Port it from fedora: https://src.fedoraproject.org/rpms/fipscheck
It is required by openssh fips. Signed-off-by: Hongxu Jia <hongxu....@windriver.com> --- .../0001-compat-fip-with-openssl-1.0.2.patch | 34 ++++++++++++++++++++++ recipes-connectivity/openssh/fipscheck_1.5.0.bb | 30 +++++++++++++++++++ templates/feature/openssl-fips/template.conf | 2 +- 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch create mode 100644 recipes-connectivity/openssh/fipscheck_1.5.0.bb diff --git a/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch b/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch new file mode 100644 index 0000000..22e5a62 --- /dev/null +++ b/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch @@ -0,0 +1,34 @@ +From 3147ae2a63f10f9bbdd0a617b450ff8b9868e60f Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu....@windriver.com> +Date: Fri, 20 Sep 2019 17:51:09 +0800 +Subject: [PATCH] compat fip with openssl 1.0.2 + +In /usr/lib64/ssl/fips-2.0/include/openssl/opensslv.h +... +define OPENSSL_VERSION_NUMBER 0x10100000L +... +Since fips include file compat with openssl 1.1.0, do not include it +in Yocto + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Hongxu Jia <hongxu....@windriver.com> +--- + src/filehmac.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/filehmac.c b/src/filehmac.c +index a8eef00..0b36cec 100644 +--- a/src/filehmac.c ++++ b/src/filehmac.c +@@ -41,7 +41,6 @@ + #include <sys/wait.h> + + #if defined(WITH_OPENSSL) +-#include <openssl/fips.h> + #include <openssl/evp.h> + #include <openssl/hmac.h> + #elif defined(WITH_NSS) +-- +2.7.4 + diff --git a/recipes-connectivity/openssh/fipscheck_1.5.0.bb b/recipes-connectivity/openssh/fipscheck_1.5.0.bb new file mode 100644 index 0000000..68051d2 --- /dev/null +++ b/recipes-connectivity/openssh/fipscheck_1.5.0.bb @@ -0,0 +1,30 @@ +SUMMARY = "A library for integrity verification of FIPS validated modules" +DESCRIPTION = "FIPSCheck is a library for integrity verification of FIPS validated \ +modules. The package also provides helper binaries for creation and \ +verification of the HMAC-SHA256 checksum files." +HOMEPAGE = "https://pagure.io/fipscheck" +SECTION = "libs/network" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=35f2904ce138ac5fa63e7cedf96bbedf" + +SRC_URI = "https://releases.pagure.org/fipscheck/${BPN}-${PV}.tar.bz2 \ + file://0001-compat-fip-with-openssl-1.0.2.patch \ +" +SRC_URI[md5sum] = "86e756a7d2aa15f3f91033fb3eced99b" +SRC_URI[sha256sum] = "7ba38100ced187f44b12dd52c8c74db8f366a2a8b9da819bd3e7c6ea17f469d5" + +DEPENDS = " \ + openssl \ + openssl-fips \ +" + +inherit autotools pkgconfig + +EXTRA_OECONF += " \ + --disable-static \ +" +EXTRA_OEMAKE += " \ + -I${STAGING_LIBDIR_NATIVE}/ssl/fips-2.0/include \ +" + diff --git a/templates/feature/openssl-fips/template.conf b/templates/feature/openssl-fips/template.conf index 6da678c..9a551c3 100644 --- a/templates/feature/openssl-fips/template.conf +++ b/templates/feature/openssl-fips/template.conf @@ -8,4 +8,4 @@ OPENSSL_FIPS_PREBUILT ??= "" PNWHITELIST_meta-openssl-one-zero-two-fips += 'openssl-fips' PNWHITELIST_meta-openssl-one-zero-two-fips += 'openssl-fips-example' - +PNWHITELIST_meta-openssl-one-zero-two-fips += 'fipscheck' -- 2.7.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto