Message ID | 20220318132427.48737-4-clement.leger@bootlin.com |
---|---|
State | Accepted |
Headers | show |
Series | boot/optee-os: support new optee-os 3.16.0 build dependencies | expand |
Clément, All, On 2022-03-18 14:24 +0100, Clément Léger spake thusly: > Newer version of optee-os (>= 3.16) uses python-cryptography instead of > python-pycryptodomex in python scripts. Add support to build these > newer versions by adding a new > BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY option which will > select host-python-cryptography dependency when building optee-os. > > Acked-by: Etienne Carriere <etienne.carriere@linaro.org> > Signed-off-by: Clément Léger <clement.leger@bootlin.com> > --- > boot/optee-os/Config.in | 9 +++++++++ > boot/optee-os/optee-os.mk | 8 +++++++- > 2 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in > index ea16550b72..02b5d7c86f 100644 > --- a/boot/optee-os/Config.in > +++ b/boot/optee-os/Config.in > @@ -1,6 +1,7 @@ > config BR2_TARGET_OPTEE_OS > bool "optee_os" > depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A > + depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS That's wrong: 3.15.0 still does not need host-python-cryptography. Furthermore, even after we bump to 3.16.0, since we can choose an arbitrary git tree at an arbitrary commit, it is still possible to point to a version of optee-os that does not require it either. So, that dependency only really belongs... > help > OP-TEE OS provides the secure world boot image and the trust > application development kit of the OP-TEE project. OP-TEE OS > @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC > Select this option if your OP-TEE OS platform configuration > requires the Device Tree compiler to be available. > > +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY > + bool "OP-TEE OS needs host-python-cryptography" ... here. Applied to master with this fixed, mraou. Regards, Yann E. MORIN. > + help > + OP-TEE OS version below 3.16 used python-pycryptodomex > + package in python scripts. Newer version uses > + python-cryptography. Select this option if optee-os needs > + python-cryptography to be built. > + > config BR2_TARGET_OPTEE_OS_CORE > bool "Build core" > default y > diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk > index 9f76d8450e..5313a1badc 100644 > --- a/boot/optee-os/optee-os.mk > +++ b/boot/optee-os/optee-os.mk > @@ -21,7 +21,13 @@ else > OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION)) > endif > > -OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pycryptodomex host-python-pyelftools > +OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pyelftools > + > +ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY),y) > +OPTEE_OS_DEPENDENCIES += host-python-cryptography > +else > +OPTEE_OS_DEPENDENCIES += host-python-pycryptodomex > +endif > > ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_DTC),y) > OPTEE_OS_DEPENDENCIES += host-dtc > -- > 2.34.1 >
On Fri, 18 Mar 2022 23:32:21 +0100 "Yann E. MORIN" <yann.morin.1998@free.fr> wrote: > > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in > > index ea16550b72..02b5d7c86f 100644 > > --- a/boot/optee-os/Config.in > > +++ b/boot/optee-os/Config.in > > @@ -1,6 +1,7 @@ > > config BR2_TARGET_OPTEE_OS > > bool "optee_os" > > depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A > > + depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS > > That's wrong: 3.15.0 still does not need host-python-cryptography. > > Furthermore, even after we bump to 3.16.0, since we can choose an > arbitrary git tree at an arbitrary commit, it is still possible to > point to a version of optee-os that does not require it either. > > So, that dependency only really belongs... > > > help > > OP-TEE OS provides the secure world boot image and the trust > > application development kit of the OP-TEE project. OP-TEE OS > > @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC > > Select this option if your OP-TEE OS platform configuration > > requires the Device Tree compiler to be available. > > > > +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY > > + bool "OP-TEE OS needs host-python-cryptography" > > ... here. Yes and no. Because as soon as the BR2_TARGET_OPTEE_OS_LATEST gets bumped to 3.16.0, then our default selection for OP-TEE (unless you chose a custom Git version) will require python-cryptography. So to keep things simple, I asked Clément to add this dependency to the whole package. Thomas
Thomas, All, On 2022-03-19 10:17 +0100, Thomas Petazzoni spake thusly: > On Fri, 18 Mar 2022 23:32:21 +0100 > "Yann E. MORIN" <yann.morin.1998@free.fr> wrote: > > > > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in > > > index ea16550b72..02b5d7c86f 100644 > > > --- a/boot/optee-os/Config.in > > > +++ b/boot/optee-os/Config.in > > > @@ -1,6 +1,7 @@ > > > config BR2_TARGET_OPTEE_OS > > > bool "optee_os" > > > depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A > > > + depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS > > > > That's wrong: 3.15.0 still does not need host-python-cryptography. > > > > Furthermore, even after we bump to 3.16.0, since we can choose an > > arbitrary git tree at an arbitrary commit, it is still possible to > > point to a version of optee-os that does not require it either. > > > > So, that dependency only really belongs... > > > > > help > > > OP-TEE OS provides the secure world boot image and the trust > > > application development kit of the OP-TEE project. OP-TEE OS > > > @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC > > > Select this option if your OP-TEE OS platform configuration > > > requires the Device Tree compiler to be available. > > > > > > +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY > > > + bool "OP-TEE OS needs host-python-cryptography" > > > > ... here. > > Yes and no. Because as soon as the BR2_TARGET_OPTEE_OS_LATEST gets > bumped to 3.16.0, then our default selection for OP-TEE (unless you > chose a custom Git version) will require python-cryptography. So to > keep things simple, I asked Clément to add this dependency to the > whole package. But that's the point: you can still choose a custom git tree that points to an earlier, pre-3.16.0 tree, which will still be buildable without pytho-cryptography. But yes, you got a point: I forgot to guard the default clause in the choice, with the same dependency. I'll submit a patch. Regards, Yann E. MORIN.
diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in index ea16550b72..02b5d7c86f 100644 --- a/boot/optee-os/Config.in +++ b/boot/optee-os/Config.in @@ -1,6 +1,7 @@ config BR2_TARGET_OPTEE_OS bool "optee_os" depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A + depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS help OP-TEE OS provides the secure world boot image and the trust application development kit of the OP-TEE project. OP-TEE OS @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC Select this option if your OP-TEE OS platform configuration requires the Device Tree compiler to be available. +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY + bool "OP-TEE OS needs host-python-cryptography" + help + OP-TEE OS version below 3.16 used python-pycryptodomex + package in python scripts. Newer version uses + python-cryptography. Select this option if optee-os needs + python-cryptography to be built. + config BR2_TARGET_OPTEE_OS_CORE bool "Build core" default y diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk index 9f76d8450e..5313a1badc 100644 --- a/boot/optee-os/optee-os.mk +++ b/boot/optee-os/optee-os.mk @@ -21,7 +21,13 @@ else OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION)) endif -OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pycryptodomex host-python-pyelftools +OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pyelftools + +ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY),y) +OPTEE_OS_DEPENDENCIES += host-python-cryptography +else +OPTEE_OS_DEPENDENCIES += host-python-pycryptodomex +endif ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_DTC),y) OPTEE_OS_DEPENDENCIES += host-dtc