On Wed, Oct 9, 2024 at 7:12 AM emailaddress.ashish via lists.yoctoproject.org <emailaddress.ashish=gmail....@lists.yoctoproject.org> wrote: > > Hi Tim & Khem Raj , > > I was able to get the openssl-3.2.0 using openssl-3.0.8( fips.so ) following > openssl documentation. > So at-least we know that functionality wise this is doable. > > The challenge now is in bringing this to Yocto , fow which can team please > suggest me : > > a) After enabling fips in yocto recipe , i can now see that the fips.so and > fipsmodules are created in build. > But they are not installed . > - If i try to manually add logic in do_install of openssl_3.2.2.bb recipe > , it created problem. > - That is because the same do_install is being used by : > openssl > openssl + classnative > openssl + classnativesdk. > Any suggestion here or any template or any pointer how can add install > steps only for openssl > > b) The logs of fips after configure step. > project/tmp/work/cortexa8hf-neon-mvdistro-linux-gnueabi/openssl/3.2.2/build/providers$ > ls -al fips.so fipsmodule.cnf > -rw-r--r-- 1 ashishm ashishm 221 Oct 9 14:01 fipsmodule.cnf > -rwxr-xr-x 1 ashishm ashishm 4526092 Oct 9 14:01 fips.so > > c) Please note that the compilation went fine after enabling fips . > > But since the do_install routine is used by openssl / openssl+classnative / > openssl+classnativesdk , any thing i do in do_install effects all three >
I would suggest to cover fips stuff under a packageconfig called 'fips' then you can check for that in do_install before acting upon it. > > Thanks , > Ashish > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#63995): https://lists.yoctoproject.org/g/yocto/message/63995 Mute This Topic: https://lists.yoctoproject.org/mt/106795437/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
