[yocto] [meta-openssl102-fips][PATCH V2 5/16] openssh: add generation of HMAC checksums in pkg_postinst
Hongxu Jia
hongxu.jia at windriver.com
Wed Sep 25 00:24:02 PDT 2019
Refer https://src.fedoraproject.org/rpms/openssh/c/13fa787ecc35d6c9eea9e64c1f42f49e2ee978ce
(See __spec_install_post in openssh.spec for detail)
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
recipes-connectivity/openssh/openssh_fips.inc | 34 +++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc
index 99a3482..8f21264 100644
--- a/recipes-connectivity/openssh/openssh_fips.inc
+++ b/recipes-connectivity/openssh/openssh_fips.inc
@@ -6,3 +6,37 @@ DEPENDS += " \
SRC_URI += " \
file://0001-openssh-8.0p1-fips.patch \
"
+
+do_install_append() {
+ install -d ${D}${libdir}/fipscheck
+}
+
+inherit qemu
+
+pkg_postinst_append_${PN}-ssh () {
+ if [ -n "$D" ]; then
+ if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true','false', d)}; then
+ ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \
+ -d $D${libdir}/fipscheck $D${bindir}/ssh.${BPN}
+ else
+ $INTERCEPT_DIR/postinst_intercept delay_to_first_boot ${PKG} mlprefix=${MLPREFIX}
+ fi
+ else
+ ${bindir}/fipshmac -d ${libdir}/fipscheck ${bindir}/ssh.${BPN}
+ fi
+}
+
+pkg_postinst_append_${PN}-sshd () {
+ if [ -n "$D" ]; then
+ if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true','false', d)}; then
+ ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \
+ -d $D${libdir}/fipscheck $D${sbindir}/sshd
+ else
+ $INTERCEPT_DIR/postinst_intercept delay_to_first_boot ${PKG} mlprefix=${MLPREFIX}
+ fi
+ else
+ ${bindir}/fipshmac -d ${libdir}/fipscheck ${sbindir}/sshd
+ fi
+}
+
+FILES_${PN} += "${libdir}/fipscheck"
--
2.7.4
More information about the yocto
mailing list