diff options
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/bootloaders.scm | 12 | ||||
-rw-r--r-- | gnu/packages/patches/u-boot-allow-disabling-openssl.patch | 64 | ||||
-rw-r--r-- | gnu/packages/patches/u-boot-build-without-libcrypto.patch | 123 | ||||
-rw-r--r-- | gnu/packages/patches/u-boot-patman-change-id.patch | 232 |
4 files changed, 133 insertions, 298 deletions
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index c73a0e665d..986f0ac035 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -716,22 +716,26 @@ tree binary files. These are board description files used by Linux and BSD.") ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html (search-patch "u-boot-allow-disabling-openssl.patch")) +(define %u-boot-build-without-libcrypto-patch + ;; Upstream commit to fix Amlogic builds in u-boot 2024.01. + (search-patch "u-boot-build-without-libcrypto.patch")) + (define u-boot (package (name "u-boot") - (version "2023.10") + (version "2024.01") (source (origin (patches (list %u-boot-rockchip-inno-usb-patch - %u-boot-allow-disabling-openssl-patch - (search-patch "u-boot-patman-change-id.patch"))) + %u-boot-build-without-libcrypto-patch + %u-boot-allow-disabling-openssl-patch)) (method url-fetch) (uri (string-append "https://ftp.denx.de/pub/u-boot/" "u-boot-" version ".tar.bz2")) (sha256 (base32 - "0039rravvjq9yi41645fynycw4c869px024xfc0n212f05pnq3p0")))) + "1czmpszalc6b8cj9j7q6cxcy19lnijv3916w3dag6yr3xpqi35mr")))) (build-system gnu-build-system) (native-inputs (list bison diff --git a/gnu/packages/patches/u-boot-allow-disabling-openssl.patch b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch index 708ed81e93..9201f9a51d 100644 --- a/gnu/packages/patches/u-boot-allow-disabling-openssl.patch +++ b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch @@ -8,7 +8,8 @@ This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac. Addendum 2022-12-08, Ricardo Wurmus: This patch has been updated to introduce CONFIG_FIT_PRELOAD to remove fit_pre_load_data, which depends on openssl. -Addendum 2023-10-17, Herman Rimm: Update patch for u-boot v2023.10. +Addendum 2024-01-18, Herman Rimm: Patch updated to leave out upstreamed +diffs with CONFIG_FIT_PRELOAD. diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 4dce495ff0..976174ae77 100644 @@ -145,64 +146,3 @@ index 4dce495ff0..976174ae77 100644 /* Calculate and set the header checksum */ main_hdr->checksum = image_checksum8(main_hdr, headersz); ---- a/tools/image-host.c -+++ b/tools/image-host.c -@@ -14,8 +14,10 @@ - #include <image.h> - #include <version.h> - -+#ifdef CONFIG_FIT_PRELOAD - #include <openssl/pem.h> - #include <openssl/evp.h> -+#endif - - /** - * fit_set_hash_value - set hash value in requested has node -@@ -1119,6 +1121,7 @@ static int fit_config_add_verification_data(const char *keydir, - return 0; - } - -+#ifdef CONFIG_FIT_PRELOAD - /* - * 0) open file (open) - * 1) read certificate (PEM_read_X509) -@@ -1227,6 +1230,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit) - out: - return ret; - } -+#endif - - int fit_cipher_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys, ---- a/tools/fit_image.c -+++ b/tools/fit_image.c -@@ -61,9 +61,10 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, - ret = fit_set_timestamp(ptr, 0, time); - } - -+#ifdef CONFIG_FIT_PRELOAD - if (!ret) - ret = fit_pre_load_data(params->keydir, dest_blob, ptr); -- -+#endif - if (!ret) { - ret = fit_cipher_data(params->keydir, dest_blob, ptr, - params->comment, ---- a/include/image.h -+++ b/include/image.h -@@ -1182,6 +1182,7 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, - - int fit_set_timestamp(void *fit, int noffset, time_t timestamp); - -+#ifdef CONFIG_FIT_PRELOAD - /** - * fit_pre_load_data() - add public key to fdt blob - * -@@ -1196,6 +1197,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp); - * < 0, on failure - */ - int fit_pre_load_data(const char *keydir, void *keydest, void *fit); -+#endif - - int fit_cipher_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys, diff --git a/gnu/packages/patches/u-boot-build-without-libcrypto.patch b/gnu/packages/patches/u-boot-build-without-libcrypto.patch new file mode 100644 index 0000000000..d56588941c --- /dev/null +++ b/gnu/packages/patches/u-boot-build-without-libcrypto.patch @@ -0,0 +1,123 @@ +From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001 +From: Paul-Erwan Rio <paulerwan.rio@gmail.com> +Date: Thu, 21 Dec 2023 08:26:11 +0100 +Subject: [PATCH] tools: fix build without LIBCRYPTO support + +Commit cb9faa6f98ae ("tools: Use a single target-independent config to +enable OpenSSL") introduced a target-independent configuration to build +crypto features in host tools. + +But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in +host tools and SPL") the build without OpenSSL is broken, due to FIT +signature/encryption features. Add missing conditional compilation +tokens to fix this. + +Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com> +Tested-by: Alexander Dahl <ada@thorsis.com> +Cc: Simon Glass <sjg@chromium.org> +Reviewed-by: Tom Rini <trini@konsulko.com> +Reviewed-by: Simon Glass <sjg@chromium.org> +--- + include/image.h | 2 +- + tools/Kconfig | 1 + + tools/fit_image.c | 2 +- + tools/image-host.c | 4 ++++ + tools/mkimage.c | 5 +++-- + 5 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/include/image.h b/include/image.h +index 432ec927b1..21de70f0c9 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo, + * device + */ + #if defined(USE_HOSTCC) +-# if defined(CONFIG_FIT_SIGNATURE) ++# if CONFIG_IS_ENABLED(FIT_SIGNATURE) + # define IMAGE_ENABLE_SIGN 1 + # define FIT_IMAGE_ENABLE_VERIFY 1 + # include <openssl/evp.h> +diff --git a/tools/Kconfig b/tools/Kconfig +index f8632cd59d..f01ed783e6 100644 +--- a/tools/Kconfig ++++ b/tools/Kconfig +@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS + Support the rsassa-pss signature scheme in the tools builds + + config TOOLS_FIT_SIGNATURE ++ depends on TOOLS_LIBCRYPTO + def_bool y + help + Enable signature verification of FIT uImages in the tools builds +diff --git a/tools/fit_image.c b/tools/fit_image.c +index 71e031c855..beef1fa86e 100644 +--- a/tools/fit_image.c ++++ b/tools/fit_image.c +@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, + ret = fit_set_timestamp(ptr, 0, time); + } + +- if (!ret) ++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret) + ret = fit_pre_load_data(params->keydir, dest_blob, ptr); + + if (!ret) { +diff --git a/tools/image-host.c b/tools/image-host.c +index ca4950312f..90bc9f905f 100644 +--- a/tools/image-host.c ++++ b/tools/image-host.c +@@ -14,8 +14,10 @@ + #include <image.h> + #include <version.h> + ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + #include <openssl/pem.h> + #include <openssl/evp.h> ++#endif + + /** + * fit_set_hash_value - set hash value in requested has node +@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir, + return 0; + } + ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + /* + * 0) open file (open) + * 1) read certificate (PEM_read_X509) +@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit) + out: + return ret; + } ++#endif + + int fit_cipher_data(const char *keydir, void *keydest, void *fit, + const char *comment, int require_keys, +diff --git a/tools/mkimage.c b/tools/mkimage.c +index 6dfe3e1d42..ac62ebbde9 100644 +--- a/tools/mkimage.c ++++ b/tools/mkimage.c +@@ -115,7 +115,7 @@ static void usage(const char *msg) + " -B => align size in hex for FIT structure and header\n" + " -b => append the device tree binary to the FIT\n" + " -t => update the timestamp in the FIT\n"); +-#ifdef CONFIG_FIT_SIGNATURE ++#if CONFIG_IS_ENABLED(FIT_SIGNATURE) + fprintf(stderr, + "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n" + " -k => set directory containing private keys\n" +@@ -130,8 +130,9 @@ static void usage(const char *msg) + " -o => algorithm to use for signing\n"); + #else + fprintf(stderr, +- "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n"); ++ "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n"); + #endif ++ + fprintf(stderr, " %s -V ==> print version information and exit\n", + params.cmdname); + fprintf(stderr, "Use '-T list' to see a list of available image types\n"); +-- +2.41.0 + diff --git a/gnu/packages/patches/u-boot-patman-change-id.patch b/gnu/packages/patches/u-boot-patman-change-id.patch deleted file mode 100644 index 354aee2755..0000000000 --- a/gnu/packages/patches/u-boot-patman-change-id.patch +++ /dev/null @@ -1,232 +0,0 @@ -Upstream status: https://patchwork.ozlabs.org/project/uboot/patch/20231013030633.7191-1-maxim.cournoyer@gmail.com/ - -From f83a5e07b0934e38cbee923e0c5b7fc0a890926c Mon Sep 17 00:00:00 2001 -From: Maxim Cournoyer <maxim.cournoyer@gmail.com> -Date: Thu, 12 Oct 2023 17:04:25 -0400 -Subject: [PATCH] patman: Add a 'keep_change_id' setting - -A Change-Id can be useful for traceability purposes, and some projects -may wish to have them preserved. This change makes it configurable -via a new 'keep_change_id' setting. - -Series-version: 2 -Series-changes: 2 -- Add missing argument to send parser ---- - tools/patman/__main__.py | 2 ++ - tools/patman/control.py | 12 +++++++++--- - tools/patman/patchstream.py | 17 ++++++++++++----- - tools/patman/patman.rst | 11 ++++++----- - tools/patman/test_checkpatch.py | 16 ++++++++++++++++ - 5 files changed, 45 insertions(+), 13 deletions(-) - -diff --git a/tools/patman/__main__.py b/tools/patman/__main__.py -index 8eba5d3486..197ac1aad1 100755 ---- a/tools/patman/__main__.py -+++ b/tools/patman/__main__.py -@@ -103,6 +103,8 @@ send.add_argument('--no-signoff', action='store_false', dest='add_signoff', - default=True, help="Don't add Signed-off-by to patches") - send.add_argument('--smtp-server', type=str, - help="Specify the SMTP server to 'git send-email'") -+send.add_argument('--keep-change-id', action='store_true', -+ help='Preserve Change-Id tags in patches to send.') - - send.add_argument('patchfiles', nargs='*') - -diff --git a/tools/patman/control.py b/tools/patman/control.py -index 916ddf8fcf..b292da9dc2 100644 ---- a/tools/patman/control.py -+++ b/tools/patman/control.py -@@ -16,11 +16,14 @@ from patman import gitutil - from patman import patchstream - from u_boot_pylib import terminal - -+ - def setup(): - """Do required setup before doing anything""" - gitutil.setup() - --def prepare_patches(col, branch, count, start, end, ignore_binary, signoff): -+ -+def prepare_patches(col, branch, count, start, end, ignore_binary, signoff, -+ keep_change_id=False): - """Figure out what patches to generate, then generate them - - The patch files are written to the current directory, e.g. 0001_xxx.patch -@@ -35,6 +38,7 @@ def prepare_patches(col, branch, count, start, end, ignore_binary, signoff): - end (int): End patch to use (0=last one in series, 1=one before that, - etc.) - ignore_binary (bool): Don't generate patches for binary files -+ keep_change_id (bool): Preserve the Change-Id tag. - - Returns: - Tuple: -@@ -59,11 +63,12 @@ def prepare_patches(col, branch, count, start, end, ignore_binary, signoff): - branch, start, to_do, ignore_binary, series, signoff) - - # Fix up the patch files to our liking, and insert the cover letter -- patchstream.fix_patches(series, patch_files) -+ patchstream.fix_patches(series, patch_files, keep_change_id) - if cover_fname and series.get('cover'): - patchstream.insert_cover_letter(cover_fname, series, to_do) - return series, cover_fname, patch_files - -+ - def check_patches(series, patch_files, run_checkpatch, verbose, use_tree): - """Run some checks on a set of patches - -@@ -166,7 +171,8 @@ def send(args): - col = terminal.Color() - series, cover_fname, patch_files = prepare_patches( - col, args.branch, args.count, args.start, args.end, -- args.ignore_binary, args.add_signoff) -+ args.ignore_binary, args.add_signoff, -+ keep_change_id=args.keep_change_id) - ok = check_patches(series, patch_files, args.check_patch, - args.verbose, args.check_patch_use_tree) - -diff --git a/tools/patman/patchstream.py b/tools/patman/patchstream.py -index f91669a940..e2e2a83e67 100644 ---- a/tools/patman/patchstream.py -+++ b/tools/patman/patchstream.py -@@ -68,6 +68,7 @@ STATE_PATCH_SUBJECT = 1 # In patch subject (first line of log for a commit) - STATE_PATCH_HEADER = 2 # In patch header (after the subject) - STATE_DIFFS = 3 # In the diff part (past --- line) - -+ - class PatchStream: - """Class for detecting/injecting tags in a patch or series of patches - -@@ -76,7 +77,7 @@ class PatchStream: - unwanted tags or inject additional ones. These correspond to the two - phases of processing. - """ -- def __init__(self, series, is_log=False): -+ def __init__(self, series, is_log=False, keep_change_id=False): - self.skip_blank = False # True to skip a single blank line - self.found_test = False # Found a TEST= line - self.lines_after_test = 0 # Number of lines found after TEST= -@@ -86,6 +87,7 @@ class PatchStream: - self.section = [] # The current section...END section - self.series = series # Info about the patch series - self.is_log = is_log # True if indent like git log -+ self.keep_change_id = keep_change_id # True to keep Change-Id tags - self.in_change = None # Name of the change list we are in - self.change_version = 0 # Non-zero if we are in a change list - self.change_lines = [] # Lines of the current change -@@ -452,6 +454,8 @@ class PatchStream: - - # Detect Change-Id tags - elif change_id_match: -+ if self.keep_change_id: -+ out = [line] - value = change_id_match.group(1) - if self.is_log: - if self.commit.change_id: -@@ -763,7 +767,7 @@ def get_metadata_for_test(text): - pst.finalise() - return series - --def fix_patch(backup_dir, fname, series, cmt): -+def fix_patch(backup_dir, fname, series, cmt, keep_change_id=False): - """Fix up a patch file, by adding/removing as required. - - We remove our tags from the patch file, insert changes lists, etc. -@@ -776,6 +780,7 @@ def fix_patch(backup_dir, fname, series, cmt): - fname (str): Filename to patch file to process - series (Series): Series information about this patch set - cmt (Commit): Commit object for this patch file -+ keep_change_id (bool): Keep the Change-Id tag. - - Return: - list: A list of errors, each str, or [] if all ok. -@@ -783,7 +788,7 @@ def fix_patch(backup_dir, fname, series, cmt): - handle, tmpname = tempfile.mkstemp() - outfd = os.fdopen(handle, 'w', encoding='utf-8') - infd = open(fname, 'r', encoding='utf-8') -- pst = PatchStream(series) -+ pst = PatchStream(series, keep_change_id=keep_change_id) - pst.commit = cmt - pst.process_stream(infd, outfd) - infd.close() -@@ -795,7 +800,7 @@ def fix_patch(backup_dir, fname, series, cmt): - shutil.move(tmpname, fname) - return cmt.warn - --def fix_patches(series, fnames): -+def fix_patches(series, fnames, keep_change_id=False): - """Fix up a list of patches identified by filenames - - The patch files are processed in place, and overwritten. -@@ -803,6 +808,7 @@ def fix_patches(series, fnames): - Args: - series (Series): The Series object - fnames (:type: list of str): List of patch files to process -+ keep_change_id (bool): Keep the Change-Id tag. - """ - # Current workflow creates patches, so we shouldn't need a backup - backup_dir = None #tempfile.mkdtemp('clean-patch') -@@ -811,7 +817,8 @@ def fix_patches(series, fnames): - cmt = series.commits[count] - cmt.patch = fname - cmt.count = count -- result = fix_patch(backup_dir, fname, series, cmt) -+ result = fix_patch(backup_dir, fname, series, cmt, -+ keep_change_id=keep_change_id) - if result: - print('%d warning%s for %s:' % - (len(result), 's' if len(result) > 1 else '', fname)) -diff --git a/tools/patman/patman.rst b/tools/patman/patman.rst -index 038b651ee8..a8b317eed6 100644 ---- a/tools/patman/patman.rst -+++ b/tools/patman/patman.rst -@@ -371,11 +371,12 @@ Series-process-log: sort, uniq - Separate each tag with a comma. - - Change-Id: -- This tag is stripped out but is used to generate the Message-Id -- of the emails that will be sent. When you keep the Change-Id the -- same you are asserting that this is a slightly different version -- (but logically the same patch) as other patches that have been -- sent out with the same Change-Id. -+ This tag is used to generate the Message-Id of the emails that -+ will be sent. When you keep the Change-Id the same you are -+ asserting that this is a slightly different version (but logically -+ the same patch) as other patches that have been sent out with the -+ same Change-Id. The Change-Id tag line is removed from outgoing -+ patches, unless the `keep_change_id` settings is set to `True`. - - Various other tags are silently removed, like these Chrome OS and - Gerrit tags:: -diff --git a/tools/patman/test_checkpatch.py b/tools/patman/test_checkpatch.py -index a8bb364e42..59a53ef8ca 100644 ---- a/tools/patman/test_checkpatch.py -+++ b/tools/patman/test_checkpatch.py -@@ -160,6 +160,22 @@ Signed-off-by: Simon Glass <sjg@chromium.org> - - rc = os.system('diff -u %s %s' % (inname, expname)) - self.assertEqual(rc, 0) -+ os.remove(inname) -+ -+ # Test whether the keep_change_id settings works. -+ inhandle, inname = tempfile.mkstemp() -+ infd = os.fdopen(inhandle, 'w', encoding='utf-8') -+ infd.write(data) -+ infd.close() -+ -+ patchstream.fix_patch(None, inname, series.Series(), com, -+ keep_change_id=True) -+ -+ with open(inname, 'r') as f: -+ content = f.read() -+ self.assertIn( -+ 'Change-Id: I80fe1d0c0b7dd10aa58ce5bb1d9290b6664d5413', -+ content) - - os.remove(inname) - os.remove(expname) - -base-commit: f9a47ac8d97da2b3aaf463f268a9a872a8d921df --- -2.41.0 - |