mirror of
https://github.com/jiazhang0/meta-secure-core.git
synced 2026-04-20 18:08:17 +00:00
3fa3fc6dcb
Fix openssl.cnf path for openssl 3.0 to make sure openssl command can find it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
80 lines
2.5 KiB
PHP
80 lines
2.5 KiB
PHP
SUMMARY = "Tools to support reading and manipulating the UEFI signature database"
|
|
DESCRIPTION = "\
|
|
From the EFI Tools package in the Linux user-space, it's now possible \
|
|
to read and manipulate the UEFI signatures database via the new \
|
|
efi-readvar and efi-updatevar commands. Aside from needing efitools \
|
|
1.4, the EFIVARFS file-system is also needed, which was only introduced \
|
|
in the Linux 3.8 kernel. \
|
|
"
|
|
|
|
LICENSE = "GPLv2"
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1"
|
|
|
|
DEPENDS:append = " \
|
|
help2man-native openssl-native sbsigntool-native \
|
|
libfile-slurp-perl-native \
|
|
"
|
|
|
|
PV = "1.9.2+git${SRCPV}"
|
|
|
|
SRC_URI = "\
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \
|
|
file://Fix-for-the-cross-compilation.patch \
|
|
file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \
|
|
file://Fix-the-wrong-dependency-for-blacklist.esl.patch \
|
|
file://LockDown-run-system-warm-reset-after-the-key-provisi.patch \
|
|
file://Allow-to-override-tools-for-target-build.patch \
|
|
file://Fix-help2man-failure.patch \
|
|
file://Don-t-build-PreLoader.efi.patch \
|
|
file://Reuse-xxdi.pl.patch \
|
|
file://Add-static-keyword-for-IsValidVariableHeader.patch \
|
|
file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-1.1.x.patch \
|
|
file://0001-console.c-Fix-compilation-against-latest-usr-include.patch \
|
|
"
|
|
SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce"
|
|
|
|
PARALLEL_MAKE = ""
|
|
|
|
S = "${WORKDIR}/git"
|
|
|
|
inherit perlnative
|
|
|
|
EXTRA_OEMAKE = "\
|
|
HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \
|
|
OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \
|
|
SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \
|
|
NM='${NM}' AR='${AR}' \
|
|
OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \
|
|
EXTRA_LDFLAGS='${LDFLAGS}' \
|
|
"
|
|
EXTRA_OEMAKE:append:x86 = " ARCH=ia32"
|
|
EXTRA_OEMAKE:append:x86-64 = " ARCH=x86_64"
|
|
|
|
EFI_BOOT_PATH = "/boot/efi/EFI/BOOT"
|
|
|
|
do_compile:prepend() {
|
|
sed -i -e "1s:#!.*:#!/usr/bin/env nativeperl:" xxdi.pl
|
|
}
|
|
|
|
do_install() {
|
|
oe_runmake install DESTDIR='${D}${base_prefix}'
|
|
}
|
|
|
|
fakeroot python do_sign:class-target() {
|
|
if d.getVar('GRUB_SIGN_VERIFY', True) != '1':
|
|
return
|
|
|
|
image_dir = d.getVar('D', True)
|
|
efi_boot_path = d.getVar('EFI_BOOT_PATH', True)
|
|
uks_boot_sign(os.path.join(image_dir + efi_boot_path, 'LockDown.efi'), d)
|
|
}
|
|
addtask sign after do_install before do_deploy do_package
|
|
do_sign[prefuncs] += "${@'check_boot_public_key' if d.getVar('GRUB_SIGN_VERIFY', True) == '1' else ''}"
|
|
|
|
fakeroot python do_sign() {
|
|
}
|
|
|
|
FILES:${PN} += "${EFI_BOOT_PATH}"
|
|
|
|
SSTATE_DUPWHITELIST += "${DEPLOY_DIR_IMAGE}/LockDown.efi"
|