initial buildroot for linux 5.15
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
fix musl build
|
||||
|
||||
Patch inspired by
|
||||
https://github.com/kraj/meta-musl/blob/master/recipes-core/util-linux/util-linux-2.25/0001-switch_root-use-typeof-instead-of-__SWORD_TYPE-for-s.patch
|
||||
|
||||
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
||||
|
||||
diff -uNr ecryptfs-utils-109.org/src/utils/mount.ecryptfs_private.c ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c
|
||||
--- ecryptfs-utils-109.org/src/utils/mount.ecryptfs_private.c 2016-01-22 17:04:52.000000000 +0100
|
||||
+++ ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c 2016-01-24 16:52:37.000000000 +0100
|
||||
@@ -224,6 +224,7 @@
|
||||
|
||||
static int check_cwd_f_type()
|
||||
{
|
||||
+ struct statfs buf;
|
||||
/**
|
||||
* This is *not* a list of compatible lower filesystems list for
|
||||
* eCryptfs. This is a list of filesystems that we reasonably expect to
|
||||
@@ -235,7 +236,7 @@
|
||||
* deceive other programs with a crafted /proc/self/*. See
|
||||
* https://launchpad.net/bugs/1530566 for more details.
|
||||
*/
|
||||
- __SWORD_TYPE f_type_whitelist[] = {
|
||||
+ typeof(buf.f_type) f_type_whitelist[] = {
|
||||
0x61756673 /* AUFS_SUPER_MAGIC */,
|
||||
0x9123683E /* BTRFS_SUPER_MAGIC */,
|
||||
0x00C36400 /* CEPH_SUPER_MAGIC */,
|
||||
@@ -259,7 +260,6 @@
|
||||
0x58465342 /* XFS_SB_MAGIC */,
|
||||
0x2FC12FC1 /* ZFS_SUPER_MAGIC */,
|
||||
};
|
||||
- struct statfs buf;
|
||||
size_t i, whitelist_len;
|
||||
|
||||
if (statfs(".", &buf) != 0) {
|
||||
@@ -0,0 +1,173 @@
|
||||
Fix build with OpenSSL 1.1.x
|
||||
|
||||
Downloaded from upstream commit
|
||||
https://code.launchpad.net/~jelle-vdwaa/ecryptfs/ecryptfs/+merge/319746
|
||||
|
||||
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
||||
|
||||
=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
|
||||
--- a/src/key_mod/ecryptfs_key_mod_openssl.c 2013-10-25 19:45:09 +0000
|
||||
+++ b/src/key_mod/ecryptfs_key_mod_openssl.c 2017-06-02 18:27:28 +0000
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <libgen.h>
|
||||
+#include <openssl/bn.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/err.h>
|
||||
@@ -55,6 +56,19 @@
|
||||
char *passphrase;
|
||||
};
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+static void RSA_get0_key(const RSA *r,
|
||||
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||
+{
|
||||
+ if (n != NULL)
|
||||
+ *n = r->n;
|
||||
+ if (e != NULL)
|
||||
+ *e = r->e;
|
||||
+ if (d != NULL)
|
||||
+ *d = r->d;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static void
|
||||
ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data)
|
||||
{
|
||||
@@ -142,6 +156,7 @@
|
||||
{
|
||||
int len, nbits, ebits, i;
|
||||
int nbytes, ebytes;
|
||||
+ const BIGNUM *key_n, *key_e;
|
||||
unsigned char *hash;
|
||||
unsigned char *data = NULL;
|
||||
int rc = 0;
|
||||
@@ -152,11 +167,13 @@
|
||||
rc = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
- nbits = BN_num_bits(key->n);
|
||||
+ RSA_get0_key(key, &key_n, NULL, NULL);
|
||||
+ nbits = BN_num_bits(key_n);
|
||||
nbytes = nbits / 8;
|
||||
if (nbits % 8)
|
||||
nbytes++;
|
||||
- ebits = BN_num_bits(key->e);
|
||||
+ RSA_get0_key(key, NULL, &key_e, NULL);
|
||||
+ ebits = BN_num_bits(key_e);
|
||||
ebytes = ebits / 8;
|
||||
if (ebits % 8)
|
||||
ebytes++;
|
||||
@@ -179,11 +196,13 @@
|
||||
data[i++] = '\02';
|
||||
data[i++] = (nbits >> 8);
|
||||
data[i++] = nbits;
|
||||
- BN_bn2bin(key->n, &(data[i]));
|
||||
+ RSA_get0_key(key, &key_n, NULL, NULL);
|
||||
+ BN_bn2bin(key_n, &(data[i]));
|
||||
i += nbytes;
|
||||
data[i++] = (ebits >> 8);
|
||||
data[i++] = ebits;
|
||||
- BN_bn2bin(key->e, &(data[i]));
|
||||
+ RSA_get0_key(key, NULL, &key_e, NULL);
|
||||
+ BN_bn2bin(key_e, &(data[i]));
|
||||
i += ebytes;
|
||||
SHA1(data, len + 3, hash);
|
||||
to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
|
||||
@@ -278,7 +297,9 @@
|
||||
BIO *in = NULL;
|
||||
int rc;
|
||||
|
||||
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
CRYPTO_malloc_init();
|
||||
+ #endif
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
ENGINE_load_builtin_engines();
|
||||
|
||||
=== modified file 'src/key_mod/ecryptfs_key_mod_pkcs11_helper.c'
|
||||
--- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2013-10-25 19:45:09 +0000
|
||||
+++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2017-06-02 18:27:28 +0000
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
+#include <openssl/bn.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509.h>
|
||||
@@ -77,6 +78,19 @@
|
||||
typedef const unsigned char *__pkcs11_openssl_d2i_t;
|
||||
#endif
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+static void RSA_get0_key(const RSA *r,
|
||||
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||
+{
|
||||
+ if (n != NULL)
|
||||
+ *n = r->n;
|
||||
+ if (e != NULL)
|
||||
+ *e = r->e;
|
||||
+ if (d != NULL)
|
||||
+ *d = r->d;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/**
|
||||
* ecryptfs_pkcs11h_deserialize
|
||||
* @pkcs11h_data: The deserialized version of the key module data;
|
||||
@@ -282,7 +296,11 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if (pubkey->type != EVP_PKEY_RSA) {
|
||||
+ #else
|
||||
+ if (EVP_PKEY_base_id(pubkey) != EVP_PKEY_RSA) {
|
||||
+ #endif
|
||||
syslog(LOG_ERR, "PKCS#11: Invalid public key algorithm");
|
||||
rc = -EIO;
|
||||
goto out;
|
||||
@@ -318,6 +336,7 @@
|
||||
int nbytes, ebytes;
|
||||
char *hash = NULL;
|
||||
char *data = NULL;
|
||||
+ const BIGNUM *rsa_n, *rsa_e;
|
||||
int rc;
|
||||
|
||||
if ((rc = ecryptfs_pkcs11h_get_public_key(&rsa, blob))) {
|
||||
@@ -331,11 +350,13 @@
|
||||
rc = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
- nbits = BN_num_bits(rsa->n);
|
||||
+ RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
||||
+ nbits = BN_num_bits(rsa_n);
|
||||
nbytes = nbits / 8;
|
||||
if (nbits % 8)
|
||||
nbytes++;
|
||||
- ebits = BN_num_bits(rsa->e);
|
||||
+ RSA_get0_key(rsa, NULL, &rsa_e, NULL);
|
||||
+ ebits = BN_num_bits(rsa_e);
|
||||
ebytes = ebits / 8;
|
||||
if (ebits % 8)
|
||||
ebytes++;
|
||||
@@ -358,11 +379,13 @@
|
||||
data[i++] = '\02';
|
||||
data[i++] = (char)(nbits >> 8);
|
||||
data[i++] = (char)nbits;
|
||||
- BN_bn2bin(rsa->n, &(data[i]));
|
||||
+ RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
||||
+ BN_bn2bin(rsa_n, &(data[i]));
|
||||
i += nbytes;
|
||||
data[i++] = (char)(ebits >> 8);
|
||||
data[i++] = (char)ebits;
|
||||
- BN_bn2bin(rsa->e, &(data[i]));
|
||||
+ RSA_get0_key(rsa, NULL, &rsa_e, NULL);
|
||||
+ BN_bn2bin(rsa_e, &(data[i]));
|
||||
i += ebytes;
|
||||
SHA1(data, len + 3, hash);
|
||||
to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
fix parallel build issue
|
||||
|
||||
Build randomly fails since December 2017 on buildroot
|
||||
(http://autobuild.buildroot.org/?reason=ecryptfs-utils-111):
|
||||
|
||||
make[5]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/ecryptfs-utils-111/src/utils'
|
||||
/bin/mkdir -p '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
|
||||
/bin/bash ../../libtool --mode=install /usr/bin/install -c mount.ecryptfs umount.ecryptfs mount.ecryptfs_private '/home/buildroot/autobuild/instance-2/output-1/target/sbin'
|
||||
libtool: install: /usr/bin/install -c mount.ecryptfs /home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs
|
||||
/usr/bin/install: cannot create regular file '/home/buildroot/autobuild/instance-2/output-1/target/sbin/mount.ecryptfs': File exists
|
||||
Makefile:832: recipe for target 'install-rootsbinPROGRAMS' failed
|
||||
make[5]: *** [install-rootsbinPROGRAMS] Error 1
|
||||
|
||||
As spotted by Thomas Petazzoni, build failure happens because of the
|
||||
following line in src/utils/Makefile.am:
|
||||
|
||||
install-exec-hook: install-rootsbinPROGRAMS
|
||||
-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
|
||||
$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
|
||||
|
||||
The install-exec-hook target should not have a dependency on
|
||||
install-rootsbinPROGRAMS.
|
||||
|
||||
From https://www.gnu.org/software/automake/manual/html_node/Extending.html#Extending:
|
||||
|
||||
"""
|
||||
In contrast, some rules also have a way to run another rule, called a
|
||||
hook; hooks are always executed after the main rule’s work is done. The
|
||||
hook is named after the principal target, with ‘-hook’ appended. The
|
||||
targets allowing hooks are install-data, install-exec, uninstall, dist,
|
||||
and distcheck.
|
||||
|
||||
For instance, here is how to create a hard link to an installed program:
|
||||
|
||||
install-exec-hook:
|
||||
ln $(DESTDIR)$(bindir)/program$(EXEEXT) \
|
||||
$(DESTDIR)$(bindir)/proglink$(EXEEXT)
|
||||
|
||||
"""
|
||||
|
||||
So, they explicitly say that these hooks are run after the main rule
|
||||
work is done, which means the dependency on install-rootsbinPROGRAMS is
|
||||
not needed. And the example they use to illustrate is *exactly* the
|
||||
situation of ecryptfs-utils: creating a link to a program that was
|
||||
installed.
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Upstream status: https://bugs.launchpad.net/ecryptfs/+bug/1857622]
|
||||
|
||||
diff -Nuar ecryptfs-utils-111-orig/src/utils/Makefile.in ecryptfs-utils-111/src/utils/Makefile.in
|
||||
--- ecryptfs-utils-111-orig/src/utils/Makefile.in 2019-12-26 15:14:16.656146065 +0100
|
||||
+++ ecryptfs-utils-111/src/utils/Makefile.in 2019-12-26 17:36:07.108496164 +0100
|
||||
@@ -1522,7 +1522,7 @@
|
||||
.PRECIOUS: Makefile
|
||||
|
||||
|
||||
-install-exec-hook: install-rootsbinPROGRAMS
|
||||
+install-exec-hook:
|
||||
-rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
|
||||
$(LN_S) "mount.ecryptfs_private" "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private"
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
config BR2_PACKAGE_ECRYPTFS_UTILS
|
||||
bool "ecryptfs-utils"
|
||||
depends on BR2_USE_WCHAR # gettext
|
||||
depends on BR2_USE_MMU # keyutils
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS # libnss -> libnspr
|
||||
depends on BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT # libnss -> libnspr
|
||||
depends on !BR2_MIPS_NABI32 # libnss
|
||||
depends on !BR2_STATIC_LIBS # libnss, keyutils
|
||||
select BR2_PACKAGE_KEYUTILS
|
||||
select BR2_PACKAGE_LIBNSS
|
||||
# runtime dependency only, some scripts are using the
|
||||
# 'gettext' program to get translations
|
||||
select BR2_PACKAGE_GETTEXT
|
||||
# runtime dependency only
|
||||
select BR2_PACKAGE_GETENT
|
||||
help
|
||||
eCryptfs is a POSIX-compliant enterprise cryptographic
|
||||
filesystem for Linux. It is stacked on top of any other
|
||||
Linux filesystem, it stores cryptographic metadata in the
|
||||
header of each file written.
|
||||
|
||||
The eCryptfs kernel module is available in all Linux kernels
|
||||
since version 2.6.19. This package provides userspace
|
||||
utilities needed to mount eCryptfs.
|
||||
|
||||
Files are encrypted using a passphrase. Consider building
|
||||
openssl for another method.
|
||||
|
||||
http://ecryptfs.org
|
||||
|
||||
comment "ecryptfs-utils needs a toolchain w/ threads, wchar, dynamic library"
|
||||
depends on BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT
|
||||
depends on BR2_USE_MMU
|
||||
depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR || \
|
||||
BR2_STATIC_LIBS
|
||||
@@ -0,0 +1,5 @@
|
||||
# From https://launchpad.net/ecryptfs/trunk/111/+download/ecryptfs-utils_111.orig.tar.gz/+md5
|
||||
md5 83513228984f671930752c3518cac6fd ecryptfs-utils_111.orig.tar.gz
|
||||
# Locally computed
|
||||
sha256 112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f ecryptfs-utils_111.orig.tar.gz
|
||||
sha256 91df39d1816bfb17a4dda2d3d2c83b1f6f2d38d53e53e41e8f97ad5ac46a0cad COPYING
|
||||
@@ -0,0 +1,37 @@
|
||||
################################################################################
|
||||
#
|
||||
# ecryptfs-utils
|
||||
#
|
||||
################################################################################
|
||||
|
||||
ECRYPTFS_UTILS_VERSION = 111
|
||||
ECRYPTFS_UTILS_SOURCE = ecryptfs-utils_$(ECRYPTFS_UTILS_VERSION).orig.tar.gz
|
||||
ECRYPTFS_UTILS_SITE = https://launchpad.net/ecryptfs/trunk/$(ECRYPTFS_UTILS_VERSION)/+download
|
||||
ECRYPTFS_UTILS_LICENSE = GPL-2.0+
|
||||
ECRYPTFS_UTILS_LICENSE_FILES = COPYING
|
||||
ECRYPTFS_UTILS_CPE_ID_VENDOR = ecryptfs
|
||||
|
||||
ECRYPTFS_UTILS_DEPENDENCIES = keyutils libnss host-intltool
|
||||
ECRYPTFS_UTILS_CONF_OPTS = --disable-pywrap
|
||||
|
||||
#Needed for build system to find pk11func.h and libnss3.so
|
||||
ECRYPTFS_UTILS_CONF_ENV = \
|
||||
ac_cv_path_POD2MAN=true \
|
||||
NSS_CFLAGS="-I$(STAGING_DIR)/usr/include/nss -I$(STAGING_DIR)/usr/include/nspr" \
|
||||
NSS_LIBS="-lnss3"
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
|
||||
ECRYPTFS_UTILS_CONF_OPTS += --enable-pam
|
||||
ECRYPTFS_UTILS_DEPENDENCIES += linux-pam
|
||||
else
|
||||
ECRYPTFS_UTILS_CONF_OPTS += --disable-pam
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||
ECRYPTFS_UTILS_CONF_OPTS += --enable-openssl
|
||||
ECRYPTFS_UTILS_DEPENDENCIES += openssl
|
||||
else
|
||||
ECRYPTFS_UTILS_CONF_OPTS += --disable-openssl
|
||||
endif
|
||||
|
||||
$(eval $(autotools-package))
|
||||
Reference in New Issue
Block a user