Skip to content

Wolfprovider: enable replace-default builds and other cleanup #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Wolfprovider: enable replace-default builds and other cleanup #108

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions conf/layer.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ BBFILES += "${@bb.utils.contains('IMAGE_INSTALL', \
# Uncomment if building OpenSSH with wolfSSL.
#BBFILES += "${LAYERDIR}/recipes-connectivity/openssh/*.bbappend"

# Uncomment if building OpenSSL with wolfProvider.
BBFILES += "${LAYERDIR}/recipes-connectivity/openssl/*.bbappend"

# Uncomment if building rsyslog with wolfSSL.
#BBFILES += "${LAYERDIR}/recipes-extended/rsyslog/*.bbappend"

Expand Down
39 changes: 39 additions & 0 deletions recipes-connectivity/openssl/openssl_%.bbappend
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# OpenSSL target-only tweaks
do_configure:prepend:class-target () {
set -eu

# Be explicit about where we are
echo "TARGET do_configure prepend: S='${S}', B='${B}'"

vfile="${S}/VERSION.dat"

# Sanity check: VERSION.dat must exist at the top of the OpenSSL tree
if [ ! -f $vfile ]; then
echo "ERROR: $vfile not found in ${S}" >&2
exit 1
fi

echo "Injecting BUILD_METADATA into VERSION.dat (target only)"
sed -i 's/^BUILD_METADATA=.*/BUILD_METADATA=wolfProvider/' $vfile

# Optional FIPS tag based on image features
if echo "${IMAGE_FEATURES}" | grep -qw "fips"; then
sed -i 's/^BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-fips/' $vfile
fi
}

# Ensure provider is present on TARGET runtime (doesn't touch -native/-nativesdk)
RDEPENDS:libcrypto3:append:class-target = " wolfprovider"

# Bring in/Apply your replace-default patch (target only)
SRC_URI:append:class-target = " \
git://github.com/wolfSSL/wolfProvider.git;protocol=https;nobranch=1;rev=v1.1.0;destsuffix=git/wolfProvider \
"

python do_patch:append:class-target () {
import os, subprocess
s = d.getVar("S")
patch_path = os.path.join(d.getVar("WORKDIR"), "git/wolfProvider/patches/openssl3-replace-default.patch")
bb.note(f"Applying wolfProvider patch (target only): {patch_path}")
subprocess.run(["patch", "-d", s, "-p1", "-i", patch_path], check=True)
}
24 changes: 21 additions & 3 deletions ...olfssl/wolfprovider/wolfprovider_1.0.2.bb → ...olfssl/wolfprovider/wolfprovider_1.1.0.bb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
SUMMARY = "wolfProvider is a Proivder designed for Openssl 3.X.X"
DESCRIPTION = "wolfProvider is a library that can be used as an Provider in OpenSSL"
SUMMARY = "wolfProvider is a Provider designed for Openssl 3.X.X"
DESCRIPTION = "wolfProvider is a crypto backend interface for use as an OpenSSL Provider"
HOMEPAGE = "https://github.com/wolfSSL/wolfProvider"
BUGTRACKER = "https://github.com/wolfSSL/wolfProvider/issues"
SECTION = "libs"
Expand All @@ -10,7 +10,7 @@ DEPENDS += "util-linux-native"
PROVIDES += "wolfprovider"
RPROVIDES_${PN} = "wolfprovider"

SRC_URI = "git://github.com/wolfssl/wolfProvider.git;nobranch=1;protocol=https;rev=22f358498eadb4f91b2ce8d23045dafec6bcbb38"
SRC_URI = "git://github.com/wolfssl/wolfProvider.git;nobranch=1;protocol=https;rev=v1.1.0"

DEPENDS += " wolfssl \
openssl \
Expand All @@ -37,3 +37,21 @@ CFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
CXXFLAGS += " -I${S}/include -g0 -O2 -ffile-prefix-map=${WORKDIR}=."
LDFLAGS += " -Wl,--build-id=none"
EXTRA_OECONF += " --with-openssl=${OPENSSL_YOCTO_DIR}"

# create the symlink inside the image staging area
do_install:append() {
install -d ${D}${libdir}
ln -sf libwolfprov.so.0.0.0 ${D}${libdir}/libwolfprov.so
}

# keep unversioned .so in the runtime package for this recipe
FILES_SOLIBSDEV = ""

# explicitly list what goes to -dev instead (headers, pc)
FILES:${PN}-dev = "${includedir} ${libdir}/pkgconfig/*.pc"

# ensure the symlink is assigned to runtime
FILES:${PN} += "${libdir}/libwolfprov.so"

# you’re shipping an unversioned .so in runtime: suppress QA
INSANE_SKIP:${PN} += "dev-so"
4 changes: 2 additions & 2 deletions recipes-wolfssl/wolfprovider/wolfssl_%.bbappend
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
EXTRA_OECONF += " --enable-opensslcoexist --enable-cmac --enable-keygen --enable-sha --enable-des3 --enable-aesctr --enable-aesccm --enable-x963kdf --enable-compkey --enable-certgen --enable-aeskeywrap --enable-enckeys --enable-base16 "
CPPFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DRSA_MIN_SIZE=1024"
CPPFLAGS += " ${@'-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER' if d.getVar('WOLFSSL_TYPE') not in ("fips", "fips-ready") else ''}"
CFLAGS += " -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DECC_MIN_KEY_SZ=192 -DHAVE_PUBLIC_FFDHE -DWOLFSSL_DH_EXTRA -DRSA_MIN_SIZE=1024"
CFLAGS += " ${@'-DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER' if d.getVar('WOLFSSL_TYPE') not in ("fips", "fips-ready") else ''}"
Copy link

@ColtonWilley ColtonWilley Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have a newline here?