[yocto] [meta-openssl102-fips][PATCH 5/15] openssh: add generation of HMAC checksums in pkg_postinst
Mark Hatle
mark.hatle at kernel.crashing.org
Mon Sep 23 07:41:53 PDT 2019
Same comment here as in the fipscheck about the post install stuff.
--Mark
On 9/22/19 9:56 AM, Hongxu Jia wrote:
> Refer https://src.fedoraproject.org/rpms/openssh/c/d93958db19129e0f4615865eab22fb36e1f4fb8a
>
> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ---
> recipes-connectivity/openssh/openssh_fips.inc | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc
> index 99a3482..df84c39 100644
> --- a/recipes-connectivity/openssh/openssh_fips.inc
> +++ b/recipes-connectivity/openssh/openssh_fips.inc
> @@ -6,3 +6,29 @@ DEPENDS += " \
> SRC_URI += " \
> file://0001-openssh-8.0p1-fips.patch \
> "
> +
> +do_install_append() {
> + install -d ${D}${libdir}/fipscheck
> +}
> +
> +inherit qemu
> +
> +pkg_postinst_append_${PN}-ssh () {
> + if [ -n "$D" ]; then
> + ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \
> + -d $D${libdir}/fipscheck $D${bindir}/ssh.${BPN}
> + else
> + ${bindir}/fipshmac -d ${libdir}/fipscheck ${bindir}/ssh.${BPN}
> + fi
> +}
> +
> +pkg_postinst_append_${PN}-sshd () {
> + if [ -n "$D" ]; then
> + ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \
> + -d $D${libdir}/fipscheck $D${sbindir}/sshd
> + else
> + ${bindir}/fipshmac -d ${libdir}/fipscheck ${sbindir}/sshd
> + fi
> +}
> +
> +FILES_${PN} += "${libdir}/fipscheck"
>
More information about the yocto
mailing list