unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Herman Rimm via Guix-patches via <guix-patches@gnu.org>
To: 70131@debbugs.gnu.org
Cc: Efraim Flashner <efraim@flashner.co.il>,
	Vagrant Cascadian <vagrant@debian.org>
Subject: [bug#70131] [PATCH v3 2/6] gnu: u-boot: Update to 2024.10.
Date: Fri, 13 Dec 2024 20:58:30 +0100	[thread overview]
Message-ID: <d3400c3c67258cf2e556b73980001f6f49782966.1734118924.git.herman@rimm.ee> (raw)
In-Reply-To: <cover.1734118924.git.herman@rimm.ee>

* gnu/packages/bootloaders.scm (u-boot): Update to 2024.10.
[source]: Remove build-without-libcrypto patch.  Use git-fetch.
(%u-boot-build-without-libcrypto-patch): Remove variable.
(u-boot-tools)[arguments]: Enable test_spl.  Disable sandbox tests and
kwbimage.
(python-u-boot-pylib)[arguments]: Add phase to fix build file.
(make-u-boot-package)[arguments]: Disable kwbimage.
(u-boot-sandbox): Only keep CONFIG_FIT_CIPHER disabled.
[inputs]: Add efitools.
(u-boot-rockpro64-rk3399): Replace CONFIG_DM_SCSI with CONFIG_SCSI.
* gnu/packages/patches/u-boot-build-without-libcrypto.patch: Delete.
* gnu/local.mk (dist_patch_DATA): Remove patch.

Change-Id: I07cb0df0431ed45af0beb05105ae948136dd9eb3
---
 gnu/local.mk                                  |   1 -
 gnu/packages/bootloaders.scm                  |  66 +++++-----
 .../u-boot-build-without-libcrypto.patch      | 123 ------------------
 3 files changed, 32 insertions(+), 158 deletions(-)
 delete mode 100644 gnu/packages/patches/u-boot-build-without-libcrypto.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 14b8c6932e..ace19eb8a4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2274,7 +2274,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tuxpaint-stamps-path.patch		\
   %D%/packages/patches/twinkle-bcg729.patch			\
   %D%/packages/patches/u-boot-allow-disabling-openssl.patch	\
-  %D%/packages/patches/u-boot-build-without-libcrypto.patch	\
   %D%/packages/patches/u-boot-nintendo-nes-serial.patch		\
   %D%/packages/patches/u-boot-rockchip-inno-usb.patch		\
   %D%/packages/patches/ucx-tcp-iface-ioctl.patch		\
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index db2cfd1131..584a285c61 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -54,6 +54,7 @@ (define-module (gnu packages bootloaders)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages efi)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
   #:use-module (gnu packages man)
@@ -754,26 +755,22 @@ (define %u-boot-allow-disabling-openssl-patch
   ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html
   (search-patch "u-boot-allow-disabling-openssl.patch"))
 
-(define %u-boot-build-without-libcrypto-patch
-  ;; Upstream commit to fix Amlogic builds in u-boot 2024.01.
-  (search-patch "u-boot-build-without-libcrypto.patch"))
-
 (define u-boot
   (package
     (name "u-boot")
-    (version "2024.01")
+    (version "2024.10")
     (source (origin
               (patches
                (list %u-boot-rockchip-inno-usb-patch
-                     %u-boot-build-without-libcrypto-patch
                      %u-boot-allow-disabling-openssl-patch))
-              (method url-fetch)
-              (uri (string-append
-                    "https://ftp.denx.de/pub/u-boot/"
-                    "u-boot-" version ".tar.bz2"))
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://source.denx.de/u-boot/u-boot.git")
+                     (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "1czmpszalc6b8cj9j7q6cxcy19lnijv3916w3dag6yr3xpqi35mr"))))
+                "0yrhb0izihv47p781dc4cp0znc5g225ayl7anz23c6jdrmfbpz2h"))))
     (build-system gnu-build-system)
     (native-inputs
      (list bison
@@ -870,9 +867,11 @@ (define-public u-boot-tools
                (("\\./tools/patman/patman") (which "true"))
                ;; FIXME: test fails, needs further investiation
                (("run_test \"binman\"") "# run_test \"binman\"")
-               ;; FIXME: test_spl fails, needs further investiation
-               (("test_ofplatdata or test_handoff or test_spl")
-                "test_ofplatdata or test_handoff")
+               ;; FIXME: tests fail without kwbimage, i.e. openssl.
+               (("run_test \"sandbox_noinst\"")
+                "# run_test \"sandbox_noinst\"")
+               (("run_test \"sandbox_vpl\"")
+                "# run_test \"sandbox_vpl\"")
                ;; FIXME: code coverage not working
                (("run_test \"binman code coverage\"")
                 "# run_test \"binman code coverage\"")
@@ -895,14 +894,16 @@ (define-public u-boot-tools
                            (("CONFIG_FIT_SIGNATURE=y")
                             "CONFIG_FIT_SIGNATURE=n
 CONFIG_UT_LIB_ASN1=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
                            ;; Catch instances of implied CONFIG_FIG_SIGNATURE
                            ;; with VPL targets
                            (("CONFIG_SANDBOX_VPL=y")
                             "CONFIG_SANDBOX_VPL=y
 CONFIG_FIT_SIGNATURE=n
 CONFIG_VPL_FIT_SIGNATURE=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
                            ;; This test requires a sound system, which is un-used
                            ;; in u-boot-tools.
                            (("CONFIG_SOUND=y") "CONFIG_SOUND=n")))
@@ -968,6 +969,13 @@ (define-public python-u-boot-pylib
           (add-after 'unpack 'chdir
             (lambda _
               (chdir "tools/u_boot_pylib")))
+          (add-after 'chdir 'list-package
+            (lambda _
+              (let ((port (open-file "pyproject.toml" "a")))
+                (display "[tool.setuptools.packages.find]\n" port)
+                (display "where = [\"..\"]\n" port)
+                (display "include = [\"u_boot_pylib*\"]" port)
+                (close-port port))))
           (replace 'check
             (lambda* (#:key tests? #:allow-other-keys)
               (when tests?
@@ -1114,7 +1122,8 @@ (define*-public (make-u-boot-package board triplet
                 (lambda _
                   (substitute* ".config"
                     (("CONFIG_TOOLS_LIBCRYPTO=.*$")
-                     "CONFIG_TOOLS_LIBCRYPTO=n"))))
+                     "CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n"))))
               (replace 'install
                 (lambda _
                   (let ((libexec (string-append #$output "/libexec"))
@@ -1322,21 +1331,10 @@ (define-public u-boot-qemu-riscv64-smode
 (define-public u-boot-sandbox
   (let ((base (make-u-boot-package
                "sandbox" #f             ;build for the native system
-               ;; Disable CONFIG_TOOLS_LIBCRYPTO, CONFIG_FIT_SIGNATURE and
-               ;; CONFIG_FIT_CIPHER and their selectors as these features
-               ;; require OpenSSL, which is incompatible with the GPLv2-only
-               ;; parts of U-boot.  The options below replicate the changes
-               ;; that disabling the above features in 'make menuconfig' then
-               ;; refreshing the defconfig with 'make savedefconfig' would do.
-               #:configs (list "# CONFIG_FIT_RSASSA_PSS is not set"
-                               "# CONFIG_FIT_CIPHER is not set"
-                               "# CONFIG_LEGACY_IMAGE_FORMAT is not set"
-                               "# CONFIG_IMAGE_PRE_LOAD is not set"
-                               "# CONFIG_IMAGE_PRE_LOAD_SIG is not set"
-                               "# CONFIG_CMD_BOOTM_PRE_LOAD is not set"
-                               "CONFIG_RSA=y"
-                               "# CONFIG_EFI_SECURE_BOOT is not set"
-                               "# CONFIG_TOOLS_LIBCRYPTO is not set")
+               ;; These disabled features require OpenSSL, which is
+               ;; incompatible with the GPLv2-only parts of U-boot.
+               #:configs (map (cut string-append "# CONFIG_" <> " is not set")
+                              '("FIT_CIPHER"))
                #:append-description
                "The sandbox configuration of U-Boot provides a
 @command{u-boot} command that runs as a normal user space application.  It can
@@ -1356,8 +1354,9 @@ (define-public u-boot-sandbox
                   (mkdir (string-append #$output "/bin"))
                   (symlink (search-input-file outputs "libexec/u-boot")
                            (string-append #$output "/bin/u-boot"))))))))
+      ;; cert-to-efi-sig-list from efitools creates the EFI capsule ESL.
       (inputs (modify-inputs (package-inputs base)
-                (append sdl2))))))
+                (append efitools sdl2))))))
 
 (define-public u-boot-sifive-unleashed
   (let ((base (make-u-boot-package "sifive_unleashed" "riscv64-linux-gnu")))
@@ -1457,7 +1456,6 @@ (define-public u-boot-rockpro64-rk3399
                                                "CONFIG_SATA_SIL=y"
                                                "CONFIG_SCSI=y"
                                                "CONFIG_SCSI_AHCI=y"
-                                               "CONFIG_DM_SCSI=y"
                                                ;; Disable SPL FIT signatures,
                                                ;; due to GPLv2 and Openssl
                                                ;; license incompatibilities
diff --git a/gnu/packages/patches/u-boot-build-without-libcrypto.patch b/gnu/packages/patches/u-boot-build-without-libcrypto.patch
deleted file mode 100644
index d56588941c..0000000000
--- a/gnu/packages/patches/u-boot-build-without-libcrypto.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001
-From: Paul-Erwan Rio <paulerwan.rio@gmail.com>
-Date: Thu, 21 Dec 2023 08:26:11 +0100
-Subject: [PATCH] tools: fix build without LIBCRYPTO support
-
-Commit cb9faa6f98ae ("tools: Use a single target-independent config to
-enable OpenSSL") introduced a target-independent configuration to build
-crypto features in host tools.
-
-But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
-host tools and SPL") the build without OpenSSL is broken, due to FIT
-signature/encryption features. Add missing conditional compilation
-tokens to fix this.
-
-Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
-Tested-by: Alexander Dahl <ada@thorsis.com>
-Cc: Simon Glass <sjg@chromium.org>
-Reviewed-by: Tom Rini <trini@konsulko.com>
-Reviewed-by: Simon Glass <sjg@chromium.org>
----
- include/image.h    | 2 +-
- tools/Kconfig      | 1 +
- tools/fit_image.c  | 2 +-
- tools/image-host.c | 4 ++++
- tools/mkimage.c    | 5 +++--
- 5 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/include/image.h b/include/image.h
-index 432ec927b1..21de70f0c9 100644
---- a/include/image.h
-+++ b/include/image.h
-@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
-  * device
-  */
- #if defined(USE_HOSTCC)
--# if defined(CONFIG_FIT_SIGNATURE)
-+# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- #  define IMAGE_ENABLE_SIGN	1
- #  define FIT_IMAGE_ENABLE_VERIFY	1
- #  include <openssl/evp.h>
-diff --git a/tools/Kconfig b/tools/Kconfig
-index f8632cd59d..f01ed783e6 100644
---- a/tools/Kconfig
-+++ b/tools/Kconfig
-@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS
- 	  Support the rsassa-pss signature scheme in the tools builds
- 
- config TOOLS_FIT_SIGNATURE
-+	depends on TOOLS_LIBCRYPTO
- 	def_bool y
- 	help
- 	  Enable signature verification of FIT uImages in the tools builds
-diff --git a/tools/fit_image.c b/tools/fit_image.c
-index 71e031c855..beef1fa86e 100644
---- a/tools/fit_image.c
-+++ b/tools/fit_image.c
-@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
- 		ret = fit_set_timestamp(ptr, 0, time);
- 	}
- 
--	if (!ret)
-+	if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
- 		ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
- 
- 	if (!ret) {
-diff --git a/tools/image-host.c b/tools/image-host.c
-index ca4950312f..90bc9f905f 100644
---- a/tools/image-host.c
-+++ b/tools/image-host.c
-@@ -14,8 +14,10 @@
- #include <image.h>
- #include <version.h>
- 
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- #include <openssl/pem.h>
- #include <openssl/evp.h>
-+#endif
- 
- /**
-  * fit_set_hash_value - set hash value in requested has node
-@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir,
- 	return 0;
- }
- 
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- /*
-  * 0) open file (open)
-  * 1) read certificate (PEM_read_X509)
-@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
-  out:
- 	return ret;
- }
-+#endif
- 
- int fit_cipher_data(const char *keydir, void *keydest, void *fit,
- 		    const char *comment, int require_keys,
-diff --git a/tools/mkimage.c b/tools/mkimage.c
-index 6dfe3e1d42..ac62ebbde9 100644
---- a/tools/mkimage.c
-+++ b/tools/mkimage.c
-@@ -115,7 +115,7 @@ static void usage(const char *msg)
- 		"          -B => align size in hex for FIT structure and header\n"
- 		"          -b => append the device tree binary to the FIT\n"
- 		"          -t => update the timestamp in the FIT\n");
--#ifdef CONFIG_FIT_SIGNATURE
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- 	fprintf(stderr,
- 		"Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
- 		"          -k => set directory containing private keys\n"
-@@ -130,8 +130,9 @@ static void usage(const char *msg)
- 		"          -o => algorithm to use for signing\n");
- #else
- 	fprintf(stderr,
--		"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
-+		"Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n");
- #endif
-+
- 	fprintf(stderr, "       %s -V ==> print version information and exit\n",
- 		params.cmdname);
- 	fprintf(stderr, "Use '-T list' to see a list of available image types\n");
--- 
-2.41.0
-
-- 
2.45.2





  parent reply	other threads:[~2024-12-13 20:01 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-01 20:20 [bug#70131] [PATCH 0/5] Add bootloaders and update U-Boot Herman Rimm via Guix-patches via
2024-04-01 20:22 ` [bug#70131] [PATCH 1/5] gnu: bootloader: Add nanopi-r4s-rk3399 bootloader Herman Rimm via Guix-patches via
2024-04-01 20:22 ` [bug#70131] [PATCH 2/5] gnu: u-boot: Use DDR3 patch for Nano Pi R4S Herman Rimm via Guix-patches via
2024-04-01 20:22 ` [bug#70131] [PATCH 3/5] gnu: firmware: Update make-arm-trusted-firmware to 2.10 Herman Rimm via Guix-patches via
2024-04-01 20:22 ` [bug#70131] [PATCH 4/5] gnu: u-boot: Update to 2024.04-rc5 Herman Rimm via Guix-patches via
2024-04-01 20:22 ` [bug#70131] [PATCH 5/5] gnu: bootloader: Add orangepi-zero2w bootloader Herman Rimm via Guix-patches via
2024-05-09  5:35 ` [bug#70131] [PATCH 0/5] Update U-boot Herman Rimm via Guix-patches via
2024-05-09  5:35   ` [bug#70131] [PATCH 1/5] gnu: bootloader: Add nanopi-r4s-rk3399 bootloader Herman Rimm via Guix-patches via
2024-05-09  5:35   ` [bug#70131] [PATCH 2/5] gnu: u-boot: Use DDR3 patch for Nano Pi R4S Herman Rimm via Guix-patches via
2024-05-15 18:16     ` Vagrant Cascadian
2024-05-09  5:35   ` [bug#70131] [PATCH 3/5] gnu: firmware: Update make-arm-trusted-firmware to 2.10 Herman Rimm via Guix-patches via
2024-05-09  5:35   ` [bug#70131] [PATCH 4/5] gnu: u-boot: Update to 2024.04 Herman Rimm via Guix-patches via
2024-05-09  5:35   ` [bug#70131] [PATCH 5/5] gnu: bootloader: Add orangepi-zero2w bootloader Herman Rimm via Guix-patches via
2024-05-15 20:26   ` [bug#70131] [PATCH 0/5] Update U-boot Vagrant Cascadian
2024-05-16  7:28     ` Herman Rimm via Guix-patches via
2024-05-16 15:56       ` Vagrant Cascadian
2024-08-26 14:45 ` [bug#70131] [PATCH v2 1/8] gnu: bootloader: Add nanopi-r4s-rk3399 bootloader Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 2/8] gnu: u-boot: Use DDR3 patch for Nano Pi R4S Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 3/8] gnu: firmware: Update make-arm-trusted-firmware to 2.10 Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 4/8] gnu: u-boot: Update to 2024.07 Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 5/8] gnu: python-u-boot-pylib: Fix pyproject.toml Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 6/8] gnu: u-boot-rockpro64-rk3399: Unconfigure CONFIG_DM_SCSI Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 7/8] gnu: u-boot-sandbox: Unconfigure CONFIG_RSA and CONFIG_TOOLS_LIBCRYPTO Herman Rimm via Guix-patches via
2024-08-26 14:45   ` [bug#70131] [PATCH v2 8/8] gnu: bootloader: Add orangepi-zero2w bootloader Herman Rimm via Guix-patches via
2024-12-13 19:58 ` [bug#70131] [PATCH v3 0/6] Update U-Boot Herman Rimm via Guix-patches via
2024-12-13 19:58   ` [bug#70131] [PATCH v3 1/6] Revert "gnu: u-boot-tools: Fix segfault while running tests." Herman Rimm via Guix-patches via
2024-12-13 19:58   ` Herman Rimm via Guix-patches via [this message]
2024-12-13 19:58   ` [bug#70131] [PATCH v3 3/6] gnu: u-boot-tools: Remove extraneous native-input Herman Rimm via Guix-patches via
2024-12-13 19:58   ` [bug#70131] [PATCH v3 4/6] gnu: u-boot: Use search-patches Herman Rimm via Guix-patches via
2024-12-13 19:58   ` [bug#70131] [PATCH v3 5/6] gnu: bootloaders: u-boot-sandbox: Reformat Herman Rimm via Guix-patches via
2024-12-13 19:58   ` [bug#70131] [PATCH v3 6/6] gnu: u-boot: Use guix-name Herman Rimm via Guix-patches via

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d3400c3c67258cf2e556b73980001f6f49782966.1734118924.git.herman@rimm.ee \
    --to=guix-patches@gnu.org \
    --cc=70131@debbugs.gnu.org \
    --cc=efraim@flashner.co.il \
    --cc=herman@rimm.ee \
    --cc=vagrant@debian.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).