Refactor finalization #149
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…elpers in bbclass Refactored layer.conf to unconditionally include all recipes, moved feature-specific configuration into modular .inc files, created wolfssl-helper.bbclass with reusable do_wolfssl_autogen and do_wolfssl_check_package tasks, updated all recipes to use the new pattern, and standardized commercial license variables to be recipe-specific. Use a virtual wolfssl to make library switching easier for fips vs non fips or other wolfSSL packages Set wolfssl libraries as the deafualt weak Preferred_Provider option for packages
* Fixes 7z extraction issues, mostly around using password when the password has already been stripped out * Fixes autoreconf and configure issues with the FIPS package * Fixes wolfcrypttest and wolfcryptbenchmark not being isntalled with FIPS when they are selected
The execution of QEMU to get the hash would fail when cross-compiling to a different CPU target. This fixes it.
Added 3 layers - gnutls: gnutls fork patched to use wolfssl as cryptographic provider - wolfssl: wolfssl configured to work against gnutls - wolfssl-gnutls-wrapper: shim layer that gets called by gnutls applications when linked against gnutls-wolfssl - gnutls-wolfssl-tests: tests from the wolfssl-gnutls-wrapper folder installed under /usr/lib/wolfssl-gnutls-wrapper/ Everything gets installed under /usr ovverriding the system installed recipes, the wrapper is symlinked in /opt. Fips currently not supported.
happening on the base recipe
rebased against the new staging branch (refactor-meta-wolfssl)
- update layer.conf to conditionally include gnutls-image-minimal if included in the WOLFSSL_DEMOS; - minor update to inc/gnutls/gnutls-enable-wolfssl.inc to by pass the fuzzing binaries from the base recipes;
…ssues on some builds)
The commercial package can now be retrieved from GCP and can be a tarball without password protection.
- Install provider*.conf files to /etc/ssl/openssl.cnf.d/ instead of /opt - Remove OPENSSL_CONF environment variable approach - Add .include directive to openssl.cnf automatically in explicit load mode - This allows OpenSSL to automatically load the provider configuration - Update script output to reflect the new approach
User can use any FIPS wolfSSL package
This was not working properly on an ARM64 build.
…class This introduces support for building the wolfSSL Linux kernel module (linuxkm) in non-FIPS configurations and adds a generic bbclass for including the module in any initramfs image. Key additions: - New recipe: wolfssl-linuxkm.bb (non-FIPS) * Builds linuxkm against the target kernel * Installs libwolfssl.ko into /lib/modules/.../extra * Adds auto-load entry under /etc/modules-load.d/ * Tracks upstream wolfSSL master at commit 3062d1524 - New class: wolfssl-initramfs.bbclass * Allows any initramfs image to include the linuxkm module * Intended to be inherited from BSP/distro override layers This prepares the layer for future FIPS/non-FIPS split support and provides a clean mechanism for systems that need early-boot availability of the wolfSSL kernel module. Signed-off-by: Sameeh Jubran <[email protected]>
…gra kernel Signed-off-by: Sameeh Jubran <[email protected]>
Bbclass to apply wolfSSL DRBG callback hooks to Linux kernel. Fetches patches from wolfSSL GitHub, works with any kernel flavor. Usage in kernel bbappend: inherit wolfssl-kernel-random WOLFSSL_KERNEL_RANDOM_PATCH = "5.17-ubuntu-jammy-tegra" Signed-off-by: Sameeh Jubran <[email protected]>
of gnutls-wolfssl (https://github.com/wolfSSL/gnutls/tree/gnutls-wolfssl-3.8.11); - added nettle 3.10 recipe, gnutls depends on nettle to be >= 3.10; - removed conditional bbappends in favor of the demo image and recipes-core + inc configuration setup;
Add commercial FIPS LinuxKM recipe. Signed-off-by: Sameeh Jubran <[email protected]> Signed-off-by: Zackery Backman <[email protected]>
night1rider
force-pushed
the
refactor-finalization
branch
2 times, most recently
from
db084ac to
e3fa29d
Compare
night1rider
force-pushed
the
refactor-finalization
branch
from
e3fa29d to
12c4514
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remade from #146 due to being against wrong branch