* [ptxdist] [PATCH v2] libgcrypt: update 1.7.3 -> 1.7.5
@ 2017-01-09 18:07 Clemens Gruber
2017-01-10 15:09 ` Michael Olbrich
0 siblings, 1 reply; 3+ messages in thread
From: Clemens Gruber @ 2017-01-09 18:07 UTC (permalink / raw)
To: ptxdist; +Cc: Clemens Gruber
Also add configure options explicitly and enable ASM for all
architectures except m68k/ColdFire.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
Changes from v1:
- Rely on runtime detection for optimizations besides NEON
- Disabling ASM is only necessary on m68k/ColdFire
rules/libgcrypt.make | 38 +++++++++++++++++++++++++-------------
1 file changed, 25 insertions(+), 13 deletions(-)
diff --git a/rules/libgcrypt.make b/rules/libgcrypt.make
index 4ffe6bcee..0edbca9cd 100644
--- a/rules/libgcrypt.make
+++ b/rules/libgcrypt.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_LIBGCRYPT) += libgcrypt
#
# Paths and names
#
-LIBGCRYPT_VERSION := 1.7.3
-LIBGCRYPT_MD5 := c869e542cc13a1c28d8055487bf7f5c4
+LIBGCRYPT_VERSION := 1.7.5
+LIBGCRYPT_MD5 := 74c8b4b2118946dcbfec5ff1cbf97177
LIBGCRYPT := libgcrypt-$(LIBGCRYPT_VERSION)
LIBGCRYPT_SUFFIX := tar.bz2
LIBGCRYPT_URL := http://artfiles.org/gnupg.org/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX) ftp://ftp.gnupg.org/gcrypt/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX)
@@ -38,19 +38,31 @@ LIBGCRYPT_LICENSE_FILES := \
#
LIBGCRYPT_AUTOCONF := \
$(CROSS_AUTOCONF_USR) \
- --enable-build-timestamp="$(PTXDIST_VERSION_YEAR)-$(PTXDIST_VERSION_MONTH)-01T00:00+0000" \
- --enable-optimization \
+ --disable-static \
+ --enable-shared \
+ --enable-random=linux \
+ --enable-dev-random \
--disable-random-daemon \
- --disable-asm \
+ --$(call ptx/disen,PTXCONF_ARCH_M68K)-asm \
+ --disable-m-guard \
--disable-large-data-tests \
- --disable-doc
-#
-# ASM needs MPI, which we don't have
-#
-# using --enable-asm will result in lost of;
-# ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_add_n'
-# ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_submul_1'
-#
+ --disable-hmac-binary-check \
+ --enable-padlock-support \
+ --enable-aesni-support \
+ --enable-pclmul-support \
+ --enable-sse41-support \
+ --enable-drng-support \
+ --enable-avx-support \
+ --enable-avx2-support \
+ --$(call ptx/endis,PTXCONF_ARCH_ARM_NEON)-neon-support \
+ --enable-arm-crypto-support \
+ --enable-O-flag-munging \
+ --disable-amd64-as-feature-detection \
+ --enable-optimization \
+ --enable-noexecstack \
+ --disable-doc \
+ --enable-build-timestamp="$(PTXDIST_VERSION_YEAR)-$(PTXDIST_VERSION_MONTH)-01T00:00+0000" \
+ --without-capabilities
# ----------------------------------------------------------------------------
# Target-Install
--
2.11.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ptxdist] [PATCH v2] libgcrypt: update 1.7.3 -> 1.7.5
2017-01-09 18:07 [ptxdist] [PATCH v2] libgcrypt: update 1.7.3 -> 1.7.5 Clemens Gruber
@ 2017-01-10 15:09 ` Michael Olbrich
2017-01-10 15:38 ` Clemens Gruber
0 siblings, 1 reply; 3+ messages in thread
From: Michael Olbrich @ 2017-01-10 15:09 UTC (permalink / raw)
To: ptxdist
On Mon, Jan 09, 2017 at 07:07:49PM +0100, Clemens Gruber wrote:
> Also add configure options explicitly and enable ASM for all
> architectures except m68k/ColdFire.
>
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
> ---
>
> Changes from v1:
> - Rely on runtime detection for optimizations besides NEON
> - Disabling ASM is only necessary on m68k/ColdFire
>
> rules/libgcrypt.make | 38 +++++++++++++++++++++++++-------------
> 1 file changed, 25 insertions(+), 13 deletions(-)
>
> diff --git a/rules/libgcrypt.make b/rules/libgcrypt.make
> index 4ffe6bcee..0edbca9cd 100644
> --- a/rules/libgcrypt.make
> +++ b/rules/libgcrypt.make
> @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_LIBGCRYPT) += libgcrypt
> #
> # Paths and names
> #
> -LIBGCRYPT_VERSION := 1.7.3
> -LIBGCRYPT_MD5 := c869e542cc13a1c28d8055487bf7f5c4
> +LIBGCRYPT_VERSION := 1.7.5
> +LIBGCRYPT_MD5 := 74c8b4b2118946dcbfec5ff1cbf97177
> LIBGCRYPT := libgcrypt-$(LIBGCRYPT_VERSION)
> LIBGCRYPT_SUFFIX := tar.bz2
> LIBGCRYPT_URL := http://artfiles.org/gnupg.org/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX) ftp://ftp.gnupg.org/gcrypt/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX)
> @@ -38,19 +38,31 @@ LIBGCRYPT_LICENSE_FILES := \
> #
> LIBGCRYPT_AUTOCONF := \
> $(CROSS_AUTOCONF_USR) \
> - --enable-build-timestamp="$(PTXDIST_VERSION_YEAR)-$(PTXDIST_VERSION_MONTH)-01T00:00+0000" \
> - --enable-optimization \
> + --disable-static \
> + --enable-shared \
> + --enable-random=linux \
> + --enable-dev-random \
> --disable-random-daemon \
> - --disable-asm \
> + --$(call ptx/disen,PTXCONF_ARCH_M68K)-asm \
> + --disable-m-guard \
> --disable-large-data-tests \
> - --disable-doc
> -#
> -# ASM needs MPI, which we don't have
> -#
> -# using --enable-asm will result in lost of;
> -# ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_add_n'
> -# ../src/.libs/libgcrypt.so: undefined reference to `_gcry_mpih_submul_1'
> -#
> + --disable-hmac-binary-check \
> + --enable-padlock-support \
> + --enable-aesni-support \
> + --enable-pclmul-support \
> + --enable-sse41-support \
> + --enable-drng-support \
> + --enable-avx-support \
> + --enable-avx2-support \
> + --$(call ptx/endis,PTXCONF_ARCH_ARM_NEON)-neon-support \
> + --enable-arm-crypto-support \
> + --enable-O-flag-munging \
> + --disable-amd64-as-feature-detection \
> + --enable-optimization \
> + --enable-noexecstack \
> + --disable-doc \
> + --enable-build-timestamp="$(PTXDIST_VERSION_YEAR)-$(PTXDIST_VERSION_MONTH)-01T00:00+0000" \
> + --without-capabilities
Hmm, I looked at what the capabilities stuff is for. It is used for 'secure
memory'. I'm not an expert here, but I guess it will set up some memory
that cannot be swapped out etc. It only needs libcap and that's a rather
small library, so I think this should be enabled. What do you think?
Looks good otherwise. No need to send a new patch. I'll make the change if
necessary.
Michael
>
> # ----------------------------------------------------------------------------
> # Target-Install
> --
> 2.11.0
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ptxdist] [PATCH v2] libgcrypt: update 1.7.3 -> 1.7.5
2017-01-10 15:09 ` Michael Olbrich
@ 2017-01-10 15:38 ` Clemens Gruber
0 siblings, 0 replies; 3+ messages in thread
From: Clemens Gruber @ 2017-01-10 15:38 UTC (permalink / raw)
To: ptxdist
Hi Michael,
On Tue, Jan 10, 2017 at 04:09:21PM +0100, Michael Olbrich wrote:
> Hmm, I looked at what the capabilities stuff is for. It is used for 'secure
> memory'. I'm not an expert here, but I guess it will set up some memory
> that cannot be swapped out etc. It only needs libcap and that's a rather
> small library, so I think this should be enabled. What do you think?
Yeah, why not. libcap does not hurt.
I first thought it would use secmem even without capabilities but before
the setuid privileges are dropped, secmem is disabled. So it seems
necessary.
We should probably also update libcap to 2.25. There they dropped the
dependency to libattr.
>
> Looks good otherwise. No need to send a new patch. I'll make the change if
> necessary.
Great, thanks.
Clemens
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-10 15:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-09 18:07 [ptxdist] [PATCH v2] libgcrypt: update 1.7.3 -> 1.7.5 Clemens Gruber
2017-01-10 15:09 ` Michael Olbrich
2017-01-10 15:38 ` Clemens Gruber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox