Please include the commit id of the Fedora version that was included. It will help us review changes in the future.
On 9/22/19 9:56 AM, Hongxu Jia wrote: > Port it from fedora: > https://src.fedoraproject.org/rpms/fipscheck > > It is required by openssh fips. > > Signed-off-by: Hongxu Jia <hongxu....@windriver.com> > --- > .../0001-compat-fip-with-openssl-1.0.2.patch | 34 > ++++++++++++++++++++++ > recipes-connectivity/openssh/fipscheck_1.5.0.bb | 30 +++++++++++++++++++ > templates/feature/openssl-fips/template.conf | 2 +- > 3 files changed, 65 insertions(+), 1 deletion(-) > create mode 100644 > recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch > create mode 100644 recipes-connectivity/openssh/fipscheck_1.5.0.bb > > diff --git > a/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch > > b/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch > new file mode 100644 > index 0000000..22e5a62 > --- /dev/null > +++ > b/recipes-connectivity/openssh/fipscheck/0001-compat-fip-with-openssl-1.0.2.patch > @@ -0,0 +1,34 @@ > +From 3147ae2a63f10f9bbdd0a617b450ff8b9868e60f Mon Sep 17 00:00:00 2001 > +From: Hongxu Jia <hongxu....@windriver.com> > +Date: Fri, 20 Sep 2019 17:51:09 +0800 > +Subject: [PATCH] compat fip with openssl 1.0.2 > + > +In /usr/lib64/ssl/fips-2.0/include/openssl/opensslv.h > +... > +define OPENSSL_VERSION_NUMBER 0x10100000L > +... > +Since fips include file compat with openssl 1.1.0, do not include it > +in Yocto > + > +Upstream-Status: Inappropriate [oe specific] > + > +Signed-off-by: Hongxu Jia <hongxu....@windriver.com> > +--- > + src/filehmac.c | 1 - > + 1 file changed, 1 deletion(-) > + > +diff --git a/src/filehmac.c b/src/filehmac.c > +index a8eef00..0b36cec 100644 > +--- a/src/filehmac.c > ++++ b/src/filehmac.c > +@@ -41,7 +41,6 @@ > + #include <sys/wait.h> > + > + #if defined(WITH_OPENSSL) > +-#include <openssl/fips.h> > + #include <openssl/evp.h> > + #include <openssl/hmac.h> > + #elif defined(WITH_NSS) > +-- > +2.7.4 > + > diff --git a/recipes-connectivity/openssh/fipscheck_1.5.0.bb > b/recipes-connectivity/openssh/fipscheck_1.5.0.bb > new file mode 100644 > index 0000000..68051d2 > --- /dev/null > +++ b/recipes-connectivity/openssh/fipscheck_1.5.0.bb > @@ -0,0 +1,30 @@ > +SUMMARY = "A library for integrity verification of FIPS validated modules" > +DESCRIPTION = "FIPSCheck is a library for integrity verification of FIPS > validated \ > +modules. The package also provides helper binaries for creation and \ > +verification of the HMAC-SHA256 checksum files." > +HOMEPAGE = "https://pagure.io/fipscheck" > +SECTION = "libs/network" > + > +LICENSE = "MIT" > +LIC_FILES_CHKSUM = "file://COPYING;md5=35f2904ce138ac5fa63e7cedf96bbedf" > + > +SRC_URI = "https://releases.pagure.org/fipscheck/${BPN}-${PV}.tar.bz2 \ > + file://0001-compat-fip-with-openssl-1.0.2.patch \ > +" > +SRC_URI[md5sum] = "86e756a7d2aa15f3f91033fb3eced99b" > +SRC_URI[sha256sum] = > "7ba38100ced187f44b12dd52c8c74db8f366a2a8b9da819bd3e7c6ea17f469d5" > + > +DEPENDS = " \ > + openssl \ > + openssl-fips \ > +" > + > +inherit autotools pkgconfig > + > +EXTRA_OECONF += " \ > + --disable-static \ > +" > +EXTRA_OEMAKE += " \ > + -I${STAGING_LIBDIR_NATIVE}/ssl/fips-2.0/include \ > +" > + > diff --git a/templates/feature/openssl-fips/template.conf > b/templates/feature/openssl-fips/template.conf > index 6da678c..9a551c3 100644 > --- a/templates/feature/openssl-fips/template.conf > +++ b/templates/feature/openssl-fips/template.conf > @@ -8,4 +8,4 @@ OPENSSL_FIPS_PREBUILT ??= "" > > PNWHITELIST_meta-openssl-one-zero-two-fips += 'openssl-fips' > PNWHITELIST_meta-openssl-one-zero-two-fips += 'openssl-fips-example' > - > +PNWHITELIST_meta-openssl-one-zero-two-fips += 'fipscheck' > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto