| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Distributed under the terms of the GNU General Public License v2 |
| |
| EAPI=7 |
| |
| CROS_WORKON_COMMIT=("6f9011123f3656c45bb34148673aa110a22326b3" "49dfc58d6c4c66f5d0b0d06f0161da4e602a1293") |
| CROS_WORKON_TREE=("791c6808b4f4f5f1c484108d66ff958d65f8f1e3" "cd360f89c2a9c43343acba09894918cb5ef94620" "e7dba8c91c1f3257c34d4a7ffff0ea2537aeb6bb" "6dbc19849752c206e135ab59349ebb1cc62bb435") |
| inherit cros-constants |
| |
| CROS_WORKON_INCREMENTAL_BUILD="1" |
| CROS_WORKON_PROJECT=("chromiumos/platform2" "platform/system/keymaster") |
| CROS_WORKON_REPO=( |
| "${CROS_GIT_HOST_URL}" |
| "${CROS_GIT_AOSP_URL}" |
| ) |
| CROS_WORKON_EGIT_BRANCH=("master" "pie-release") |
| CROS_WORKON_LOCALNAME=("platform2" "aosp/system/keymaster") |
| CROS_WORKON_DESTDIR=("${S}/platform2" "${S}/aosp/system/keymaster") |
| CROS_WORKON_SUBTREE=("common-mk arc/keymaster .gn" "") |
| |
| PLATFORM_SUBDIR="arc/keymaster" |
| |
| # This BoringSSL integration follows go/boringssl-cros. |
| # DO NOT COPY TO OTHER PACKAGES WITHOUT CONSULTING SECURITY TEAM. |
| BORINGSSL_PN="boringssl" |
| BORINGSSL_PV="430a7423039682e4bbc7b522e3b57b2c8dca5e3b" |
| BORINGSSL_P="${BORINGSSL_PN}-${BORINGSSL_PV}" |
| BORINGSSL_OUTDIR="${WORKDIR}/boringssl_outputs/" |
| |
| CMAKE_USE_DIR="${WORKDIR}/${BORINGSSL_P}" |
| BUILD_DIR="${WORKDIR}/${BORINGSSL_P}_build" |
| |
| inherit flag-o-matic cmake-utils cros-workon platform user |
| |
| DESCRIPTION="Android keymaster service in Chrome OS." |
| HOMEPAGE="https://chromium.googlesource.com/chromiumos/platform2/+/master/arc/keymaster" |
| SRC_URI="https://github.com/google/${BORINGSSL_PN}/archive/${BORINGSSL_PV}.tar.gz -> ${BORINGSSL_P}.tar.gz" |
| |
| LICENSE="BSD-Google" |
| KEYWORDS="*" |
| IUSE="+seccomp" |
| |
| RDEPEND=" |
| chromeos-base/chaps:= |
| chromeos-base/cryptohome:= |
| chromeos-base/minijail:= |
| dev-libs/protobuf:= |
| " |
| |
| DEPEND=" |
| ${RDEPEND} |
| chromeos-base/session_manager-client:= |
| chromeos-base/system_api:= |
| " |
| |
| HEADER_TAINT="#ifdef CHROMEOS_OPENSSL_IS_OPENSSL |
| #error \"Do not mix OpenSSL and BoringSSL headers.\" |
| #endif |
| #define CHROMEOS_OPENSSL_IS_BORINGSSL\n" |
| |
| src_unpack() { |
| platform_src_unpack |
| unpack "${BORINGSSL_P}.tar.gz" |
| # Taint BoringSSL headers so they don't silently mix with OpenSSL. |
| find "${BORINGSSL_P}/include/openssl" -type f -exec awk -i inplace -v \ |
| "taint=${HEADER_TAINT}" 'NR == 1 {print taint} {print}' {} \; |
| } |
| |
| src_prepare() { |
| cmake-utils_src_prepare |
| |
| # Expose libhardware headers from arc-toolchain-p. |
| local arc_arch="${ARCH}" |
| # arm needs to use arm64 directory, which provides combined arm/arm64 |
| # headers. |
| if [[ "${ARCH}" == "arm" ]]; then |
| arc_arch="arm64" |
| fi |
| mkdir -p "${WORKDIR}/libhardware/include" || die |
| cp -rfp "/opt/android-p/${arc_arch}/usr/include/hardware" "${WORKDIR}/libhardware/include" || die |
| append-cxxflags "-I${WORKDIR}/libhardware/include" |
| |
| # Expose BoringSSL headers and outputs. |
| append-cxxflags "-I${WORKDIR}/${BORINGSSL_P}/include" |
| append-ldflags "-L${BORINGSSL_OUTDIR}" |
| # Verify upstream hasn't changed relevant context code. |
| cd "${WORKDIR}/${P}/aosp/system/keymaster" || die |
| eapply --dry-run "${FILESDIR}/keymaster-context-hooks.patch" |
| # Fix C++17 compilation. Can be removed once we update to newer version of |
| # keymaster that contains https://r.android.com/1412947. |
| cd "${WORKDIR}/${P}/aosp/system/keymaster" || die |
| eapply "${FILESDIR}/0001-keymaster-fix-C-17-compilation.patch" |
| # Make P Keymaster compatible with latest BoringSSL. |
| eapply "${FILESDIR}/keymaster-boringssl-update.patch" |
| } |
| |
| src_configure() { |
| local mycmakeargs=( |
| "-DCMAKE_BUILD_TYPE=Release" |
| "-DCMAKE_SYSTEM_PROCESSOR=${CHOST%%-*}" |
| "-DBUILD_SHARED_LIBS=OFF" |
| ) |
| cmake-utils_src_configure |
| platform_src_configure |
| } |
| |
| src_compile() { |
| # Compile BoringSSL and expose libcrypto.a. |
| cmake-utils_src_compile |
| mkdir -p "${BORINGSSL_OUTDIR}" || die |
| cp -p "${BUILD_DIR}/crypto/libcrypto.a" "${BORINGSSL_OUTDIR}/libboringcrypto.a" || die |
| |
| platform_src_compile |
| } |
| |
| src_install() { |
| insinto /etc/init |
| doins init/arc-keymasterd.conf |
| |
| # Install DBUS configuration file. |
| insinto /etc/dbus-1/system.d |
| doins dbus_permissions/org.chromium.ArcKeymaster.conf |
| |
| # Install seccomp policy file. |
| insinto /usr/share/policy |
| use seccomp && newins \ |
| "seccomp/arc-keymasterd-seccomp-${ARCH}.policy" \ |
| arc-keymasterd-seccomp.policy |
| |
| # Install shared libs and binary. |
| dolib.so "${OUT}/lib/libarckeymaster_context.so" |
| dolib.so "${OUT}/lib/libkeymaster.so" |
| dosbin "${OUT}/arc-keymasterd" |
| |
| platform_fuzzer_install "${S}"/OWNERS "${OUT}"/arc_keymasterd_fuzzer |
| } |
| |
| pkg_preinst() { |
| enewuser "arc-keymasterd" |
| enewgroup "arc-keymasterd" |
| } |
| |
| platform_pkg_test() { |
| platform_test "run" "${OUT}/arc-keymasterd_testrunner" |
| } |