[meta-virtualization] [PATCH 4/7] xen: PolarSSL recipe and patches for Xen stubdoms

Thu Mar 8 13:09:15 PST 2018

On Mon, Mar 5, 2018 at 10:35 AM, Kurt Bodiker
<kurt.bodiker at braintrust-us.com> wrote:
> From: kebodiker <kurt.bodiker at braintrust-us.com>
>
> PolarSSL (now mbedTLS) is a lightweight SSL library optimized for
> embedded systems.  In the case of Xen stubdomains, we are using MiniOS.
> This PolarSSL recipe creates a static library that is cross-compiled
> against MiniOS, Xen, LWIP, and Newlib headers and subsequently used
> during the cross-compilation and linking of the stubdom specific GMP,
> TPM Emulator, and the Xen vTPM and vTPM Manager stubdomains.
>
> The current Xen source code is hardcoded to fetch a specific version of
> this package.  The patch files originate from the Xen/stubdom source
> tree. This recipe provides the flexibility to change version or modify
> the patches.
>
> Signed-off-by: Kurt Bodiker <kurt.bodiker at braintrust-us.com>
> ---
>  recipes-extended/xen/files/polarssl.patch | 64 +++++++++++++++++++++++++++++++
>  recipes-extended/xen/polarssl.inc         | 25 ++++++++++++
>  recipes-extended/xen/polarssl_1.1.4.bb    | 17 ++++++++
>  3 files changed, 106 insertions(+)
>  create mode 100644 recipes-extended/xen/files/polarssl.patch
>  create mode 100644 recipes-extended/xen/polarssl.inc
>  create mode 100644 recipes-extended/xen/polarssl_1.1.4.bb
>
> diff --git a/recipes-extended/xen/files/polarssl.patch b/recipes-extended/xen/files/polarssl.patch
> new file mode 100644
> index 0000000..d387d4e
> --- /dev/null
> +++ b/recipes-extended/xen/files/polarssl.patch
> @@ -0,0 +1,64 @@
> +diff -Naur polarssl-1.1.4/include/polarssl/config.h polarssl-x86_64/include/polarssl/config.h
> +--- polarssl-1.1.4/include/polarssl/config.h   2011-12-22 05:06:27.000000000 -0500
> ++++ polarssl-x86_64/include/polarssl/config.h  2012-10-30 17:18:07.567001000 -0400
> +@@ -164,8 +164,8 @@
> +  * application.
> +  *
> +  * Uncomment this macro to prevent loading of default entropy functions.
> +-#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
> +  */
> ++#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
> +
> + /**
> +  * \def POLARSSL_NO_PLATFORM_ENTROPY
> +@@ -175,8 +175,8 @@
> +  * standards like the /dev/urandom or Windows CryptoAPI.
> +  *
> +  * Uncomment this macro to disable the built-in platform entropy functions.
> +-#define POLARSSL_NO_PLATFORM_ENTROPY
> +  */
> ++#define POLARSSL_NO_PLATFORM_ENTROPY
> +
> + /**
> +  * \def POLARSSL_PKCS1_V21
> +@@ -426,8 +426,8 @@
> +  * Requires: POLARSSL_TIMING_C
> +  *
> +  * This module enables the HAVEGE random number generator.
> +- */
> + #define POLARSSL_HAVEGE_C
> ++ */
> +
> + /**
> +  * \def POLARSSL_MD_C
> +@@ -490,7 +490,7 @@
> +  *
> +  * This module provides TCP/IP networking routines.
> +  */
> +-#define POLARSSL_NET_C
> ++//#define POLARSSL_NET_C
> +
> + /**
> +  * \def POLARSSL_PADLOCK_C
> +@@ -644,8 +644,8 @@
> +  * Caller:  library/havege.c
> +  *
> +  * This module is used by the HAVEGE random number generator.
> +- */
> + #define POLARSSL_TIMING_C
> ++ */
> +
> + /**
> +  * \def POLARSSL_VERSION_C
> +diff -Naur polarssl-1.1.4/library/bignum.c polarssl-x86_64/library/bignum.c
> +--- polarssl-1.1.4/library/bignum.c    2012-04-29 16:15:55.000000000 -0400
> ++++ polarssl-x86_64/library/bignum.c   2012-10-30 17:21:52.135000999 -0400
> +@@ -1101,7 +1101,7 @@
> +             Z.p[i - t - 1] = ~0;
> +         else
> +         {
> +-#if defined(POLARSSL_HAVE_LONGLONG)
> ++#if 0 //defined(POLARSSL_HAVE_LONGLONG)
> +             t_udbl r;
> +
> +             r  = (t_udbl) X.p[i] << biL;
> diff --git a/recipes-extended/xen/polarssl.inc b/recipes-extended/xen/polarssl.inc
> new file mode 100644
> index 0000000..f90cd2f
> --- /dev/null
> +++ b/recipes-extended/xen/polarssl.inc
> @@ -0,0 +1,25 @@
> +# Copyright (C) 2017 Kurt Bodiker <kurt.bodiker at braintrust-us.com>
> +# Released under the MIT license (see COPYING.MIT for the terms)
> +
> +require stubdom.inc
> +
> +DEPENDS += "\
> +    newlib \
> +"
> +STUBDOM_CFLAGS += "-Wno-memset-elt-size -Wno-implicit-fallthrough"
> +
> +# even though there's nothing to configure, we still need this to run the "make links" target in mini-os
> +do_configure(){
> +}
> +
> +do_compile() {
> +    ${MAKE} CC="${HOST_PREFIX}gcc --sysroot=${RECIPE_SYSROOT} ${STUBDOM_CPPFLAGS} ${STUBDOM_CFLAGS}"

Is there a reason why oe_runmake doesn't work here ?

> +}
> +
> +do_install() {
> +    install -d ${D}${includedir}
> +    cp -r -t ${D}${includedir} ${S}/include/polarssl
> +
> +    install -d ${D}/${libdir}
> +    install -m 644 -t ${D}/${libdir} ${S}/library/libpolarssl.a
> +}
> diff --git a/recipes-extended/xen/polarssl_1.1.4.bb b/recipes-extended/xen/polarssl_1.1.4.bb
> new file mode 100644
> index 0000000..2d4c2e0
> --- /dev/null
> +++ b/recipes-extended/xen/polarssl_1.1.4.bb
> @@ -0,0 +1,17 @@
> +# Copyright (C) 2017 Kurt Bodiker <kurt.bodiker at braintrust-us.com>
> +# Released under the MIT license (see COPYING.MIT for the terms)
> +
> +DESCRIPTION = "PolarSSL (now 'mbed TLS') is an open source, portable, easy to use, readable and flexible SSL library."
> +HOMEPAGE = "https://tls.mbed.org"
> +LICENSE = "GPLv2"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
> +
> +S="${WORKDIR}/${PN}"
> +B="${S}/library"
> +
> +SRC_URI += "\
> +    git://github.com/ARMmbed/mbedtls.git;protocol=https;rev=${PN}-${PV};destsuffix=${PN};nobranch=1;name=${PN} \
> +    file://polarssl.patch;striplevel=1 \

same striplevel comment.

Bruce

> +"
> +
> +require polarssl.inc
> --
> 2.14.2
>
>
> --
>
> *This email and all attachments are considered confidential and the
> proprietary information of BrainTrust Holdings.  Unauthorized disclosure is
> prohibited.  *
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization

-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"