diff mbox series

[v5,3/8] boot/optee-os: add support to build with python-cryptography

Message ID 20220318132427.48737-4-clement.leger@bootlin.com
State Accepted
Headers show
Series boot/optee-os: support new optee-os 3.16.0 build dependencies | expand

Commit Message

Clément Léger March 18, 2022, 1:24 p.m. UTC
Newer version of optee-os (>= 3.16) uses python-cryptography instead of
python-pycryptodomex in python scripts. Add support to build these
newer versions by adding a new
BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY option which will
select host-python-cryptography dependency when building optee-os.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
---
 boot/optee-os/Config.in   | 9 +++++++++
 boot/optee-os/optee-os.mk | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

Comments

Yann E. MORIN March 18, 2022, 10:32 p.m. UTC | #1
Clément, All,

On 2022-03-18 14:24 +0100, Clément Léger spake thusly:
> Newer version of optee-os (>= 3.16) uses python-cryptography instead of
> python-pycryptodomex in python scripts. Add support to build these
> newer versions by adding a new
> BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY option which will
> select host-python-cryptography dependency when building optee-os.
> 
> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
> Signed-off-by: Clément Léger <clement.leger@bootlin.com>
> ---
>  boot/optee-os/Config.in   | 9 +++++++++
>  boot/optee-os/optee-os.mk | 8 +++++++-
>  2 files changed, 16 insertions(+), 1 deletion(-)
> 
> diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
> index ea16550b72..02b5d7c86f 100644
> --- a/boot/optee-os/Config.in
> +++ b/boot/optee-os/Config.in
> @@ -1,6 +1,7 @@
>  config BR2_TARGET_OPTEE_OS
>  	bool "optee_os"
>  	depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A
> +	depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS

That's wrong: 3.15.0 still does not need host-python-cryptography.

Furthermore, even after we bump to 3.16.0, since we can choose an
arbitrary git tree at an arbitrary commit, it is still possible to
point to a version of optee-os that does not require it either.

So, that dependency only really belongs...

>  	help
>  	  OP-TEE OS provides the secure world boot image and the trust
>  	  application development kit of the OP-TEE project. OP-TEE OS
> @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC
>  	  Select this option if your OP-TEE OS platform configuration
>  	  requires the Device Tree compiler to be available.
>  
> +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY
> +	bool "OP-TEE OS needs host-python-cryptography"

... here.

Applied to master with this fixed, mraou.

Regards,
Yann E. MORIN.

> +	help
> +	  OP-TEE OS version below 3.16 used python-pycryptodomex
> +	  package in python scripts. Newer version uses
> +	  python-cryptography. Select this option if optee-os needs
> +	  python-cryptography to be built.
> +
>  config BR2_TARGET_OPTEE_OS_CORE
>  	bool "Build core"
>  	default y
> diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk
> index 9f76d8450e..5313a1badc 100644
> --- a/boot/optee-os/optee-os.mk
> +++ b/boot/optee-os/optee-os.mk
> @@ -21,7 +21,13 @@ else
>  OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION))
>  endif
>  
> -OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pycryptodomex host-python-pyelftools
> +OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pyelftools
> +
> +ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY),y)
> +OPTEE_OS_DEPENDENCIES += host-python-cryptography
> +else
> +OPTEE_OS_DEPENDENCIES += host-python-pycryptodomex
> +endif
>  
>  ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_DTC),y)
>  OPTEE_OS_DEPENDENCIES += host-dtc
> -- 
> 2.34.1
>
Thomas Petazzoni March 19, 2022, 9:17 a.m. UTC | #2
On Fri, 18 Mar 2022 23:32:21 +0100
"Yann E. MORIN" <yann.morin.1998@free.fr> wrote:

> > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
> > index ea16550b72..02b5d7c86f 100644
> > --- a/boot/optee-os/Config.in
> > +++ b/boot/optee-os/Config.in
> > @@ -1,6 +1,7 @@
> >  config BR2_TARGET_OPTEE_OS
> >  	bool "optee_os"
> >  	depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A
> > +	depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS  
> 
> That's wrong: 3.15.0 still does not need host-python-cryptography.
> 
> Furthermore, even after we bump to 3.16.0, since we can choose an
> arbitrary git tree at an arbitrary commit, it is still possible to
> point to a version of optee-os that does not require it either.
> 
> So, that dependency only really belongs...
> 
> >  	help
> >  	  OP-TEE OS provides the secure world boot image and the trust
> >  	  application development kit of the OP-TEE project. OP-TEE OS
> > @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC
> >  	  Select this option if your OP-TEE OS platform configuration
> >  	  requires the Device Tree compiler to be available.
> >  
> > +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY
> > +	bool "OP-TEE OS needs host-python-cryptography"  
> 
> ... here.

Yes and no. Because as soon as the BR2_TARGET_OPTEE_OS_LATEST gets
bumped to 3.16.0, then our default selection for OP-TEE (unless you
chose a custom Git version) will require python-cryptography. So to
keep things simple, I asked Clément to add this dependency to the
whole package.

Thomas
Yann E. MORIN March 19, 2022, 9:46 a.m. UTC | #3
Thomas, All,

On 2022-03-19 10:17 +0100, Thomas Petazzoni spake thusly:
> On Fri, 18 Mar 2022 23:32:21 +0100
> "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> 
> > > diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
> > > index ea16550b72..02b5d7c86f 100644
> > > --- a/boot/optee-os/Config.in
> > > +++ b/boot/optee-os/Config.in
> > > @@ -1,6 +1,7 @@
> > >  config BR2_TARGET_OPTEE_OS
> > >  	bool "optee_os"
> > >  	depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A
> > > +	depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS  
> > 
> > That's wrong: 3.15.0 still does not need host-python-cryptography.
> > 
> > Furthermore, even after we bump to 3.16.0, since we can choose an
> > arbitrary git tree at an arbitrary commit, it is still possible to
> > point to a version of optee-os that does not require it either.
> > 
> > So, that dependency only really belongs...
> > 
> > >  	help
> > >  	  OP-TEE OS provides the secure world boot image and the trust
> > >  	  application development kit of the OP-TEE project. OP-TEE OS
> > > @@ -61,6 +62,14 @@ config BR2_TARGET_OPTEE_OS_NEEDS_DTC
> > >  	  Select this option if your OP-TEE OS platform configuration
> > >  	  requires the Device Tree compiler to be available.
> > >  
> > > +config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY
> > > +	bool "OP-TEE OS needs host-python-cryptography"  
> > 
> > ... here.
> 
> Yes and no. Because as soon as the BR2_TARGET_OPTEE_OS_LATEST gets
> bumped to 3.16.0, then our default selection for OP-TEE (unless you
> chose a custom Git version) will require python-cryptography. So to
> keep things simple, I asked Clément to add this dependency to the
> whole package.

But that's the point: you can still choose a custom git tree that points
to an earlier, pre-3.16.0 tree, which will still be buildable without
pytho-cryptography.

But yes, you got a point: I forgot to guard the default clause in the
choice, with the same dependency. I'll submit a patch.

Regards,
Yann E. MORIN.
diff mbox series

Patch

diff --git a/boot/optee-os/Config.in b/boot/optee-os/Config.in
index ea16550b72..02b5d7c86f 100644
--- a/boot/optee-os/Config.in
+++ b/boot/optee-os/Config.in
@@ -1,6 +1,7 @@ 
 config BR2_TARGET_OPTEE_OS
 	bool "optee_os"
 	depends on BR2_ARM_CPU_ARMV8A || BR2_ARM_CPU_ARMV7A
+	depends on BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS
 	help
 	  OP-TEE OS provides the secure world boot image and the trust
 	  application development kit of the OP-TEE project. OP-TEE OS
@@ -61,6 +62,14 @@  config BR2_TARGET_OPTEE_OS_NEEDS_DTC
 	  Select this option if your OP-TEE OS platform configuration
 	  requires the Device Tree compiler to be available.
 
+config BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY
+	bool "OP-TEE OS needs host-python-cryptography"
+	help
+	  OP-TEE OS version below 3.16 used python-pycryptodomex
+	  package in python scripts. Newer version uses
+	  python-cryptography. Select this option if optee-os needs
+	  python-cryptography to be built.
+
 config BR2_TARGET_OPTEE_OS_CORE
 	bool "Build core"
 	default y
diff --git a/boot/optee-os/optee-os.mk b/boot/optee-os/optee-os.mk
index 9f76d8450e..5313a1badc 100644
--- a/boot/optee-os/optee-os.mk
+++ b/boot/optee-os/optee-os.mk
@@ -21,7 +21,13 @@  else
 OPTEE_OS_SITE = $(call github,OP-TEE,optee_os,$(OPTEE_OS_VERSION))
 endif
 
-OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pycryptodomex host-python-pyelftools
+OPTEE_OS_DEPENDENCIES = host-openssl host-python3 host-python-pyelftools
+
+ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_PYTHON_CRYPTOGRAPHY),y)
+OPTEE_OS_DEPENDENCIES += host-python-cryptography
+else
+OPTEE_OS_DEPENDENCIES += host-python-pycryptodomex
+endif
 
 ifeq ($(BR2_TARGET_OPTEE_OS_NEEDS_DTC),y)
 OPTEE_OS_DEPENDENCIES += host-dtc