diff --git a/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch new file mode 100644 index 0000000000..f05497bd1a --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch @@ -0,0 +1,40 @@ +From 5a3c770b24a40a4e32154f25fdba3b685b0221d2 Mon Sep 17 00:00:00 2001 +From: Ayoub Zaki +Date: Thu, 19 Mar 2026 09:29:10 +0100 +Subject: [PATCH] fix: strip absolute build paths from DWARF debug info for + reproducible builds + +Upstream-Status: Backport [https://github.com/smuellerDD/leancrypto/commit/6561beeadf7376cc0815d937ee8d231a3bbbcba8] +Signed-off-by: Stephan Mueller +Signed-off-by: Ayoub Zaki +--- + meson.build | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/meson.build b/meson.build +index 03616319..ba9bbcbd 100644 +--- a/meson.build ++++ b/meson.build +@@ -121,6 +121,19 @@ endif + if get_option('dilithium_debug').enabled() + add_global_arguments([ '-DLC_DILITHIUM_DEBUG' ], language: 'c') + endif ++ ++# Strip build directory paths from debug info to avoid buildpaths warnings ++# in debug packages ++if cc.has_argument('-ffile-prefix-map=/dev/null=/dev/null') ++ add_global_arguments([ ++ '-ffile-prefix-map=' + meson.project_source_root() + '/=', ++ '-ffile-prefix-map=' + meson.project_build_root() + '/=', ++ ], language: 'c') ++ add_project_link_arguments([ ++ '-ffile-prefix-map=' + meson.project_source_root() + '/=', ++ '-ffile-prefix-map=' + meson.project_build_root() + '/=', ++ ], language : 'c') ++endif + if get_option('kyber_debug').enabled() + add_global_arguments([ '-DLC_KYBER_DEBUG' ], language: 'c') + endif +-- +2.43.0 + diff --git a/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh new file mode 100644 index 0000000000..5db9c4dc8b --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh @@ -0,0 +1,57 @@ +#!/bin/sh +# SPDX-License-Identifier: MIT +# +# leancrypto test runner +# Runs all leancrypto test binaries and reports pass/fail summary +# + +TESTDIR="/usr/libexec/leancrypto/tests" +GREEN='\033[0;32m' +RED='\033[0;31m' +YELLOW='\033[0;33m' +NC='\033[0m' +PASS=0 +FAIL=0 +SKIP=0 +FAILED="" + +if [ ! -d "$TESTDIR" ]; then + echo "ERROR: Test directory $TESTDIR not found" + exit 1 +fi + +count=$(find "$TESTDIR" -maxdepth 1 -type f -executable | wc -l) +if [ "$count" -eq 0 ]; then + echo "ERROR: No test binaries found in $TESTDIR" + exit 1 +fi + +echo "Running $count leancrypto tests..." +echo "" + +for t in "$TESTDIR"/*; do + [ -x "$t" ] || continue + name=$(basename "$t") + printf "%-60s " "$name" + "$t" > /dev/null 2>&1 + rc=$? + if [ "$rc" -eq 0 ]; then + printf "${GREEN}PASS${NC}\n" + PASS=$((PASS + 1)) + elif [ "$rc" -eq 77 ]; then + printf "${YELLOW}SKIP${NC}\n" + SKIP=$((SKIP + 1)) + else + printf "${RED}FAIL${NC}\n" + FAIL=$((FAIL + 1)) + FAILED="$FAILED $name" + fi +done + +echo "" +echo "Results: $PASS passed, $FAIL failed, $SKIP skipped, $((PASS + FAIL + SKIP)) total" + +if [ "$FAIL" -gt 0 ]; then + echo "Failed tests:$FAILED" + exit 1 +fi diff --git a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb new file mode 100644 index 0000000000..b46e6c26f5 --- /dev/null +++ b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb @@ -0,0 +1,56 @@ +SUMMARY = "Lean cryptographic library with PQC-resistant algorithms" +DESCRIPTION = "leancrypto is a cryptographic library that exclusively contains \ +PQC-resistant cryptographic algorithms. It is lean, has minimal dependencies, \ +supports stack-only operation and provides optimized implementations for \ +ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more" +HOMEPAGE = "https://leancrypto.org" +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM = " \ + file://LICENSE;md5=7e96f38306550c165071e7cab7b6b824 \ + file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \ + file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \ + " +SECTION = "libs" +SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https \ + file://0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch \ + file://leancrypto-tests.sh \ + " +# SRCREV tagged v1.6.0 +SRCREV = "38215249fbe3951d1992b12447fca3c0c5e7e245" + +inherit pkgconfig meson + +EXTRA_OEMESON = "-Dstrip=false" + +PACKAGECONFIG ??= "secure-exec apps tests" +PACKAGECONFIG[apps] = "-Dapps=enabled,-Dapps=disabled" +PACKAGECONFIG[small-stack] = "-Dsmall_stack=enabled,-Dsmall_stack=disabled" +PACKAGECONFIG[no-asm] = "-Ddisable-asm=true,-Ddisable-asm=false" +PACKAGECONFIG[efi] = "-Defi=enabled,-Defi=disabled" +PACKAGECONFIG[secure-exec] = "-Dsecure_execution=enabled,-Dsecure_execution=disabled" +PACKAGECONFIG[tests] = "-Dtests=enabled,-Dtests=disabled" + +do_install:append () { + if ${@bb.utils.contains('PACKAGECONFIG', 'tests', 'true', 'false', d)}; then + install -d ${D}${libexecdir}/leancrypto/tests + for t in $(find ${B} -maxdepth 3 -type f -executable \( -name '*_tester*' -o -name '*_test' \)); do + basename=$(basename "$t") + install -m 0755 "$t" ${D}${libexecdir}/leancrypto/tests/leancrypto_${basename} + done + install -d ${D}${bindir} + install -m 0755 ${UNPACKDIR}/leancrypto-tests.sh ${D}${bindir}/leancrypto-tests + fi +} + +PACKAGES =+ "${PN}-tests ${PN}-apps" + +RDEPENDS:${PN}-apps += "${PN}" +FILES:${PN}-apps = "${bindir}/lc_* \ + ${libexecdir}/leancrypto \ + " +RDEPENDS:${PN}-tests += "${PN}" +FILES:${PN}-tests = "${bindir}/leancrypto-tests \ + ${libexecdir}/leancrypto/tests \ + " + +BBCLASSEXTEND = "native nativesdk"