diff options
| -rw-r--r-- | README.build | 8 | ||||
| -rw-r--r-- | README.openssh_cavstest | 2 | ||||
| -rw-r--r-- | classes/fips_kernel.bbclass | 4 | ||||
| -rw-r--r-- | classes/image-enable-fips.bbclass | 2 | ||||
| -rw-r--r-- | conf/layer.conf | 4 | ||||
| -rw-r--r-- | recipes-connectivity/openssh/openssh_8.%.bbappend | 2 | ||||
| -rw-r--r-- | recipes-connectivity/openssh/openssh_fips.inc | 16 | ||||
| -rw-r--r-- | recipes-connectivity/openssl/openssl-fips-example_2.0.16.bb | 6 | ||||
| -rw-r--r-- | recipes-connectivity/openssl/openssl-fips_2.0.16.bb | 6 | ||||
| -rw-r--r-- | recipes-connectivity/openssl/openssl_1.0.2%.bbappend | 2 | ||||
| -rw-r--r-- | recipes-connectivity/openssl/openssl_fips.inc | 8 | ||||
| -rw-r--r-- | recipes-support/fipscheck/fipscheck_1.5.0.bb | 6 | ||||
| -rw-r--r-- | recipes-support/rng-tools/rng-tools_6.%.bbappend | 2 | ||||
| -rw-r--r-- | recipes-support/rng-tools/rng-tools_fips.inc | 2 |
14 files changed, 35 insertions, 35 deletions
diff --git a/README.build b/README.build index 36e3875..b675686 100644 --- a/README.build +++ b/README.build @@ -44,7 +44,7 @@ to image [3] [2] git://git.yoctoproject.org/meta-openssl102 Manually set 1.0.2% to openssl preferred version echo "PREFERRED_VERSION_openssl = '1.0.2%'" >> conf/local.conf -[3] echo "IMAGE_INSTALL_append = ' packagegroup-core-buildessential'" >> conf/local.conf +[3] echo "IMAGE_INSTALL:append = ' packagegroup-core-buildessential'" >> conf/local.conf The easiest way to do this with Wind River Linux is include: @@ -56,7 +56,7 @@ Additionally you will need a way to get the openssl-fips module source to the target for the build. Adding ssh/scp is recommended, to add these add the following to your local.conf file: - IMAGE_INSTALL_append = " openssh-ssh openssh-scp" + IMAGE_INSTALL:append = " openssh-ssh openssh-scp" If you are building with configurations that have security software enabled, such as SE Linux, you may be required to boot in a non-enforcing mode to @@ -132,7 +132,7 @@ Building Steps (based on section 4 of the UsersGuide-2.0.pdf): prebuilt tar archive. For Yocto, in your build directory, edit conf/local.conf, add: - IMAGE_INSTALL_append = " openssl-fips-dev" + IMAGE_INSTALL:append = " openssl-fips-dev" OPENSSL_FIPS_ENABLED = "1" OPENSSL_FIPS_PREBUILT = "<path>" @@ -230,7 +230,7 @@ program, and embed the fingerprint. On host: edit local.conf to add openssl-fips-example to image -$ echo 'IMAGE_INSTALL_append = " openssl-fips-example"' >> conf/local.conf +$ echo 'IMAGE_INSTALL:append = " openssl-fips-example"' >> conf/local.conf $ bitbake <image> On target: diff --git a/README.openssh_cavstest b/README.openssh_cavstest index 2c31209..975a782 100644 --- a/README.openssh_cavstest +++ b/README.openssh_cavstest @@ -1,5 +1,5 @@ 1. Install openssh-cavs to images -$ echo "IMAGE_INSTALL_append = ' openssh-cavs'" >> conf/local.conf +$ echo "IMAGE_INSTALL:append = ' openssh-cavs'" >> conf/local.conf $ bitbake <image> 2. Run tests on target diff --git a/classes/fips_kernel.bbclass b/classes/fips_kernel.bbclass index 064088f..1a2525d 100644 --- a/classes/fips_kernel.bbclass +++ b/classes/fips_kernel.bbclass @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${LAYER_PATH_meta-openssl-one-zero-two-fips}/recipes-kernel/linux/files/:" -SRC_URI_append = " \ +FILESEXTRAPATHS:prepend := "${LAYER_PATH_meta-openssl-one-zero-two-fips}/recipes-kernel/linux/files/:" +SRC_URI:append = " \ file://crypto_fips.scc \ " diff --git a/classes/image-enable-fips.bbclass b/classes/image-enable-fips.bbclass index fcb5a40..5792883 100644 --- a/classes/image-enable-fips.bbclass +++ b/classes/image-enable-fips.bbclass @@ -1,4 +1,4 @@ -ROOTFS_POSTPROCESS_COMMAND_append = " enable_system_fips;" +ROOTFS_POSTPROCESS_COMMAND:append = " enable_system_fips;" enable_system_fips() { install -d ${IMAGE_ROOTFS}${sysconfdir} diff --git a/conf/layer.conf b/conf/layer.conf index fc1dcbd..e9ac874 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -18,8 +18,8 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \ meta-openssl-one-zero-two \ " -IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}" +IMAGE_CLASSES:append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}" LAYER_PATH_meta-openssl-one-zero-two-fips = "${LAYERDIR}" -KERNEL_CLASSES_append = " ${@bb.utils.contains('OPENSSL_FIPS_ENABLED', '1', ' fips_kernel', '',d)}" +KERNEL_CLASSES:append = " ${@bb.utils.contains('OPENSSL_FIPS_ENABLED', '1', ' fips_kernel', '',d)}" diff --git a/recipes-connectivity/openssh/openssh_8.%.bbappend b/recipes-connectivity/openssh/openssh_8.%.bbappend index 07799f6..a2e3aca 100644 --- a/recipes-connectivity/openssh/openssh_8.%.bbappend +++ b/recipes-connectivity/openssh/openssh_8.%.bbappend @@ -1,4 +1,4 @@ FIPSINC = "" -FIPSINC_class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssh_fips.inc'}" +FIPSINC:class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssh_fips.inc'}" require ${FIPSINC} diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc index efba8db..b13e06e 100644 --- a/recipes-connectivity/openssh/openssh_fips.inc +++ b/recipes-connectivity/openssh/openssh_fips.inc @@ -1,9 +1,9 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/openssh:" +FILESEXTRAPATHS:prepend := "${THISDIR}/openssh:" DEPENDS += " \ openssl-fips \ fipscheck \ " -RRECOMMENDS_${PN}-sshd_remove = "rng-tools" +RRECOMMENDS:${PN}-sshd:remove = "rng-tools" SRC_URI += " \ file://0001-openssh-8.6p1-fips.patch \ @@ -14,13 +14,13 @@ SRC_URI += " \ file://0001-ssh-cavs-set-kex-sessin_id-via-sshbuf_put.patch \ " -do_install_append() { +do_install:append() { install -d ${D}${libdir}/fipscheck } inherit qemu -pkg_postinst_append_${PN}-ssh () { +pkg_postinst:append:${PN}-ssh () { if [ -n "$D" ]; then if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true','false', d)}; then ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \ @@ -33,7 +33,7 @@ pkg_postinst_append_${PN}-ssh () { fi } -pkg_postinst_append_${PN}-sshd () { +pkg_postinst:append:${PN}-sshd () { if [ -n "$D" ]; then if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true','false', d)}; then ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \ @@ -47,10 +47,10 @@ pkg_postinst_append_${PN}-sshd () { } PACKAGES =+ "${PN}-cavs" -SUMMARY_${PN}-cavs = "CAVS tests for FIPS validation" -FILES_${PN}-cavs = " \ +SUMMARY:${PN}-cavs = "CAVS tests for FIPS validation" +FILES:${PN}-cavs = " \ ${libexecdir}/ctr-cavstest \ ${libexecdir}/ssh-cavs \ ${libexecdir}/ssh-cavs_driver.pl" -FILES_${PN} += "${libdir}/fipscheck" +FILES:${PN} += "${libdir}/fipscheck" diff --git a/recipes-connectivity/openssl/openssl-fips-example_2.0.16.bb b/recipes-connectivity/openssl/openssl-fips-example_2.0.16.bb index 1a720cd..c6d069f 100644 --- a/recipes-connectivity/openssl/openssl-fips-example_2.0.16.bb +++ b/recipes-connectivity/openssl/openssl-fips-example_2.0.16.bb @@ -19,14 +19,14 @@ DEPENDS = " \ openssl \ " -RDEPENDS_${PN} = " \ +RDEPENDS:${PN} = " \ openssl-fips-dev \ openssl-dev \ openssl-staticdev \ packagegroup-core-buildessential \ " -FILES_${PN} += "${libdir}/ssl/fips-2.0/test" +FILES:${PN} += "${libdir}/ssl/fips-2.0/test" do_configure[noexec] = "1" @@ -47,7 +47,7 @@ do_install() { sed -i "s:@LIBDIR@:${libdir}:g" ${D}/${libdir}/ssl/fips-2.0/test/Makefile } -INSANE_SKIP_${PN} += "dev-deps" +INSANE_SKIP:${PN} += "dev-deps" python __anonymous() { if d.getVar("OPENSSL_FIPS_ENABLED", True) != "1": diff --git a/recipes-connectivity/openssl/openssl-fips_2.0.16.bb b/recipes-connectivity/openssl/openssl-fips_2.0.16.bb index b7cb34b..7a2949a 100644 --- a/recipes-connectivity/openssl/openssl-fips_2.0.16.bb +++ b/recipes-connectivity/openssl/openssl-fips_2.0.16.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" # Set "OPENSSL_FIPS_PREBUILT" to the location of the prebuilt # openssl-fips-TARGET_ARCH-install.tar.bz2 files. # -FILESEXTRAPATHS_prepend := "${OPENSSL_FIPS_PREBUILT}:" +FILESEXTRAPATHS:prepend := "${OPENSSL_FIPS_PREBUILT}:" PREBUILT_OPENSSL_FIPS = "openssl-fips-${PV}-${TARGET_ARCH}-install.tar.bz2" @@ -20,8 +20,8 @@ SRC_URI = "file://${PREBUILT_OPENSSL_FIPS} \ " S = "${WORKDIR}" -RDEPENDS_${PN}-dev = "" -FILES_${PN}-dev += "${bindir}/fipsld ${libdir}/ssl/fips-2.0" +RDEPENDS:${PN}-dev = "" +FILES:${PN}-dev += "${bindir}/fipsld ${libdir}/ssl/fips-2.0" INHIBIT_PACKAGE_DEBUG_SPLIT = '1' INHIBIT_PACKAGE_STRIP = '1' diff --git a/recipes-connectivity/openssl/openssl_1.0.2%.bbappend b/recipes-connectivity/openssl/openssl_1.0.2%.bbappend index 517f1c2..41a7302 100644 --- a/recipes-connectivity/openssl/openssl_1.0.2%.bbappend +++ b/recipes-connectivity/openssl/openssl_1.0.2%.bbappend @@ -1,4 +1,4 @@ FIPSINC = "" -FIPSINC_class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssl_fips.inc'}" +FIPSINC:class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'openssl_fips.inc'}" require ${FIPSINC} diff --git a/recipes-connectivity/openssl/openssl_fips.inc b/recipes-connectivity/openssl/openssl_fips.inc index 5480096..9ae23cd 100644 --- a/recipes-connectivity/openssl/openssl_fips.inc +++ b/recipes-connectivity/openssl/openssl_fips.inc @@ -1,11 +1,11 @@ -PACKAGECONFIG_append = " fips" +PACKAGECONFIG:append = " fips" PACKAGECONFIG[fips] = "fips --with-fipsdir=${STAGING_DIR_TARGET}${libdir}/ssl/fips-2.0,,openssl-fips,," -FILESEXTRAPATHS_prepend := "${THISDIR}/openssl:" +FILESEXTRAPATHS:prepend := "${THISDIR}/openssl:" # This adds the necessary symbols if fips is enabled. -SRC_URI_append = " file://openssl-fips-version.patch \ +SRC_URI:append = " file://openssl-fips-version.patch \ file://0001-make-fips_premain_dso-support-cross-compiling.patch \ " @@ -14,7 +14,7 @@ DEPENDS += "qemu-native" inherit qemu # We need to run the special fips_premain_dso under QEMU -do_compile_prepend() { +do_compile:prepend() { qemu_binary="${@qemu_wrapper_cmdline(d, '${STAGING_DIR_HOST}', ['${STAGING_LIBDIR}','${STAGING_BASELIBDIR}'])}" cat << EOF > fips_premain_dso #! /bin/sh diff --git a/recipes-support/fipscheck/fipscheck_1.5.0.bb b/recipes-support/fipscheck/fipscheck_1.5.0.bb index 970640d..df72454 100644 --- a/recipes-support/fipscheck/fipscheck_1.5.0.bb +++ b/recipes-support/fipscheck/fipscheck_1.5.0.bb @@ -27,13 +27,13 @@ EXTRA_OECONF += " \ EXTRA_OEMAKE += " \ -I${STAGING_LIBDIR_NATIVE}/ssl/fips-2.0/include \ " -do_install_append() { +do_install:append() { install -d ${D}${libdir}/fipscheck } inherit qemu -pkg_postinst_${PN} () { +pkg_postinst:${PN} () { if [ -n "$D" ]; then if ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'true','false', d)}; then ${@qemu_run_binary(d, '$D', '${bindir}/fipshmac')} \ @@ -54,4 +54,4 @@ python __anonymous() { raise bb.parse.SkipPackage("To enable the fipscheck recipe set OPENSSL_FIPS_ENABLED = '1'.") } -FILES_${PN} += "${libdir}/fipscheck" +FILES:${PN} += "${libdir}/fipscheck" diff --git a/recipes-support/rng-tools/rng-tools_6.%.bbappend b/recipes-support/rng-tools/rng-tools_6.%.bbappend index c487175..7eeaecb 100644 --- a/recipes-support/rng-tools/rng-tools_6.%.bbappend +++ b/recipes-support/rng-tools/rng-tools_6.%.bbappend @@ -1,4 +1,4 @@ FIPSINC = "" -FIPSINC_class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'rng-tools_fips.inc'}" +FIPSINC:class-target = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else 'rng-tools_fips.inc'}" require ${FIPSINC} diff --git a/recipes-support/rng-tools/rng-tools_fips.inc b/recipes-support/rng-tools/rng-tools_fips.inc index d5f6435..e3b89ca 100644 --- a/recipes-support/rng-tools/rng-tools_fips.inc +++ b/recipes-support/rng-tools/rng-tools_fips.inc @@ -1,2 +1,2 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/rng-tools:" +FILESEXTRAPATHS:prepend := "${THISDIR}/rng-tools:" |