Package: guix-patches;
Reported by: Herman Rimm <herman <at> rimm.ee>
Date: Mon, 1 Apr 2024 20:21:02 UTC
Severity: normal
Tags: patch
Done: Vagrant Cascadian <vagrant <at> debian.org>
Bug is archived. No further changes may be made.
Message #89 received at 70131 <at> debbugs.gnu.org (full text, mbox):
From: Herman Rimm <herman <at> rimm.ee> To: 70131 <at> debbugs.gnu.org Subject: [PATCH v3 2/6] gnu: u-boot: Update to 2024.10. Date: Fri, 13 Dec 2024 20:58:30 +0100
* gnu/packages/bootloaders.scm (u-boot): Update to 2024.10.
[source]: Remove build-without-libcrypto patch. Use git-fetch.
(%u-boot-build-without-libcrypto-patch): Remove variable.
(u-boot-tools)[arguments]: Enable test_spl. Disable sandbox tests and
kwbimage.
(python-u-boot-pylib)[arguments]: Add phase to fix build file.
(make-u-boot-package)[arguments]: Disable kwbimage.
(u-boot-sandbox): Only keep CONFIG_FIT_CIPHER disabled.
[inputs]: Add efitools.
(u-boot-rockpro64-rk3399): Replace CONFIG_DM_SCSI with CONFIG_SCSI.
* gnu/packages/patches/u-boot-build-without-libcrypto.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove patch.
Change-Id: I07cb0df0431ed45af0beb05105ae948136dd9eb3
---
gnu/local.mk | 1 -
gnu/packages/bootloaders.scm | 66 +++++-----
.../u-boot-build-without-libcrypto.patch | 123 ------------------
3 files changed, 32 insertions(+), 158 deletions(-)
delete mode 100644 gnu/packages/patches/u-boot-build-without-libcrypto.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 14b8c6932e..ace19eb8a4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2274,7 +2274,6 @@ dist_patch_DATA = \
%D%/packages/patches/tuxpaint-stamps-path.patch \
%D%/packages/patches/twinkle-bcg729.patch \
%D%/packages/patches/u-boot-allow-disabling-openssl.patch \
- %D%/packages/patches/u-boot-build-without-libcrypto.patch \
%D%/packages/patches/u-boot-nintendo-nes-serial.patch \
%D%/packages/patches/u-boot-rockchip-inno-usb.patch \
%D%/packages/patches/ucx-tcp-iface-ioctl.patch \
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index db2cfd1131..584a285c61 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -54,6 +54,7 @@ (define-module (gnu packages bootloaders)
#:use-module (gnu packages gcc)
#:use-module (gnu packages gettext)
#:use-module (gnu packages guile)
+ #:use-module (gnu packages efi)
#:use-module (gnu packages linux)
#:use-module (gnu packages llvm)
#:use-module (gnu packages man)
@@ -754,26 +755,22 @@ (define %u-boot-allow-disabling-openssl-patch
;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html
(search-patch "u-boot-allow-disabling-openssl.patch"))
-(define %u-boot-build-without-libcrypto-patch
- ;; Upstream commit to fix Amlogic builds in u-boot 2024.01.
- (search-patch "u-boot-build-without-libcrypto.patch"))
-
(define u-boot
(package
(name "u-boot")
- (version "2024.01")
+ (version "2024.10")
(source (origin
(patches
(list %u-boot-rockchip-inno-usb-patch
- %u-boot-build-without-libcrypto-patch
%u-boot-allow-disabling-openssl-patch))
- (method url-fetch)
- (uri (string-append
- "https://ftp.denx.de/pub/u-boot/"
- "u-boot-" version ".tar.bz2"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://source.denx.de/u-boot/u-boot.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
(sha256
(base32
- "1czmpszalc6b8cj9j7q6cxcy19lnijv3916w3dag6yr3xpqi35mr"))))
+ "0yrhb0izihv47p781dc4cp0znc5g225ayl7anz23c6jdrmfbpz2h"))))
(build-system gnu-build-system)
(native-inputs
(list bison
@@ -870,9 +867,11 @@ (define-public u-boot-tools
(("\\./tools/patman/patman") (which "true"))
;; FIXME: test fails, needs further investiation
(("run_test \"binman\"") "# run_test \"binman\"")
- ;; FIXME: test_spl fails, needs further investiation
- (("test_ofplatdata or test_handoff or test_spl")
- "test_ofplatdata or test_handoff")
+ ;; FIXME: tests fail without kwbimage, i.e. openssl.
+ (("run_test \"sandbox_noinst\"")
+ "# run_test \"sandbox_noinst\"")
+ (("run_test \"sandbox_vpl\"")
+ "# run_test \"sandbox_vpl\"")
;; FIXME: code coverage not working
(("run_test \"binman code coverage\"")
"# run_test \"binman code coverage\"")
@@ -895,14 +894,16 @@ (define-public u-boot-tools
(("CONFIG_FIT_SIGNATURE=y")
"CONFIG_FIT_SIGNATURE=n
CONFIG_UT_LIB_ASN1=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
;; Catch instances of implied CONFIG_FIG_SIGNATURE
;; with VPL targets
(("CONFIG_SANDBOX_VPL=y")
"CONFIG_SANDBOX_VPL=y
CONFIG_FIT_SIGNATURE=n
CONFIG_VPL_FIT_SIGNATURE=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
;; This test requires a sound system, which is un-used
;; in u-boot-tools.
(("CONFIG_SOUND=y") "CONFIG_SOUND=n")))
@@ -968,6 +969,13 @@ (define-public python-u-boot-pylib
(add-after 'unpack 'chdir
(lambda _
(chdir "tools/u_boot_pylib")))
+ (add-after 'chdir 'list-package
+ (lambda _
+ (let ((port (open-file "pyproject.toml" "a")))
+ (display "[tool.setuptools.packages.find]\n" port)
+ (display "where = [\"..\"]\n" port)
+ (display "include = [\"u_boot_pylib*\"]" port)
+ (close-port port))))
(replace 'check
(lambda* (#:key tests? #:allow-other-keys)
(when tests?
@@ -1114,7 +1122,8 @@ (define*-public (make-u-boot-package board triplet
(lambda _
(substitute* ".config"
(("CONFIG_TOOLS_LIBCRYPTO=.*$")
- "CONFIG_TOOLS_LIBCRYPTO=n"))))
+ "CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n"))))
(replace 'install
(lambda _
(let ((libexec (string-append #$output "/libexec"))
@@ -1322,21 +1331,10 @@ (define-public u-boot-qemu-riscv64-smode
(define-public u-boot-sandbox
(let ((base (make-u-boot-package
"sandbox" #f ;build for the native system
- ;; Disable CONFIG_TOOLS_LIBCRYPTO, CONFIG_FIT_SIGNATURE and
- ;; CONFIG_FIT_CIPHER and their selectors as these features
- ;; require OpenSSL, which is incompatible with the GPLv2-only
- ;; parts of U-boot. The options below replicate the changes
- ;; that disabling the above features in 'make menuconfig' then
- ;; refreshing the defconfig with 'make savedefconfig' would do.
- #:configs (list "# CONFIG_FIT_RSASSA_PSS is not set"
- "# CONFIG_FIT_CIPHER is not set"
- "# CONFIG_LEGACY_IMAGE_FORMAT is not set"
- "# CONFIG_IMAGE_PRE_LOAD is not set"
- "# CONFIG_IMAGE_PRE_LOAD_SIG is not set"
- "# CONFIG_CMD_BOOTM_PRE_LOAD is not set"
- "CONFIG_RSA=y"
- "# CONFIG_EFI_SECURE_BOOT is not set"
- "# CONFIG_TOOLS_LIBCRYPTO is not set")
+ ;; These disabled features require OpenSSL, which is
+ ;; incompatible with the GPLv2-only parts of U-boot.
+ #:configs (map (cut string-append "# CONFIG_" <> " is not set")
+ '("FIT_CIPHER"))
#:append-description
"The sandbox configuration of U-Boot provides a
@command{u-boot} command that runs as a normal user space application. It can
@@ -1356,8 +1354,9 @@ (define-public u-boot-sandbox
(mkdir (string-append #$output "/bin"))
(symlink (search-input-file outputs "libexec/u-boot")
(string-append #$output "/bin/u-boot"))))))))
+ ;; cert-to-efi-sig-list from efitools creates the EFI capsule ESL.
(inputs (modify-inputs (package-inputs base)
- (append sdl2))))))
+ (append efitools sdl2))))))
(define-public u-boot-sifive-unleashed
(let ((base (make-u-boot-package "sifive_unleashed" "riscv64-linux-gnu")))
@@ -1457,7 +1456,6 @@ (define-public u-boot-rockpro64-rk3399
"CONFIG_SATA_SIL=y"
"CONFIG_SCSI=y"
"CONFIG_SCSI_AHCI=y"
- "CONFIG_DM_SCSI=y"
;; Disable SPL FIT signatures,
;; due to GPLv2 and Openssl
;; license incompatibilities
diff --git a/gnu/packages/patches/u-boot-build-without-libcrypto.patch b/gnu/packages/patches/u-boot-build-without-libcrypto.patch
deleted file mode 100644
index d56588941c..0000000000
--- a/gnu/packages/patches/u-boot-build-without-libcrypto.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001
-From: Paul-Erwan Rio <paulerwan.rio <at> gmail.com>
-Date: Thu, 21 Dec 2023 08:26:11 +0100
-Subject: [PATCH] tools: fix build without LIBCRYPTO support
-
-Commit cb9faa6f98ae ("tools: Use a single target-independent config to
-enable OpenSSL") introduced a target-independent configuration to build
-crypto features in host tools.
-
-But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
-host tools and SPL") the build without OpenSSL is broken, due to FIT
-signature/encryption features. Add missing conditional compilation
-tokens to fix this.
-
-Signed-off-by: Paul-Erwan Rio <paulerwan.rio <at> gmail.com>
-Tested-by: Alexander Dahl <ada <at> thorsis.com>
-Cc: Simon Glass <sjg <at> chromium.org>
-Reviewed-by: Tom Rini <trini <at> konsulko.com>
-Reviewed-by: Simon Glass <sjg <at> chromium.org>
----
- include/image.h | 2 +-
- tools/Kconfig | 1 +
- tools/fit_image.c | 2 +-
- tools/image-host.c | 4 ++++
- tools/mkimage.c | 5 +++--
- 5 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/include/image.h b/include/image.h
-index 432ec927b1..21de70f0c9 100644
---- a/include/image.h
-+++ b/include/image.h
-@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
- * device
- */
- #if defined(USE_HOSTCC)
--# if defined(CONFIG_FIT_SIGNATURE)
-+# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- # define IMAGE_ENABLE_SIGN 1
- # define FIT_IMAGE_ENABLE_VERIFY 1
- # include <openssl/evp.h>
-diff --git a/tools/Kconfig b/tools/Kconfig
-index f8632cd59d..f01ed783e6 100644
---- a/tools/Kconfig
-+++ b/tools/Kconfig
-@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS
- Support the rsassa-pss signature scheme in the tools builds
-
- config TOOLS_FIT_SIGNATURE
-+ depends on TOOLS_LIBCRYPTO
- def_bool y
- help
- Enable signature verification of FIT uImages in the tools builds
-diff --git a/tools/fit_image.c b/tools/fit_image.c
-index 71e031c855..beef1fa86e 100644
---- a/tools/fit_image.c
-+++ b/tools/fit_image.c
-@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
- ret = fit_set_timestamp(ptr, 0, time);
- }
-
-- if (!ret)
-+ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
- ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
-
- if (!ret) {
-diff --git a/tools/image-host.c b/tools/image-host.c
-index ca4950312f..90bc9f905f 100644
---- a/tools/image-host.c
-+++ b/tools/image-host.c
-@@ -14,8 +14,10 @@
- #include <image.h>
- #include <version.h>
-
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- #include <openssl/pem.h>
- #include <openssl/evp.h>
-+#endif
-
- /**
- * fit_set_hash_value - set hash value in requested has node
-@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir,
- return 0;
- }
-
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- /*
- * 0) open file (open)
- * 1) read certificate (PEM_read_X509)
-@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
- out:
- return ret;
- }
-+#endif
-
- int fit_cipher_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys,
-diff --git a/tools/mkimage.c b/tools/mkimage.c
-index 6dfe3e1d42..ac62ebbde9 100644
---- a/tools/mkimage.c
-+++ b/tools/mkimage.c
-@@ -115,7 +115,7 @@ static void usage(const char *msg)
- " -B => align size in hex for FIT structure and header\n"
- " -b => append the device tree binary to the FIT\n"
- " -t => update the timestamp in the FIT\n");
--#ifdef CONFIG_FIT_SIGNATURE
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- fprintf(stderr,
- "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
- " -k => set directory containing private keys\n"
-@@ -130,8 +130,9 @@ static void usage(const char *msg)
- " -o => algorithm to use for signing\n");
- #else
- fprintf(stderr,
-- "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
-+ "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n");
- #endif
-+
- fprintf(stderr, " %s -V ==> print version information and exit\n",
- params.cmdname);
- fprintf(stderr, "Use '-T list' to see a list of available image types\n");
---
-2.41.0
-
--
2.45.2
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.