| Message ID | 1372354998-22542-1-git-send-email-sjg@chromium.org |
|---|---|
| State | Accepted |
| Delegated to: | Tom Rini |
| Headers | show |
Hi Simon, On Thu, 27 Jun 2013 10:43:18 -0700, Simon Glass <sjg@chromium.org> wrote: > If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning > that signing is not supported. Not sure I understand this scenario. Can you develop? Amicalement,
On Thu, Jun 27, 2013 at 10:55:19PM +0200, Albert ARIBAUD wrote: > Hi Simon, > > On Thu, 27 Jun 2013 10:43:18 -0700, Simon Glass <sjg@chromium.org> > wrote: > > > If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning > > that signing is not supported. > > Not sure I understand this scenario. Can you develop? mkimage is stand-alone and for example, some distributions build and ship a copy. If they build it without ssl stuff installed, their distribution shipped copy will not be able to make signed images. I'll make sure to spell things out in the release notes.
Hi Simon, On 27.06.13 19:43, Simon Glass wrote: > At present mkimage is set up to always build with image signing support. > This means that the SSL libraries (e.g. libssl-dev) are always required. > > Adjust things so that mkimage can be built with and without image signing, > controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file. > > If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning > that signing is not supported. If the option is enabled, but libraries are > not available, then a build error similar to this will be shown: > > lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory > > Signed-off-by: Simon Glass <sjg@chromium.org> > --- > config.mk | 6 +++++- > include/image.h | 3 --- > tools/Makefile | 2 +- > 3 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/config.mk b/config.mk > index 5a91203..81c2584 100644 > --- a/config.mk > +++ b/config.mk > @@ -96,7 +96,6 @@ HOSTCFLAGS += $(call os_x_before, 10, 4, "-traditional-cpp") > HOSTLDFLAGS += $(call os_x_before, 10, 5, "-multiply_defined suppress") > else > HOSTCC = gcc > -HOSTLIBS += -lssl -lcrypto > endif > > ifeq ($(HOSTOS),cygwin) > @@ -211,6 +210,11 @@ CPPFLAGS += -ffunction-sections -fdata-sections > LDFLAGS_FINAL += --gc-sections > endif > > +# TODO(sjg@chromium.org): Is this correct on Mac OS? I'll check it these days. Unfortunately regex is behaving differently on OS X too, so prooftool.c is not compiling: ---8<--- proftool.c: In function ‘check_trace_config_line’: proftool.c:336: error: ‘REG_NOERROR’ undeclared (first use in this function) --->8--- I'll check this too. Best regards Andreas Bießmann
Hi Andreas, On Thu, Jun 27, 2013 at 11:48 PM, Andreas Bießmann < andreas.devel@googlemail.com> wrote: > Hi Simon, > > On 27.06.13 19:43, Simon Glass wrote: > > At present mkimage is set up to always build with image signing support. > > This means that the SSL libraries (e.g. libssl-dev) are always required. > > > > Adjust things so that mkimage can be built with and without image > signing, > > controlled by the presence of CONFIG_FIT_SIGNATURE in the board config > file. > > > > If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a > warning > > that signing is not supported. If the option is enabled, but libraries > are > > not available, then a build error similar to this will be shown: > > > > lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or > directory > > > > Signed-off-by: Simon Glass <sjg@chromium.org> > > --- > > config.mk | 6 +++++- > > include/image.h | 3 --- > > tools/Makefile | 2 +- > > 3 files changed, 6 insertions(+), 5 deletions(-) > > > > diff --git a/config.mk b/config.mk > > index 5a91203..81c2584 100644 > > --- a/config.mk > > +++ b/config.mk > > @@ -96,7 +96,6 @@ HOSTCFLAGS += $(call os_x_before, 10, 4, > "-traditional-cpp") > > HOSTLDFLAGS += $(call os_x_before, 10, 5, "-multiply_defined suppress") > > else > > HOSTCC = gcc > > -HOSTLIBS += -lssl -lcrypto > > endif > > > > ifeq ($(HOSTOS),cygwin) > > @@ -211,6 +210,11 @@ CPPFLAGS += -ffunction-sections -fdata-sections > > LDFLAGS_FINAL += --gc-sections > > endif > > > > +# TODO(sjg@chromium.org): Is this correct on Mac OS? > > I'll check it these days. Unfortunately regex is behaving differently on > OS X too, so prooftool.c is not compiling: > > ---8<--- > proftool.c: In function ‘check_trace_config_line’: > proftool.c:336: error: ‘REG_NOERROR’ undeclared (first use in this > function) > --->8--- > > I'll check this too. > Thank you! I do actually have a Mac somewhere but just not the enthusiasm to get their baroque dev env running. I had a crack at installing pygame and it nearly finished me off. Is there a web page somewhere with simple instructions? Regards, Simon
Hi Simon, On 28.06.13 08:52, Simon Glass wrote: > Hi Andreas, > > On Thu, Jun 27, 2013 at 11:48 PM, Andreas Bießmann > <andreas.devel@googlemail.com <mailto:andreas.devel@googlemail.com>> wrote: <snip> > > +# TODO(sjg@chromium.org <mailto:sjg@chromium.org>): Is this > correct on Mac OS? > > I'll check it these days. Unfortunately regex is behaving differently on > OS X too, so prooftool.c is not compiling: > > ---8<--- > proftool.c: In function ‘check_trace_config_line’: > proftool.c:336: error: ‘REG_NOERROR’ undeclared (first use in this > function) > --->8--- > > I'll check this too. > > > Thank you! I do actually have a Mac somewhere but just not the > enthusiasm to get their baroque dev env running. Use third party stuff like fink, macports or something like that. > I had a crack at > installing pygame and it nearly finished me off. Is there a web page > somewhere with simple instructions? finkproject.org ;) No, not really something on u-boot or linux dev on Mac. Best regards Andreas Bießmann
Hi Andreas, On Fri, Jun 28, 2013 at 12:02 AM, Andreas Bießmann < andreas.devel@googlemail.com> wrote: > Hi Simon, > > On 28.06.13 08:52, Simon Glass wrote: > > Hi Andreas, > > > > On Thu, Jun 27, 2013 at 11:48 PM, Andreas Bießmann > > <andreas.devel@googlemail.com <mailto:andreas.devel@googlemail.com>> > wrote: > > <snip> > > > > +# TODO(sjg@chromium.org <mailto:sjg@chromium.org>): Is this > > correct on Mac OS? > > > > I'll check it these days. Unfortunately regex is behaving > differently on > > OS X too, so prooftool.c is not compiling: > > > > ---8<--- > > proftool.c: In function ‘check_trace_config_line’: > > proftool.c:336: error: ‘REG_NOERROR’ undeclared (first use in this > > function) > > --->8--- > > > > I'll check this too. > > > > > > Thank you! I do actually have a Mac somewhere but just not the > > enthusiasm to get their baroque dev env running. > > Use third party stuff like fink, macports or something like that. > > > I had a crack at > > installing pygame and it nearly finished me off. Is there a web page > > somewhere with simple instructions? > > finkproject.org ;) > No, not really something on u-boot or linux dev on Mac. > Thanks - I vaguely remember finding that, I will try harder. I am sure it is soluble in a sufficient quantity of ale. Regards, Simon
Hi Simon, On 28/06/13 10:02, Andreas Bießmann wrote: > Hi Simon, > > On 28.06.13 08:52, Simon Glass wrote: >> Hi Andreas, >> >> On Thu, Jun 27, 2013 at 11:48 PM, Andreas Bießmann >> <andreas.devel@googlemail.com <mailto:andreas.devel@googlemail.com>> wrote: > > <snip> > >> > +# TODO(sjg@chromium.org <mailto:sjg@chromium.org>): Is this >> correct on Mac OS? >> >> I'll check it these days. Unfortunately regex is behaving differently on >> OS X too, so prooftool.c is not compiling: >> >> ---8<--- >> proftool.c: In function ‘check_trace_config_line’: >> proftool.c:336: error: ‘REG_NOERROR’ undeclared (first use in this >> function) >> --->8--- >> >> I'll check this too. >> >> >> Thank you! I do actually have a Mac somewhere but just not the >> enthusiasm to get their baroque dev env running. > > Use third party stuff like fink, macports or something like that. Right. I'm using macports, with relatively fresh gcc, arm crosscomp and binutils (one has to install the Xcode Command Line Tools first however). Then I use Xcode as editor only. One known problem with MacOS X is that if the filesystem is not case-sensitive (and by default it is not on factory-formatted Mac boot drives), we may run into some make errors. And making it case-sensitive requires HDD reformatting... Or creating a separate partition... Or buying another drive for development. > >> I had a crack at >> installing pygame and it nearly finished me off. Is there a web page >> somewhere with simple instructions? > > finkproject.org ;) > No, not really something on u-boot or linux dev on Mac. > > Best regards > > Andreas Bießmann > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot > Regards, Lubo
On Thu, Jun 27, 2013 at 10:43:18AM -0700, Simon Glass wrote: > At present mkimage is set up to always build with image signing support. > This means that the SSL libraries (e.g. libssl-dev) are always required. > > Adjust things so that mkimage can be built with and without image signing, > controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file. > > If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning > that signing is not supported. If the option is enabled, but libraries are > not available, then a build error similar to this will be shown: > > lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory > > Signed-off-by: Simon Glass <sjg@chromium.org> Applied to u-boot/master, thanks!
diff --git a/config.mk b/config.mk index 5a91203..81c2584 100644 --- a/config.mk +++ b/config.mk @@ -96,7 +96,6 @@ HOSTCFLAGS += $(call os_x_before, 10, 4, "-traditional-cpp") HOSTLDFLAGS += $(call os_x_before, 10, 5, "-multiply_defined suppress") else HOSTCC = gcc -HOSTLIBS += -lssl -lcrypto endif ifeq ($(HOSTOS),cygwin) @@ -211,6 +210,11 @@ CPPFLAGS += -ffunction-sections -fdata-sections LDFLAGS_FINAL += --gc-sections endif +# TODO(sjg@chromium.org): Is this correct on Mac OS? +ifdef CONFIG_FIT_SIGNATURE +HOSTLIBS += -lssl -lcrypto +endif + ifneq ($(CONFIG_SYS_TEXT_BASE),) CPPFLAGS += -DCONFIG_SYS_TEXT_BASE=$(CONFIG_SYS_TEXT_BASE) endif diff --git a/include/image.h b/include/image.h index 2614918..a7b93db 100644 --- a/include/image.h +++ b/include/image.h @@ -46,9 +46,6 @@ struct lmb; #define CONFIG_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ -/* Support FIT image signing on host */ -#define CONFIG_FIT_SIGNATURE - #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" diff --git a/tools/Makefile b/tools/Makefile index cc912fb..46159b2 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -126,7 +126,7 @@ LIBFDT_OBJ_FILES-y += fdt_strerror.o LIBFDT_OBJ_FILES-y += fdt_wip.o # RSA objects -RSA_OBJ_FILES-y += rsa-sign.o +RSA_OBJ_FILES-$(CONFIG_FIT_SIGNATURE) += rsa-sign.o # Generated LCD/video logo LOGO_H = $(OBJTREE)/include/bmp_logo.h
At present mkimage is set up to always build with image signing support. This means that the SSL libraries (e.g. libssl-dev) are always required. Adjust things so that mkimage can be built with and without image signing, controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file. If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning that signing is not supported. If the option is enabled, but libraries are not available, then a build error similar to this will be shown: lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory Signed-off-by: Simon Glass <sjg@chromium.org> --- config.mk | 6 +++++- include/image.h | 3 --- tools/Makefile | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-)