recipe to use tarball
>> - Provided support to build against different ssl libraries
>> - Fixed toolchain dependencies and ssl select
>> - Referenced the package in package/Config.in
>> - Added myself as developer
>>
> thanks for this update. There are still a few things to fix in your patch.
>
>
>> DEVELOPERS | 3 +++
>> package/Config.in | 1 +
>> package/softhsm2/Config.in | 35 ++++++++++++++++++++++++++++++++++
>> package/softhsm2/softhsm2.hash | 4 ++++
>> package/softhsm2/softhsm2.mk | 16 ++++++++++++++++
>> 5 files changed, 59 insertions(+)
>> create mode 100644 package/softhsm2/Config.in
>> create mode 100644 package/softhsm2/softhsm2.hash
>> create mode 100644 package/softhsm2/softhsm2.mk
>>
>> diff --git a/DEVELOPERS b/DEVELOPERS
>> index f6c39516b5..83d20d56cc 100644
>> --- a/DEVELOPERS
>> +++ b/DEVELOPERS
>> @@ -2927,3 +2927,6 @@ F: package/qjson/
>> F: package/quazip/
>> F: package/shapelib/
>> F: package/tinc/
>> +
>> +N: José Pekkarinen <jose.pekkarinen at unikie.com>
>> +F: package/softhsm2/
>> diff --git a/package/Config.in b/package/Config.in
>> index 7971726875..4f9cd38a97 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -2019,6 +2019,7 @@ menu "Security"
>> source "package/libsemanage/Config.in"
>> source "package/libsepol/Config.in"
>> source "package/safeclib/Config.in"
>> + source "package/softhsm2/Config.in"
>> endmenu
>>
>> menu "Text and terminal handling"
>> diff --git a/package/softhsm2/Config.in b/package/softhsm2/Config.in
>> new file mode 100644
>> index 0000000000..e4ca75de12
>> --- /dev/null
>> +++ b/package/softhsm2/Config.in
>> @@ -0,0 +1,35 @@
>> +config BR2_PACKAGE_SOFTHSM2
>> + bool "softhsm2"
>> + depends on BR2_INSTALL_LIBSTDCPP
>> + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
>> + depends on !BR2_STATIC_LIBS # dlopen()
>> + select BR2_PACKAGE_OPENSSL
>> + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
>>
> I know I somewhat confused you in my first review :-) But did you check
> whether your package could work with libressl. If it does, you do not need
> the select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL.
> Please refer to Arnout's comment on the first version of your patch.
>
Seems it is needed according to test-pkg, see the output:
In file included from OSSLComp.cpp:34:
OSSLComp.h:87:2: error: #error This OpenSSL version is incompatible with
EDDSA
87 | #error This OpenSSL version is incompatible with EDDSA
| ^~~~~
libtool: compile:
/home/pekkari/br-test-pkg/bootlin-armv5-uclibc/host/bin/arm-linux-g++
-DHAVE_CONFIG_H -I. -I../../.. -I./.. -I./../common -I./../data_mgr
-I./../pkcs11 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LA
RGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -Wall -Wextra
-fvisibility=hidden -c OSSLDHPublicKey.cpp -fPIC -DPIC -o
.libs/OSSLDHPublicKey.o
In file included from OSSLDH.cpp:38:
OSSLComp.h:87:2: error: #error This OpenSSL version is incompatible with
EDDSA
87 | #error This OpenSSL version is incompatible with EDDSA
| ^~~~~
make[7]: *** [Makefile:865: OSSLComp.lo] Error 1
make[7]: *** Waiting for unfinished jobs....
In file included from OSSLDHPrivateKey.cpp:35:
OSSLComp.h:87:2: error: #error This OpenSSL version is incompatible with
EDDSA
87 | #error This OpenSSL version is incompatible with EDDSA
| ^~~~~
libtool: compile:
/home/pekkari/br-test-pkg/bootlin-armv5-uclibc/host/bin/arm-linux-g++
-DHAVE_CONFIG_H -I. -I../../.. -I./.. -I./../common -I./../data_mgr
-I./../pkcs11 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LA
RGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -Wall -Wextra
-fvisibility=hidden -c OSSLDSA.cpp -fPIC -DPIC -o .libs/OSSLDSA.o
In file included from OSSLDHPublicKey.cpp:35:
OSSLComp.h:87:2: error: #error This OpenSSL version is incompatible with
EDDSA
87 | #error This OpenSSL version is incompatible with EDDSA
| ^~~~~
In file included from OSSLDSA.cpp:39:
OSSLComp.h:87:2: error: #error This OpenSSL version is incompatible with
EDDSA
87 | #error This OpenSSL version is incompatible with EDDSA
| ^~~~~
$ cat softhsm2.config
BR2_PACKAGE_LIBRESSL=y
BR2_PACKAGE_SOFTHSM2=y
Best regards.
José.
> + help
>> + SoftHSM is an implementation of a cryptographic store
>> + accessible through a PKCS#11 interface. You can use it
>> + to explore PKCS#11 without having a Hardware Security
>> + Module.
>> +
>> + https://www.opendnssec.org/softhsm
>
> The upstream url should have the same indentation as the help text above.
> Please make sure you run the "./utils/check-package" utility before pushing
> your patch.
>
>
>>
>> +
>> +choice
>> + prompt "SSL/TLS library to use"
>> +
>> +config BR2_PACKAGE_SOFTHSM2_OPENSSL
>> + bool "OpenSSL"
>> + depends on BR2_PACKAGE_OPENSSL
>> + select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_BEARSSL
>> + bool "BearSSL"
>> + depends on BR2_PACKAGE_BEARSSL
>> +
>> +config BR2_PACKAGE_SOFTHSM2_WOLFSSL
>> + bool "WolfSSL"
>> + depends on BR2_PACKAGE_WOLFSSL
>> + select BR2_PACKAGE_WOLFSSL_ALL
>> +
>> +endchoice
>>
> This is not required. You can get rid of the choice menu, as you are not
> interested in supporting botan.
>
> +
>> +comment "softhsm2 needs a toolchain with dynamic library"
>>
> a few comments there:
> 1) this should appear conditionally so you should mention the
> dependencies. Please refer to other packages that have the same type of
> constraints.
> 2) you should mention the CPP and C++11 requirements ("sofhsm2 needs a
> toolchain w/ C++, gcc >= 4.8 and dynamic library support")
>
>
>> diff --git a/package/softhsm2/softhsm2.hash
>> b/package/softhsm2/softhsm2.hash
>> new file mode 100644
>> index 0000000000..a33e0d7e6f
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.hash
>> @@ -0,0 +1,4 @@
>> +# From https://www.opendnssec.org/2020/04/1602/
>> +sha256 61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2
>> softhsm-2.6.1.tar.gz
>> +# Locally computed
>> +sha256 230cab7102816e99f7ce03ef476352fcad09d742fcbc6580d44393db6280b64c
>> LICENSE
>>
> the correct indentation is
> sha256 <2 spaces> sha256sum <2 spaces> package/license
>
> diff --git a/package/softhsm2/softhsm2.mk b/package/softhsm2/softhsm2.mk
>> new file mode 100644
>> index 0000000000..4b47def3bf
>> --- /dev/null
>> +++ b/package/softhsm2/softhsm2.mk
>> @@ -0,0 +1,16 @@
>>
>> +################################################################################
>> +#
>> +# softhsm2
>> +#
>>
>> +################################################################################
>> +
>> +SOFTHSM2_VERSION = 2.6.1
>> +SOFTHSM2_SOURCE = softhsm-$(SOFTHSM2_VERSION).tar.gz
>>
> This is not required as it is the default
>
>
>> +SOFTHSM2_SITE = https://dist.opendnssec.org/source
>> +SOFTHSM2_LICENSE = BSD-2-Clause
>> +SOFTHSM2_LICENSE_FILES = LICENSE
>> +SOFTHSM2_DEPENDENCIES = openssl
>> +SOFTHSM2_AUTORECONF = YES
>>
> you should explain why it is required, e.g. "no configure script provided"
>
> +SOFTHSM2_INSTALL_STAGING = YES
>> +
>> +$(eval $(autotools-package))
>> --
>> 2.25.1
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at buildroot.org
>> https://lists.buildroot.org/mailman/listinfo/buildroot
>>
>
--
José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20211025/d320e1fd/attachment.html>
More information about the buildroot
mailing list