Date: Tue, 26 Feb 2019 06:11:01 +0000 (UTC) From: "Simon J. Gerraty" <sjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344566 - in head: lib share/mk tools/build/options Message-ID: <201902260611.x1Q6B1x9093903@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sjg Date: Tue Feb 26 06:11:01 2019 New Revision: 344566 URL: https://svnweb.freebsd.org/changeset/base/344566 Log: Enable build of libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16337 Added: head/tools/build/options/WITH_BEARSSL (contents, props changed) head/tools/build/options/WITH_LOADER_VERIEXEC (contents, props changed) head/tools/build/options/WITH_VERIEXEC (contents, props changed) Modified: head/lib/Makefile head/share/mk/src.libnames.mk head/share/mk/src.opts.mk Modified: head/lib/Makefile ============================================================================== --- head/lib/Makefile Tue Feb 26 06:09:10 2019 (r344565) +++ head/lib/Makefile Tue Feb 26 06:11:01 2019 (r344566) @@ -133,6 +133,7 @@ SUBDIR_DEPEND_libpcap= ofed # NB: keep these sorted by MK_* knobs SUBDIR.${MK_ATM}+= libngatm +SUBDIR.${MK_BEARSSL}+= libbearssl libsecureboot SUBDIR.${MK_BLACKLIST}+=libblacklist SUBDIR.${MK_BLUETOOTH}+=libbluetooth libsdp SUBDIR.${MK_BSNMP}+= libbsnmp @@ -204,6 +205,7 @@ SUBDIR.${MK_TESTS}+= tests SUBDIR.${MK_UNBOUND}+= libunbound SUBDIR.${MK_USB}+= libusbhid libusb SUBDIR.${MK_OFED}+= ofed +SUBDIR.${MK_VERIEXEC}+= libveriexec SUBDIR.${MK_ZFS}+= libbe .if !make(install) Modified: head/share/mk/src.libnames.mk ============================================================================== --- head/share/mk/src.libnames.mk Tue Feb 26 06:09:10 2019 (r344565) +++ head/share/mk/src.libnames.mk Tue Feb 26 06:11:01 2019 (r344566) @@ -210,6 +210,21 @@ _LIBRARIES+= \ osmvendor .endif +.if ${MK_BEARSSL} == "yes" +_INTERNALLIBS+= \ + bearssl \ + secureboot \ + +LIBBEARSSL?= ${LIBBEARSSLDIR}/libbearssl${PIE_SUFFIX}.a +LIBSECUREBOOT?= ${LIBSECUREBOOTDIR}/libsecureboot${PIE_SUFFIX}.a +.endif + +.if ${MK_VERIEXEC} == "yes" +_INTERNALLIBS+= veriexec + +LIBVERIEXEC?= ${LIBVERIEXECDIR}/libveriexec${PIE_SUFFIX}.a +.endif + # Each library's LIBADD needs to be duplicated here for static linkage of # 2nd+ order consumers. Auto-generating this would be better. _DP_80211= sbuf bsdxml Modified: head/share/mk/src.opts.mk ============================================================================== --- head/share/mk/src.opts.mk Tue Feb 26 06:09:10 2019 (r344565) +++ head/share/mk/src.opts.mk Tue Feb 26 06:11:01 2019 (r344566) @@ -194,6 +194,7 @@ __DEFAULT_YES_OPTIONS = \ ZONEINFO __DEFAULT_NO_OPTIONS = \ + BEARSSL \ BSD_GREP \ CLANG_EXTRAS \ DTRACE_TESTS \ @@ -219,6 +220,8 @@ __DEFAULT_NO_OPTIONS = \ __DEFAULT_DEPENDENT_OPTIONS= \ CLANG_FULL/CLANG \ LLVM_TARGET_ALL/CLANG \ + LOADER_VERIEXEC/BEARSSL \ + VERIEXEC/BEARSSL \ # MK_*_SUPPORT options which default to "yes" unless their corresponding # MK_* variable is set to "no". Added: head/tools/build/options/WITH_BEARSSL ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_BEARSSL Tue Feb 26 06:11:01 2019 (r344566) @@ -0,0 +1,11 @@ +.\" $FreeBSD$ +Build the BearSSL library. +.Pp +BearSSL is a tiny SSL library suitable for embedded environments. +For details see +.Lk http://www.BearSSL.org/ +.Pp +This library is currently only used to perform +signature verification and related operations +for Verified Exec and +.Xr loader 8 . Added: head/tools/build/options/WITH_LOADER_VERIEXEC ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_LOADER_VERIEXEC Tue Feb 26 06:11:01 2019 (r344566) @@ -0,0 +1,7 @@ +.\" $FreeBSD$ +Enable building +.Xr loader 8 +with support for verifcation similar to Verified Exec. +.Pp +It depends on +.Va WITH_BEARSSL Added: head/tools/build/options/WITH_VERIEXEC ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/build/options/WITH_VERIEXEC Tue Feb 26 06:11:01 2019 (r344566) @@ -0,0 +1,9 @@ +.\" $FreeBSD$ +Enable building +.Xr veriexec 8 +which loads the contents of verified manifests into the kernel +for use by +.Xr mac_veriexec 4 +.Pp +It depends on +.Va WITH_BEARSSL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902260611.x1Q6B1x9093903>