-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fscryptctl: add new package #25716
fscryptctl: add new package #25716
Conversation
Fscryptctl is mainly intended for embedded systems which can't use the full-featured fscrypt tool, or for testing or experimenting with the kernel interface to Linux filesystem encryption. This could be a better option vs fscrypt when use cases are on embedded devices since it is more light-weight. Upstream url: https://github.com/google/fscrypt/blob/master/README.md Build system: x86/64 Build-tested: bcm27xx/bcm2712 Run-tested: bcm27xx/bcm2712 Signed-off-by: John Audia <[email protected]>
I will test and review tomorrow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments already. I will try to test tomorrow
PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)? | ||
PKG_HASH:=192e25733006b05592fd87038a3a51a014db22f462ce0b24d47c30e66d03ea2c | ||
|
||
PKG_LICENSE:=Apache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apache-2.0
. See https://spdx.org/licenses/
|
||
PKG_LICENSE:=Apache | ||
PKG_LICENSE_FILES:=LICENSE | ||
PKG_CPE_ID:=cpe:/a:google:fscryptctl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where did you get this CPE Id from? I cannot find it at https://nvd.nist.gov/products/cpe/search
PKG_RELEASE:=1 | ||
|
||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz | ||
PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the trailing ?
intentional? If so, what is it for?
CATEGORY:=Utilities | ||
SUBMENU:=Encryption | ||
TITLE:=A tool that handles keys and manages policies for Linux filesystem encryption | ||
URL:='https://github.com/google/fscryptctl' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove single quotes
MAKE_FLAGS += \ | ||
CFLAGS="$(TARGET_CFLAGS)" \ | ||
LDFLAGS="$(TARGET_LDFLAGS)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you elaborate why this is needed? What is going wrong when you remove this line? I would expect CFLAGS und LDFLAGS to be already set to TARGET_CFLAGS and TARGET_LDFLAGS by MAKE_VARS
-all:fscryptctl fscryptctl.1 | ||
+all:fscryptctl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you do not need to keep maintaining this patch if you set MAKE_FLAGS := fscryptctl
in the Makefile instead.
@@ -0,0 +1,51 @@ | |||
include $(TOPDIR)/rules.mk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this Makefile need a license, similar to other package Makefiles in this repo? (SPDX line)
PKG_RELEASE:=1 | ||
|
||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz | ||
PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with #25706 (comment), better not use the variable in the URL
I have tested this and it works on ramips / mt7621. It requires kernel CONFIG_FS_ENCRYPTION to be enabled and the corresponding kmod-crypto-* algorithm modules to be enabled. See my comment in the other PR about the dependencies #25706 (comment)
|
Fscryptctl is mainly intended for embedded systems which can't use the full-featured fscrypt tool, or for testing or experimenting with the kernel interface to Linux filesystem encryption.
This could be a better option vs fscrypt when use cases are on embedded devices since it is more light-weight.
Upstream url: https://github.com/google/fscrypt/blob/master/README.md
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Maintainer: me