From 5fd9878d28cd05f89551359cc0de1adfb67a310b Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Wed, 28 Dec 2016 12:45:12 -0500 Subject: [PATCH] Download and build almost all dependencies. As part of issue #1, we should build all libraries and programs that we deploy into the Heads initrd. This modifies the module configurations for all of them to install into heads/install so that we can build against them. Add dmsetup, cryptsetup and veritysetup (issue #46). Build gpgv 1.4 as a standalone tool (issue #23). Modify populate-lib to use the install directory by setting LD_LIBRARY_PATH (issue #35). --- Makefile | 20 ++++++++------------ modules/cryptsetup | 8 ++++++++ modules/gpg | 38 ++++++++++++++++++++++++++++++++++++++ modules/kexec | 12 +++++++++++- modules/libuuid | 14 ++++++++++++++ modules/lvm2 | 19 +++++++++++++++++++ modules/mbedtls | 6 +++--- modules/popt | 14 ++++++++++++++ modules/qrencode | 8 +++++++- 9 files changed, 122 insertions(+), 17 deletions(-) create mode 100644 modules/gpg create mode 100644 modules/libuuid create mode 100644 modules/lvm2 create mode 100644 modules/popt diff --git a/Makefile b/Makefile index ba511382..7ea18386 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ pwd := $(shell pwd) packages := $(pwd)/packages build := $(pwd)/build config := $(pwd)/build +INSTALL := $(pwd)/install # Currently supported targets are x230, chell and qemu BOARD ?= qemu @@ -97,9 +98,9 @@ define define_module = #$1: $(call outputs,$1) # Target for all of the outputs, which depend on their dependent modules -$1.intermediate: \ - $(build)/$($1_dir)/.configured \ - $(foreach d,$($1_depends),$d.intermediate) + $1.intermediate: \ + $(foreach d,$($1_depends),$(call outputs,$d)) \ + $(build)/$($1_dir)/.configured make -C "$(build)/$($1_dir)" $($1_target) .INTERMEDIATE: $1.intermediate @@ -145,10 +146,13 @@ endef $(foreach _, $(call bins,kexec), $(eval $(call initrd_bin_add,$_))) $(foreach _, $(call bins,tpmtotp), $(eval $(call initrd_bin_add,$_))) $(foreach _, $(call bins,cryptsetup), $(eval $(call initrd_bin_add,$_))) +$(foreach _, $(call bins,gpg), $(eval $(call initrd_bin_add,$_))) +$(foreach _, $(call bins,lvm2), $(eval $(call initrd_bin_add,$_))) $(foreach _, $(call libs,tpmtotp), $(eval $(call initrd_lib_add,$_))) $(foreach _, $(call libs,mbedtls), $(eval $(call initrd_lib_add,$_))) $(foreach _, $(call libs,qrencode), $(eval $(call initrd_lib_add,$_))) +$(foreach _, $(call libs,lvm2), $(eval $(call initrd_lib_add,$_))) #$(foreach _, $(call outputs,xen), $(eval $(call initrd_bin,$_))) @@ -170,21 +174,13 @@ initrd/bin/cbmem: $(build)/$(coreboot_dir)/util/cbmem/cbmem $(build)/$(coreboot_dir)/util/cbmem/cbmem: $(build)/$(coreboot_dir)/.canary make -C "$(dir $@)" -# Mounting dm-verity file systems requires dm-verity to be installed -# We use gpgv to verify the signature on the root hash. -# Both of these should be brought in as modules instead of from /sbin -#initrd_bins += initrd/bin/dmsetup -initrd/bin/dmsetup: /sbin/dmsetup - cp "$<" "$@" -initrd_bins += initrd/bin/gpgv -initrd/bin/gpgv: /usr/bin/gpgv - cp "$<" "$@" # Update all of the libraries in the initrd based on the executables # that were installed. initrd_lib_install: $(initrd_bins) $(initrd_libs) -find initrd/bin -type f -a ! -name '*.sh' -print0 \ | xargs -0 strip + LD_LIBRARY_PATH="$(INSTALL)/lib" \ ./populate-lib \ ./initrd/lib/x86_64-linux-gnu/ \ initrd/bin/* \ diff --git a/modules/cryptsetup b/modules/cryptsetup index 5bae4152..b8d0b451 100644 --- a/modules/cryptsetup +++ b/modules/cryptsetup @@ -1,5 +1,7 @@ modules += cryptsetup +cryptsetup_depends := libuuid popt lvm2 + cryptsetup_version := 1.7.3 cryptsetup_dir := cryptsetup-$(cryptsetup_version) cryptsetup_tar := cryptsetup-$(cryptsetup_version).tar.xz @@ -7,10 +9,16 @@ cryptsetup_url := https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptse cryptsetup_hash := af2b04e8475cf40b8d9ffd97a1acfa73aa787c890430afd89804fb544d6adc02 cryptsetup_configure := ./configure \ + CFLAGS="-I$(INSTALL)/include" \ + LDFLAGS="-L$(INSTALL)/lib" \ + --prefix "$(INSTALL)" \ --disable-gcrypt-pbkdf2 \ --with-crypto_backend=kernel \ +cryptsetup_target := -j 8 install + cryptsetup_output := \ src/.libs/cryptsetup \ src/.libs/veritysetup \ + diff --git a/modules/gpg b/modules/gpg new file mode 100644 index 00000000..bdc9040c --- /dev/null +++ b/modules/gpg @@ -0,0 +1,38 @@ +modules += gpg + +# we install gpgv 1.4, which is an older version that has fewer +# dependencies. This may need to be revisted later. +gpg_version := 1.4.21 +gpg_dir := gnupg-$(gpg_version) +gpg_tar := gnupg-$(gpg_version).tar.bz2 +gpg_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg_tar) +gpg_hash := e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 + +gpg_configure := ./configure \ + CFLAGS="-I$(INSTALL)/include" \ + LDFLAGS="-L$(INSTALL)/lib" \ + --prefix $(INSTALL) \ + --disable-bzip2 \ + --disable-gpg \ + --disable-gpgsm \ + --disable-agent \ + --disable-scdaemon \ + --disable-tools \ + --disable-doc \ + --disable-exec \ + --disable-photo-viewers \ + --disable-keyserver-helpers \ + --disable-ldap \ + --disable-hkp \ + --disable-finger \ + --disable-ccid-driver \ + --disable-dns-srv \ + --disable-dns-pka \ + --disable-dns-cert \ + --disable-regex \ + +gpg_target := -j 8 install + +gpg_outputs := g10/gpgv + + diff --git a/modules/kexec b/modules/kexec index e63490fb..dc02234f 100644 --- a/modules/kexec +++ b/modules/kexec @@ -6,5 +6,15 @@ kexec_tar := kexec-tools-$(kexec_version).tar.gz kexec_url := https://kernel.org/pub/linux/utils/kernel/kexec/$(kexec_tar) kexec_hash := cc7b60dad0da202004048a6179d8a53606943062dd627a2edba45a8ea3a85135 -kexec_configure := ./configure +kexec_configure := ./configure \ + CFLAGS="-I$(INSTALL)/include" \ + LDFLAGS="-L$(INSTALL)/lib" \ + --prefix="$(INSTALL)" \ + --without-zlib \ + +kexec_target := -j 8 install + kexec_output := build/sbin/kexec + +# if we don't need zlib, don't built it +#kexec_depends := zlib diff --git a/modules/libuuid b/modules/libuuid new file mode 100644 index 00000000..055e996c --- /dev/null +++ b/modules/libuuid @@ -0,0 +1,14 @@ +modules += libuuid + +libuuid_version := 1.0.3 +libuuid_dir := libuuid-$(libuuid_version) +libuuid_tar := libuuid-$(libuuid_version).tar.gz +libuuid_url := http://downloads.sourceforge.net/project/libuuid/$(libuuid_tar) +libuuid_hash := 46af3275291091009ad7f1b899de3d0cea0252737550e7919d17237997db5644 + +libuuid_configure := ./configure \ + --prefix $(INSTALL) \ + +libuuid_target := install + +libuuid_libraries := .libs/libuuid.so diff --git a/modules/lvm2 b/modules/lvm2 new file mode 100644 index 00000000..0567052a --- /dev/null +++ b/modules/lvm2 @@ -0,0 +1,19 @@ +modules += lvm2 + +lvm2_version := 2.02.168 +lvm2_dir := LVM2.$(lvm2_version) +lvm2_tar := LVM2.$(lvm2_version).tgz +lvm2_url := http://mirrors.kernel.org/sourceware/lvm2/$(lvm2_tar) +lvm2_hash := 23a3d1cddd41b3ef51812ebf83e9fa491f502fe74130d4263be327a91914660d + +lvm2_configure := ./configure \ + --prefix $(INSTALL) \ + --disable-selinux \ + --disable-udev-systemd-background-jobs \ + --disable-realtime \ + +lvm2_target := -j 8 install_device-mapper + +lvm2_libraries := libdm/libdevmapper.so + +lvm2_output := tools/dmsetup diff --git a/modules/mbedtls b/modules/mbedtls index 737c37c9..c4921219 100644 --- a/modules/mbedtls +++ b/modules/mbedtls @@ -1,13 +1,13 @@ modules += mbedtls mbedtls_version := 2.3.0 -mbedtls_dir := mbedtls-$(mbedtls_version)/library +mbedtls_dir := mbedtls-$(mbedtls_version) mbedtls_tar := mbedtls-$(mbedtls_version)-gpl.tgz mbedtls_url := https://tls.mbed.org/download/$(mbedtls_tar) mbedtls_hash := 21237014f779bde70b2d71399cc1ea53365eb7f10cdd74a13ee6329a1910cb49 mbedtls_libraries := \ - libmbedcrypto.so.0 \ + library/libmbedcrypto.so.0 \ mbedtls_configure := -mbedtls_target := SHARED=1 +mbedtls_target := SHARED=1 DESTDIR=$(INSTALL) -j 8 install diff --git a/modules/popt b/modules/popt new file mode 100644 index 00000000..a3c48b51 --- /dev/null +++ b/modules/popt @@ -0,0 +1,14 @@ +modules += popt + +popt_version := 1.16 +popt_dir := popt-$(popt_version) +popt_tar := popt-$(popt_version).tar.gz +popt_url := http://rpm5.org/files/popt/$(popt_tar) +popt_hash := e728ed296fe9f069a0e005003c3d6b2dde3d9cad453422a10d6558616d304cc8 + +popt_configure := ./configure \ + --prefix $(INSTALL) \ + +popt_target := install + +popt_libraries := ./libs/libpopt.so diff --git a/modules/qrencode b/modules/qrencode index 82ce7f94..84394787 100644 --- a/modules/qrencode +++ b/modules/qrencode @@ -7,4 +7,10 @@ qrencode_url := https://fukuchi.org/works/qrencode/$(qrencode_tar) qrencode_hash := e794e26a96019013c0e3665cb06b18992668f352c5553d0a553f5d144f7f2a72 qrencode_output := .libs/libqrencode.so.$(qrencode_version) -qrencode_configure := ./configure --without-tools + +qrencode_configure := ./configure \ + --prefix $(INSTALL) \ + --without-tools \ + +qrencode_target := install +