mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-29 09:18:54 +00:00
37f04e2855
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility. - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master) - oem-factory-reset - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors - Wipe keyrings only (*.gpg, *.kbx) not conf files under gpg homedir (keep initrd/.gnupg/*.conf) - flake.nix - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker) - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing - flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds - README.md: have consistent docker testing + release (push) notes - .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing) TODO: - some fd2 instead of fd1?! - oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail Signed-off-by: Thierry Laurion <insurgo@riseup.net>
57 lines
1.7 KiB
Makefile
57 lines
1.7 KiB
Makefile
modules-$(CONFIG_GPG2) += gpg2
|
|
|
|
gpg2_version := 2.4.0
|
|
gpg2_dir := gnupg-$(gpg2_version)
|
|
gpg2_tar := gnupg-$(gpg2_version).tar.bz2
|
|
gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
|
|
gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
|
|
gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb $(musl_dep)
|
|
|
|
# For reproducibility reasons we have to override the exec_prefix
|
|
# and datarootdir on the configure line so that the Makefiles will
|
|
# be generated with the correct paths, but then re-write them when
|
|
# we use the install target so that they will be copied to the correct
|
|
# location.
|
|
gpg2_configure := \
|
|
$(CROSS_TOOLS) \
|
|
CFLAGS="-Os" \
|
|
./configure \
|
|
CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \
|
|
--host $(MUSL_ARCH)-linux-musl \
|
|
--prefix "/" \
|
|
--libexecdir "/bin" \
|
|
--disable-all-tests \
|
|
--disable-bzip2 \
|
|
--disable-dirmngr \
|
|
--disable-doc \
|
|
--disable-exec \
|
|
--disable-gnutls \
|
|
--disable-gpgsm \
|
|
--disable-ldap \
|
|
--disable-libdns \
|
|
--disable-nls \
|
|
--disable-ntbtls \
|
|
--disable-photo-viewers \
|
|
--disable-rpath \
|
|
--disable-sqlite \
|
|
--disable-tofu \
|
|
--disable-wks-tools \
|
|
--disable-zip \
|
|
--enable-ccid-driver \
|
|
--enable-scdaemon \
|
|
--with-gpg-error-prefix="$(INSTALL)" \
|
|
--with-ksba-prefix="$(INSTALL)" \
|
|
--with-libassuan-prefix="$(INSTALL)" \
|
|
--with-libgcrypt-prefix="$(INSTALL)" \
|
|
--with-npth-prefix="$(INSTALL)" \
|
|
|
|
# Run one build to generate the executables with the pre-defined
|
|
# exec_prefix and datarootdir, then a second make to install the binaries
|
|
# into our actual target location
|
|
gpg2_target := $(MAKE_JOBS) \
|
|
&& $(MAKE) -C $(build)/$(gpg2_dir) \
|
|
DESTDIR="$(INSTALL)" \
|
|
install
|
|
|
|
gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon
|