mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-04-27 14:22:31 +02:00
Build OpenSSL without engine support
Fix COMPILE_SSL to build for the proper architecture, link with the appropriate library, and set up library path for evmctl. Compile OpenSSL with "no-engine" and "no-dynamic-engine" support. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
parent
abf7b5e236
commit
297d01bdb6
4
.github/workflows/ci.yml
vendored
4
.github/workflows/ci.yml
vendored
@ -114,7 +114,7 @@ jobs:
|
||||
INSTALL="${INSTALL%%/*}"
|
||||
if [ "$VARIANT" ]; then ARCH="$ARCH" ./ci/$INSTALL.$VARIANT.sh; fi
|
||||
ARCH="$ARCH" CC="$CC" TSS="$TSS" ./ci/$INSTALL.sh
|
||||
if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi
|
||||
if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" VARIANT="$VARIANT" ./tests/install-openssl3.sh; fi
|
||||
|
||||
- name: Build swtpm
|
||||
run: |
|
||||
@ -129,4 +129,4 @@ jobs:
|
||||
run: $CC --version
|
||||
|
||||
- name: Compile
|
||||
run: CC="$CC" VARIANT="$VARIANT" ./build.sh
|
||||
run: CC="$CC" VARIANT="$VARIANT" COMPILE_SSL="$COMPILE_SSL" ./build.sh
|
||||
|
@ -95,4 +95,4 @@ script:
|
||||
- INSTALL="${DISTRO#${REPO}}"
|
||||
- INSTALL="${INSTALL%%:*}"
|
||||
- INSTALL="${INSTALL%%/*}"
|
||||
- $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
|
||||
- $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ \"$COMPILE_SSL\" ]; then COMPILE_SSL=\"$COMPILE_SSL\" VARIANT=\"$VARIANT\" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" COMPILE_SSL=\"$COMPILE_SSL\" ./build.sh"
|
||||
|
8
build.sh
8
build.sh
@ -32,6 +32,14 @@ log_exit()
|
||||
|
||||
cd `dirname $0`
|
||||
|
||||
if [ "$COMPILE_SSL" ]; then
|
||||
echo "COMPILE_SSL: $COMPILE_SSL"
|
||||
export CFLAGS="-I/opt/openssl3/include $CFLAGS"
|
||||
export LD_LIBRARY_PATH="/opt/openssl3/lib64:/opt/openssl3/lib:$HOME/src/ima-evm-utils/src/.libs:$LD_LIBRARY_PATH"
|
||||
export LDFLAGS="-L/opt/openssl3/lib64 -L/opt/openssl3/lib $LDFLAGS"
|
||||
export PATH="/opt/openssl3/bin:$HOME/src/ima-evm-utils/src/.libs:$PATH"
|
||||
fi
|
||||
|
||||
case "$VARIANT" in
|
||||
i386)
|
||||
echo "32-bit compilation"
|
||||
|
@ -2983,8 +2983,10 @@ int main(int argc, char *argv[])
|
||||
#if CONFIG_IMA_EVM_ENGINE
|
||||
case 139: /* --engine e */
|
||||
imaevm_params.eng = setup_engine(optarg);
|
||||
if (!imaevm_params.eng)
|
||||
if (!imaevm_params.eng) {
|
||||
log_info("setup_engine failed\n");
|
||||
goto error;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
case 140: /* --xattr-user */
|
||||
|
@ -13,7 +13,14 @@ wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags
|
||||
tar --no-same-owner -xzf ${version}.tar.gz
|
||||
cd openssl-${version}
|
||||
|
||||
./Configure --prefix=/opt/openssl3 --openssldir=/opt/openssl3/ssl
|
||||
if [ "$VARIANT" = "i386" ]; then
|
||||
echo "32-bit compilation"
|
||||
FLAGS="-m32 linux-generic32"
|
||||
fi
|
||||
|
||||
./Configure $FLAGS no-engine no-dynamic-engine --prefix=/opt/openssl3 --openssldir=/opt/openssl3
|
||||
# Uncomment for debugging
|
||||
# perl configdata.pm --dump | grep engine
|
||||
make -j$(nproc)
|
||||
# only install apps and library
|
||||
sudo make install_sw
|
||||
|
Loading…
x
Reference in New Issue
Block a user