Message ID | 1423836543-1355-1-git-send-email-joerg.krause@embedded.rocks |
---|---|
State | Not Applicable |
Headers | show |
On Fr, 2015-02-13 at 15:09 +0100, Jörg Krause wrote: > Bump to version 2015.01: > * Enable optional support for FIT Signature Verification > * Remove patch 0002-nostrip, it's upstream > > Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> > --- > Changes v2 -> v3: > - Fix whitespace errors in patch > > Changes v1 -> v2: > - Make FIT Signature Verification optional to avoid mandatory dependency > of openssl > - Add a patch from Debian to allow building without a target config file > - Drop patch renaming, it's upstream > --- > package/uboot-tools/0002-nostrip.patch | 61 ---------------------- > .../0002-tools-only-in-no-dot-config-targets.patch | 39 ++++++++++++++ > package/uboot-tools/Config.in | 18 +++++++ > package/uboot-tools/Config.in.host | 18 +++++++ > package/uboot-tools/uboot-tools.mk | 25 ++++++++- > 5 files changed, 98 insertions(+), 63 deletions(-) > delete mode 100644 package/uboot-tools/0002-nostrip.patch > create mode 100644 package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch > > diff --git a/package/uboot-tools/0002-nostrip.patch b/package/uboot-tools/0002-nostrip.patch > deleted file mode 100644 > index 7333f41..0000000 > --- a/package/uboot-tools/0002-nostrip.patch > +++ /dev/null > @@ -1,61 +0,0 @@ > -From 17e0d6ddd1dc5d04b8032bde2f2076134b0c6dd7 Mon Sep 17 00:00:00 2001 > -From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> > -Date: Wed, 27 Aug 2014 14:21:32 +0200 > -Subject: [PATCH] tools/env: change stripping strategy to allow no-stripping > - > -When building the U-Boot tools for non-ELF platforms (such as Blackfin > -FLAT), since commit 79fc0c5f498c3982aa4740c273ab1a9255063d9c > -("tools/env: cross-compile fw_printenv without setting HOSTCC"), the > -build fails because it tries to strip a FLAT binary, which does not > -make sense. > - > -This commit solves this by changing the stripping logic in > -tools/env/Makefile to be similar to the one in tools/Makefile. This > -logic continues to apply strip to the final binary, but does not abort > -the build if it fails, and does the stripping in place on the final > -binary. This allows the logic to work fine if stripping doesn't work, > -as it leaves the final binary untouched. > - > -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> > -Cc: Masahiro Yamada <yamada.m@jp.panasonic.com> > -Cc: Sonic Zhang <sonic.zhang@analog.com> > ---- > -An improved solution would be to be able to override STRIP completely > -by setting it to /bin/true, but the main Makefile enforces STRIP = > -$(CROSS_COMPILE)strip. > - > -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> > ---- > - tools/env/Makefile | 14 ++++++++------ > - 1 file changed, 8 insertions(+), 6 deletions(-) > - > -diff --git a/tools/env/Makefile b/tools/env/Makefile > -index f5368bc..d047aa5 100644 > ---- a/tools/env/Makefile > -+++ b/tools/env/Makefile > -@@ -21,14 +21,16 @@ HOST_EXTRACFLAGS += -DMTD_OLD > - endif > - > - always := fw_printenv > --hostprogs-y := fw_printenv_unstripped > -+hostprogs-y := fw_printenv > - > --fw_printenv_unstripped-objs := fw_env.o fw_env_main.o \ > -+fw_printenv-objs := fw_env.o fw_env_main.o \ > - crc32.o ctype.o linux_string.o \ > - env_attr.o env_flags.o aes.o > - > --quiet_cmd_strip = STRIP $@ > -- cmd_strip = $(STRIP) -o $@ $< > -+quiet_cmd_crosstools_strip = STRIP $^ > -+ cmd_crosstools_strip = $(STRIP) $^; touch $@ > - > --$(obj)/fw_printenv: $(obj)/fw_printenv_unstripped FORCE > -- $(call if_changed,strip) > -+$(obj)/.strip: $(obj)/fw_printenv > -+ $(call cmd,crosstools_strip) > -+ > -+always += .strip > --- > -2.0.0 > - > diff --git a/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch b/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch > new file mode 100644 > index 0000000..94dfbdb > --- /dev/null > +++ b/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch > @@ -0,0 +1,39 @@ > +From 7d9bac7bf8d9ef39ab6b6e8d436e3dbdee5cd120 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks> > +Date: Sun, 1 Feb 2015 21:53:47 +0100 > +Subject: [PATCH 1/1] tools only in no dot config targets > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +Revert upstream commit c7ad5cbb1ef2c33883f0fa7d0455095004fd306d: > + > + Makefile: drop "tools-only" from no-dot-config-targets > + > +This indirectly pulls in a build-dependency on libssl-dev used for FIT > +image support, and possibly GPL/OpenSSL licensing incompatibility > +issues. > + > +Based on Debian patch from u-boot-tools: > +http://ftp.de.debian.org/debian/pool/main/u/u-boot/u-boot_2014.10+dfsg1-2.1.debian.tar.xz > + > +Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> > +--- > +Makefile | 2 +- > +1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/Makefile b/Makefile > +index 36a9a28..f85c194 100644 > +--- a/Makefile > ++++ b/Makefile > +@@ -417,7 +417,7 @@ timestamp_h := include/generated/timestamp_autogenerated.h > + > +no-dot-config-targets := clean clobber mrproper distclean \ > + help %docs check% coccicheck \ > +- ubootversion backup > ++ ubootversion backup tools-only > + > +config-targets := 0 > +mixed-targets := 0 > +-- > +2.2.2 > diff --git a/package/uboot-tools/Config.in b/package/uboot-tools/Config.in > index 7c8f17c..66045af 100644 > --- a/package/uboot-tools/Config.in > +++ b/package/uboot-tools/Config.in > @@ -13,6 +13,24 @@ config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE > The mkimage tool from Das U-Boot bootloader, which allows > generation of U-Boot images in various formats. > > +if BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE > +config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT > + bool "FIT signature verification support" > + select BR2_PACKAGE_OPENSSL > + help > + Enables support for FIT Signature Verification. > + > + Flat Image Trees (FIT) supports hashing of images so that these > + hashes can be checked on loading. This protects against corruption > + of the image. However it does not prevent the substitution of one > + image for another. > + > + The signature feature allows the hash to be signed with a private > + key such that it can be verified using a public key later. Provided > + that the private key is kept secret and the public key is stored in > + a non-volatile place, any image can be verified in this way. > +endif > + > config BR2_PACKAGE_UBOOT_TOOLS_MKENVIMAGE > bool "mkenvimage" > help > diff --git a/package/uboot-tools/Config.in.host b/package/uboot-tools/Config.in.host > index 7a844e9..7388332 100644 > --- a/package/uboot-tools/Config.in.host > +++ b/package/uboot-tools/Config.in.host > @@ -4,3 +4,21 @@ config BR2_PACKAGE_HOST_UBOOT_TOOLS > Companion tools for Das U-Boot bootloader. > > http://www.denx.de/wiki/U-Boot/WebHome > + > +if BR2_PACKAGE_HOST_UBOOT_TOOLS > +config BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT > + bool "FIT signature verification support" > + select BR2_PACKAGE_OPENSSL > + help > + Enables support for FIT Signature Verification. > + > + Flat Image Trees (FIT) supports hashing of images so that these > + hashes can be checked on loading. This protects against corruption > + of the image. However it does not prevent the substitution of one > + image for another. > + > + The signature feature allows the hash to be signed with a private > + key such that it can be verified using a public key later. Provided > + that the private key is kept secret and the public key is stored in > + a non-volatile place, any image can be verified in this way. > +endif > diff --git a/package/uboot-tools/uboot-tools.mk b/package/uboot-tools/uboot-tools.mk > index f02bb55..6411e6e 100644 > --- a/package/uboot-tools/uboot-tools.mk > +++ b/package/uboot-tools/uboot-tools.mk > @@ -4,18 +4,24 @@ > # > ################################################################################ > > -UBOOT_TOOLS_VERSION = 2014.07 > +UBOOT_TOOLS_VERSION = 2015.01 > UBOOT_TOOLS_SOURCE = u-boot-$(UBOOT_TOOLS_VERSION).tar.bz2 > UBOOT_TOOLS_SITE = ftp://ftp.denx.de/pub/u-boot > UBOOT_TOOLS_LICENSE = GPLv2+ > UBOOT_TOOLS_LICENSE_FILES = Licenses/gpl-2.0.txt > > +define UBOOT_TOOLS_CONFIGURE_CMDS > + mkdir -p $(@D)/include/config > + touch $(@D)/include/config/auto.conf > +endef > + > define UBOOT_TOOLS_BUILD_CMDS > $(MAKE) -C $(@D) \ > CROSS_COMPILE="$(TARGET_CROSS)" \ > CFLAGS="$(TARGET_CFLAGS)" \ > LDFLAGS="$(TARGET_LDFLAGS)" \ > CROSS_BUILD_TOOLS=y \ > + CONFIG_FIT_SIGNATURE=$(FIT_SIGNATURE_SUPPORT) \ > tools-only > $(MAKE) -C $(@D) \ > CROSS_COMPILE="$(TARGET_CROSS)" \ > @@ -28,7 +34,11 @@ ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE),y) > define UBOOT_TOOLS_INSTALL_MKIMAGE > $(INSTALL) -m 0755 -D $(@D)/tools/mkimage $(TARGET_DIR)/usr/bin/mkimage > endef > -endif > +ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT),y) > +UBOOT_TOOLS_DEPENDENCIES = openssl > +FIT_SIGNATURE_SUPPORT=y > +endif # BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT > +endif # BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE > > ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKENVIMAGE),y) > define UBOOT_TOOLS_INSTALL_MKENVIMAGE > @@ -49,8 +59,19 @@ define UBOOT_TOOLS_INSTALL_TARGET_CMDS > $(UBOOT_TOOLS_INSTALL_FWPRINTENV) > endef > > +ifeq ($(BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT),y) > +HOST_UBOOT_TOOLS_DEPENDENCIES = openssl > +FIT_SIGNATURE_SUPPORT=y > +endif > + > +define HOST_UBOOT_TOOLS_CONFIGURE_CMDS > + mkdir -p $(@D)/include/config > + touch $(@D)/include/config/auto.conf > +endef > + > define HOST_UBOOT_TOOLS_BUILD_CMDS > $(MAKE1) -C $(@D) \ > + -e CONFIG_FIT_SIGNATURE=$(FIT_SIGNATURE_SUPPORT) \ > HOSTCC="$(HOSTCC)" \ > HOSTCFLAGS="$(HOST_CFLAGS)" \ > HOSTLDFLAGS="$(HOST_LDFLAGS)" \ Sorry for the noise! This patch claiming to fix the whitespace errors is not applicable. I did somewhere a mistake. I marked this patch as "Not Applicable" in patchwork and will look for the cause why git complains about the whitespaces.
diff --git a/package/uboot-tools/0002-nostrip.patch b/package/uboot-tools/0002-nostrip.patch deleted file mode 100644 index 7333f41..0000000 --- a/package/uboot-tools/0002-nostrip.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 17e0d6ddd1dc5d04b8032bde2f2076134b0c6dd7 Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> -Date: Wed, 27 Aug 2014 14:21:32 +0200 -Subject: [PATCH] tools/env: change stripping strategy to allow no-stripping - -When building the U-Boot tools for non-ELF platforms (such as Blackfin -FLAT), since commit 79fc0c5f498c3982aa4740c273ab1a9255063d9c -("tools/env: cross-compile fw_printenv without setting HOSTCC"), the -build fails because it tries to strip a FLAT binary, which does not -make sense. - -This commit solves this by changing the stripping logic in -tools/env/Makefile to be similar to the one in tools/Makefile. This -logic continues to apply strip to the final binary, but does not abort -the build if it fails, and does the stripping in place on the final -binary. This allows the logic to work fine if stripping doesn't work, -as it leaves the final binary untouched. - -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> -Cc: Masahiro Yamada <yamada.m@jp.panasonic.com> -Cc: Sonic Zhang <sonic.zhang@analog.com> ---- -An improved solution would be to be able to override STRIP completely -by setting it to /bin/true, but the main Makefile enforces STRIP = -$(CROSS_COMPILE)strip. - -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> ---- - tools/env/Makefile | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/tools/env/Makefile b/tools/env/Makefile -index f5368bc..d047aa5 100644 ---- a/tools/env/Makefile -+++ b/tools/env/Makefile -@@ -21,14 +21,16 @@ HOST_EXTRACFLAGS += -DMTD_OLD - endif - - always := fw_printenv --hostprogs-y := fw_printenv_unstripped -+hostprogs-y := fw_printenv - --fw_printenv_unstripped-objs := fw_env.o fw_env_main.o \ -+fw_printenv-objs := fw_env.o fw_env_main.o \ - crc32.o ctype.o linux_string.o \ - env_attr.o env_flags.o aes.o - --quiet_cmd_strip = STRIP $@ -- cmd_strip = $(STRIP) -o $@ $< -+quiet_cmd_crosstools_strip = STRIP $^ -+ cmd_crosstools_strip = $(STRIP) $^; touch $@ - --$(obj)/fw_printenv: $(obj)/fw_printenv_unstripped FORCE -- $(call if_changed,strip) -+$(obj)/.strip: $(obj)/fw_printenv -+ $(call cmd,crosstools_strip) -+ -+always += .strip --- -2.0.0 - diff --git a/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch b/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch new file mode 100644 index 0000000..94dfbdb --- /dev/null +++ b/package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch @@ -0,0 +1,39 @@ +From 7d9bac7bf8d9ef39ab6b6e8d436e3dbdee5cd120 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks> +Date: Sun, 1 Feb 2015 21:53:47 +0100 +Subject: [PATCH 1/1] tools only in no dot config targets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Revert upstream commit c7ad5cbb1ef2c33883f0fa7d0455095004fd306d: + + Makefile: drop "tools-only" from no-dot-config-targets + +This indirectly pulls in a build-dependency on libssl-dev used for FIT +image support, and possibly GPL/OpenSSL licensing incompatibility +issues. + +Based on Debian patch from u-boot-tools: +http://ftp.de.debian.org/debian/pool/main/u/u-boot/u-boot_2014.10+dfsg1-2.1.debian.tar.xz + +Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> +--- +Makefile | 2 +- +1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 36a9a28..f85c194 100644 +--- a/Makefile ++++ b/Makefile +@@ -417,7 +417,7 @@ timestamp_h := include/generated/timestamp_autogenerated.h + +no-dot-config-targets := clean clobber mrproper distclean \ + help %docs check% coccicheck \ +- ubootversion backup ++ ubootversion backup tools-only + +config-targets := 0 +mixed-targets := 0 +-- +2.2.2 diff --git a/package/uboot-tools/Config.in b/package/uboot-tools/Config.in index 7c8f17c..66045af 100644 --- a/package/uboot-tools/Config.in +++ b/package/uboot-tools/Config.in @@ -13,6 +13,24 @@ config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE The mkimage tool from Das U-Boot bootloader, which allows generation of U-Boot images in various formats. +if BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE +config BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT + bool "FIT signature verification support" + select BR2_PACKAGE_OPENSSL + help + Enables support for FIT Signature Verification. + + Flat Image Trees (FIT) supports hashing of images so that these + hashes can be checked on loading. This protects against corruption + of the image. However it does not prevent the substitution of one + image for another. + + The signature feature allows the hash to be signed with a private + key such that it can be verified using a public key later. Provided + that the private key is kept secret and the public key is stored in + a non-volatile place, any image can be verified in this way. +endif + config BR2_PACKAGE_UBOOT_TOOLS_MKENVIMAGE bool "mkenvimage" help diff --git a/package/uboot-tools/Config.in.host b/package/uboot-tools/Config.in.host index 7a844e9..7388332 100644 --- a/package/uboot-tools/Config.in.host +++ b/package/uboot-tools/Config.in.host @@ -4,3 +4,21 @@ config BR2_PACKAGE_HOST_UBOOT_TOOLS Companion tools for Das U-Boot bootloader. http://www.denx.de/wiki/U-Boot/WebHome + +if BR2_PACKAGE_HOST_UBOOT_TOOLS +config BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT + bool "FIT signature verification support" + select BR2_PACKAGE_OPENSSL + help + Enables support for FIT Signature Verification. + + Flat Image Trees (FIT) supports hashing of images so that these + hashes can be checked on loading. This protects against corruption + of the image. However it does not prevent the substitution of one + image for another. + + The signature feature allows the hash to be signed with a private + key such that it can be verified using a public key later. Provided + that the private key is kept secret and the public key is stored in + a non-volatile place, any image can be verified in this way. +endif diff --git a/package/uboot-tools/uboot-tools.mk b/package/uboot-tools/uboot-tools.mk index f02bb55..6411e6e 100644 --- a/package/uboot-tools/uboot-tools.mk +++ b/package/uboot-tools/uboot-tools.mk @@ -4,18 +4,24 @@ # ################################################################################ -UBOOT_TOOLS_VERSION = 2014.07 +UBOOT_TOOLS_VERSION = 2015.01 UBOOT_TOOLS_SOURCE = u-boot-$(UBOOT_TOOLS_VERSION).tar.bz2 UBOOT_TOOLS_SITE = ftp://ftp.denx.de/pub/u-boot UBOOT_TOOLS_LICENSE = GPLv2+ UBOOT_TOOLS_LICENSE_FILES = Licenses/gpl-2.0.txt +define UBOOT_TOOLS_CONFIGURE_CMDS + mkdir -p $(@D)/include/config + touch $(@D)/include/config/auto.conf +endef + define UBOOT_TOOLS_BUILD_CMDS $(MAKE) -C $(@D) \ CROSS_COMPILE="$(TARGET_CROSS)" \ CFLAGS="$(TARGET_CFLAGS)" \ LDFLAGS="$(TARGET_LDFLAGS)" \ CROSS_BUILD_TOOLS=y \ + CONFIG_FIT_SIGNATURE=$(FIT_SIGNATURE_SUPPORT) \ tools-only $(MAKE) -C $(@D) \ CROSS_COMPILE="$(TARGET_CROSS)" \ @@ -28,7 +34,11 @@ ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE),y) define UBOOT_TOOLS_INSTALL_MKIMAGE $(INSTALL) -m 0755 -D $(@D)/tools/mkimage $(TARGET_DIR)/usr/bin/mkimage endef -endif +ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT),y) +UBOOT_TOOLS_DEPENDENCIES = openssl +FIT_SIGNATURE_SUPPORT=y +endif # BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE_FIT_SIGNATURE_SUPPORT +endif # BR2_PACKAGE_UBOOT_TOOLS_MKIMAGE ifeq ($(BR2_PACKAGE_UBOOT_TOOLS_MKENVIMAGE),y) define UBOOT_TOOLS_INSTALL_MKENVIMAGE @@ -49,8 +59,19 @@ define UBOOT_TOOLS_INSTALL_TARGET_CMDS $(UBOOT_TOOLS_INSTALL_FWPRINTENV) endef +ifeq ($(BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT),y) +HOST_UBOOT_TOOLS_DEPENDENCIES = openssl +FIT_SIGNATURE_SUPPORT=y +endif + +define HOST_UBOOT_TOOLS_CONFIGURE_CMDS + mkdir -p $(@D)/include/config + touch $(@D)/include/config/auto.conf +endef + define HOST_UBOOT_TOOLS_BUILD_CMDS $(MAKE1) -C $(@D) \ + -e CONFIG_FIT_SIGNATURE=$(FIT_SIGNATURE_SUPPORT) \ HOSTCC="$(HOSTCC)" \ HOSTCFLAGS="$(HOST_CFLAGS)" \ HOSTLDFLAGS="$(HOST_LDFLAGS)" \
Bump to version 2015.01: * Enable optional support for FIT Signature Verification * Remove patch 0002-nostrip, it's upstream Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> --- Changes v2 -> v3: - Fix whitespace errors in patch Changes v1 -> v2: - Make FIT Signature Verification optional to avoid mandatory dependency of openssl - Add a patch from Debian to allow building without a target config file - Drop patch renaming, it's upstream --- package/uboot-tools/0002-nostrip.patch | 61 ---------------------- .../0002-tools-only-in-no-dot-config-targets.patch | 39 ++++++++++++++ package/uboot-tools/Config.in | 18 +++++++ package/uboot-tools/Config.in.host | 18 +++++++ package/uboot-tools/uboot-tools.mk | 25 ++++++++- 5 files changed, 98 insertions(+), 63 deletions(-) delete mode 100644 package/uboot-tools/0002-nostrip.patch create mode 100644 package/uboot-tools/0002-tools-only-in-no-dot-config-targets.patch