On 7/18/10 10:00 AM, Stephen Henson via RT wrote: >> [[email protected] - Tue Jul 06 23:40:15 2010]: >> >> On 6/29/09 3:26 PM, Stephen Henson via RT wrote: >>>> Also, in a cross-compiling environment, "CC" tends to default to the >>>> target machine. >>>> >>>> If you're building intermediate binaries to be run as part of the >>>> build >>>> itself, these need to be indicated separately. >>>> >>>> A common practice is: >>>> >>>> HOSTCC?=$(CC) >>>> ... >>>> >>>> fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c >>>> $(HOSTCC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c >>>> $(FIPSLIBDIR)fipscanister.o >>>> >>>> >>> The FIPS builds currently don't support cross compilation so this be of >>> much use in practice: they have to run a generate binary in order to >>> extract the signature during the linking process. >>> >>> >>> >> I'm sorry, I guess I'm not understanding what you're saying here. >> >> If this step is run as part of the build process, then the binaries need >> to be for the build host (and not the target host). >> >> If on the other hand you're saying that this step isn't mandatory, then >> can we add an additional target (like "make build-no-fips") that skips >> this step altogether? >> > I'm not sure what you're trying to do here. > > If you want to cross compile without FIPS 140-2 support then you should > never reach that point. > > If you want FIPS 140-2 support then you can cross compile now using the > information in the revised security policy and the appropriate patch. > > Steve.
What I'm trying to do is simple: in the case of cross-compilation, you have two types of binaries. You have target binaries that will get installed on the target system which you're building for, and you have one-off intermediate binaries that are compiled and executed in the course of the build. The problem here is that the intermediate binaries like ./fips_standalone_sha1 are being built with the target compiler, not the host compiler. I had submitted a patch a year and a half ago to fix this issue, but for whatever reason it's been languishing. Which "appropriate patch" are you talking about? And what's been the objection to applying the patch I furnished? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
