Message ID | 20181109234640.18735-1-tpiepho@impinj.com |
---|---|
State | Superseded |
Headers | show |
Series | libp11: Add new package for OpenSSL PKCS#11 engine | expand |
On Fri, 2018-11-09 at 23:47 +0000, Trent Piepho wrote: > Library for using PKCS#11, which includes an engine for OpenSSL that > lets it use PKCS#11 modules. Which is really what this package is > about, not that libp11 library itself, which has no users outside the of > OpenSSL engine. > > +LIBP11_VERSION = 0.4.9 > +LIBP11_SITE = https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOpenSC%2Flibp11%2Freleases%2Fdownload%2Flibp11-%24(LIBP11_VERSION&data=02%7C01%7Ctpiepho%40impinj.com%7Cbd8de140ec3244b8c42108d6469dc209%7C6de70f0f73574529a415d8cbb7e93e5e%7C0%7C0%7C636774040745907586&sdata=IYhav3gbZ4QzBNDl%2BOxKLKP7R%2F9YysTtBH38oFcvs1w%3D&reserved=0) > +LIBP11_DEPENDENCIES = openssl > +LIBP11_INSTALL_STAGING = YES > +LIBP11_LICENSE = LGPLv2.1 > +LIBP11_LICENSE_FILES = COPYING > + > +ifeq ($(BR2_PACKAGE_P11_KIT),y) > +LIBP11_CONF_OPTS += --with-pkcs11-module=/usr/lib/p11-kit-proxy.so > +endif Forgot to add: HOST_LIBP11_DEPENDENCIES = host-openssl > + > +$(eval $(autotools-package)) > +$(eval $(host-autotools-package))
diff --git a/package/Config.in b/package/Config.in index fd86e37a52..4ed8a82fa4 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1162,6 +1162,7 @@ menu "Crypto" source "package/libmcrypt/Config.in" source "package/libmhash/Config.in" source "package/libnss/Config.in" + source "package/libp11/Config.in" source "package/libscrypt/Config.in" source "package/libsecret/Config.in" source "package/libsha1/Config.in" diff --git a/package/Config.in.host b/package/Config.in.host index 28ae8c3ac7..c528f6bd44 100644 --- a/package/Config.in.host +++ b/package/Config.in.host @@ -30,6 +30,7 @@ menu "Host utilities" source "package/imx-usb-loader/Config.in.host" source "package/jq/Config.in.host" source "package/jsmin/Config.in.host" + source "package/libp11/Config.in.host" source "package/lpc3250loader/Config.in.host" source "package/lttng-babeltrace/Config.in.host" source "package/mfgtools/Config.in.host" diff --git a/package/libp11/Config.in b/package/libp11/Config.in new file mode 100644 index 0000000000..0b9a739db3 --- /dev/null +++ b/package/libp11/Config.in @@ -0,0 +1,7 @@ +config BR2_PACKAGE_LIBP11 + bool "libp11" + select BR2_PACKAGE_OPENSSL + help + OpenSSL engine for PKCS#11 modules. Part of the OpenSC project. + + https://github.com/OpenSC/OpenSC/wiki diff --git a/package/libp11/Config.in.host b/package/libp11/Config.in.host new file mode 100644 index 0000000000..ccc171025a --- /dev/null +++ b/package/libp11/Config.in.host @@ -0,0 +1,6 @@ +config BR2_PACKAGE_HOST_LIBP11 + bool "host libp11" + help + OpenSSL engine for PKCS#11 modules. Part of the OpenSC project. + + https://github.com/OpenSC/OpenSC/wiki diff --git a/package/libp11/libp11.hash b/package/libp11/libp11.hash new file mode 100644 index 0000000000..01cea6466b --- /dev/null +++ b/package/libp11/libp11.hash @@ -0,0 +1,3 @@ +# Locally computed: +sha256 9d1c76d74c21ca224f96204982097ebc6b956f645b2b0b5f9c502a20e9ffcfd8 libp11-0.4.9.tar.gz +sha256 d80c9d084ebfb50ea1ed91bfbc2410d6ce542097a32c43b00781b83adcb8c77f COPYING diff --git a/package/libp11/libp11.mk b/package/libp11/libp11.mk new file mode 100644 index 0000000000..a720b1c629 --- /dev/null +++ b/package/libp11/libp11.mk @@ -0,0 +1,19 @@ +################################################################################ +# +# libp11 +# +################################################################################ + +LIBP11_VERSION = 0.4.9 +LIBP11_SITE = https://github.com/OpenSC/libp11/releases/download/libp11-$(LIBP11_VERSION) +LIBP11_DEPENDENCIES = openssl +LIBP11_INSTALL_STAGING = YES +LIBP11_LICENSE = LGPLv2.1 +LIBP11_LICENSE_FILES = COPYING + +ifeq ($(BR2_PACKAGE_P11_KIT),y) +LIBP11_CONF_OPTS += --with-pkcs11-module=/usr/lib/p11-kit-proxy.so +endif + +$(eval $(autotools-package)) +$(eval $(host-autotools-package))
Library for using PKCS#11, which includes an engine for OpenSSL that lets it use PKCS#11 modules. Which is really what this package is about, not that libp11 library itself, which has no users outside the of OpenSSL engine. If p11-kit is enabled, configure the engine to use that as the default PKCS#11 module. That module is a sort of multiplexer that allows multiple modules to be used at once, so it makes sense to use it even if there are other modules present, e.g. softhsm2, nssckbi, pkcs11-proxy, ykcs11, etc. A host package is created too, with a host configuration option. Since this a dynamically loaded module, there is no build time reason to select it from a host package. It could be used by host openssl, to allow host rauc to sign a software update bundle using a key from a HSM with a PKCS#11 interface. Signed-off-by: Trent Piepho <tpiepho@impinj.com> --- package/Config.in | 1 + package/Config.in.host | 1 + package/libp11/Config.in | 7 +++++++ package/libp11/Config.in.host | 6 ++++++ package/libp11/libp11.hash | 3 +++ package/libp11/libp11.mk | 19 +++++++++++++++++++ 6 files changed, 37 insertions(+) create mode 100644 package/libp11/Config.in create mode 100644 package/libp11/Config.in.host create mode 100644 package/libp11/libp11.hash create mode 100644 package/libp11/libp11.mk