On Wed, 11 May 2022 at 10:15, leimao...@fujitsu.com
<leimao...@fujitsu.com> wrote:
> I got it. It seems an unusual method because there is no recipe using this
> way in .
> In this way, it means that if user want to enable fips, the following
> PACKAGECONFIG should be added in recipe.
>
> PACKAGECONFIG:append:class-target = fips
> PACKAGECONFIG:append:class-nativesdk = fips
> PACKAGECONFIG:append:class-target = fips-native
Yes, this should be fine. You can add a comment in the recipe
explaining how to do it.
> So, I'll send a v3 patch in this way, is it ok?
Yes please. The real problem here is that gnutls upstream didn't
consider how fips build is supposed to work in cross-compilation,
so you should also file a ticket with them and hopefully discuss how
the problem can be properly solved.
There are two options:
- do what your patch does and use the needed binary from the host
system, subject to ./configure flag.
- build the needed binary twice, first for the host (using BUILD_CC),
then for the cross-target.
Alex
>
> > -----Original Message-----
> > From: Alexander Kanavin <alex.kana...@gmail.com>
> > Sent: Wednesday, May 11, 2022 1:40 PM
> > To: Lei, Maohui <leimao...@fujitsu.com>
> > Cc: OE-core <openembedded-core@lists.openembedded.org>
> > Subject: Re: [OE-core] [PATCH v2] gnutls: Added fips support option.
> >
> > On Tue, 10 May 2022 at 02:54, leimao...@fujitsu.com <leimao...@fujitsu.com>
> > wrote:
> > > I'm afraid I'm not quite with you. Searched poky by the following command
> > > and
> > there is no example about how to config PACKAGECONFIG[xxx] for target or
> > native separately.
> > > The result is all about how to config PACKAGECONFIG for target or native.
> > > ----------------------------------------
> > > $ grep -ir PACKAGECONFIG *|grep class-native
> > > meta/recipes-support/libcap/libcap_2.64.bb:PACKAGECONFIG:class-native ??=
> > ""
> > > meta/recipes-support/vim/vim_8.2.bb:PACKAGECONFIG:class-native = ""
> > > meta/recipes-support/sqlite/sqlite3.inc:PACKAGECONFIG:class-native ?=
> > > "fts4
> > fts5 rtree dyn_ext"
> > > ......
> > > ----------------------------------------
> > >
> > > But I think you mean not PACKAGECONFIG but PACKAGECONFIG[fips]. For
> > example, in libcap_2.64.bb file:
> > > $ cat meta/recipes-support/libcap/libcap_2.64.bb
> > > ......
> > > PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES',
> > > 'seccomp', d)} " //not here ......
> > > PACKAGECONFIG[fips] = "--enable-fips140-mode
> > --with-libdl-prefix=${STAGING_BASELIBDIR},--disable-fips140-mode" //Your
> > comment means modify here
> > > .......
> > >
> > > Did I misunderstand?
> >
> > Sorry, it's always a bit confusing with PACKAGECONFIG, as the keyword is
> > used for
> > two different purposes.
> >
> > What I meant is something like this:
> >
> > PACKAGECONFIG ??= "fips"
> > PACKAGECONFIG:class-native ??= "fips-native"
> >
> > Alex
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165496):
https://lists.openembedded.org/g/openembedded-core/message/165496
Mute This Topic: https://lists.openembedded.org/mt/90926966/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
