From: Tomas Mraz Date: Tue, 11 May 2021 14:07:35 +0000 (+0200) Subject: Compute the FIPS checksums in $(BLDDIR) and remove it from update target X-Git-Tag: openssl-3.0.0-alpha17~146 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3b1e3488cc194b0145b61dbe65b7b0b49a1abc4;p=thirdparty%2Fopenssl.git Compute the FIPS checksums in $(BLDDIR) and remove it from update target Add also update-fips-checksums to update the checksums in the $(SRCDIR) if the $(SRCDIR) and $(BLDDIR) is different. The fips-checksums and generate_fips_sources targets are always produced (regardless of enable-fips) as nothing else depends on them and they are developer targets. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15229) --- diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index c2a0de3a973..f4805e87136 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1055,9 +1055,6 @@ uninstall_html_docs: # It's important that generate_buildinfo comes after ordinals, as ordinals # is sensitive to build.info changes. update: generate errors ordinals generate_buildinfo -{- output_off() if $disabled{fips}; "" -} -update: fips-checksums -{- output_on() if $disabled{fips}; "" -} generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids @@ -1140,9 +1137,8 @@ generate_doc_buildinfo: mv $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info; \ fi ) -{- output_off() if $disabled{fips}; "" -} -generate_fips_sources: $(SRCDIR)/providers/fips.module.sources -$(SRCDIR)/providers/fips.module.sources: \ +generate_fips_sources: providers/fips.module.sources +providers/fips.module.sources: \ $(SRCDIR)/Configure \ {- join(" \\\n" . ' ' x 16, fill_lines(" ", $COLUMNS - 16, @@ -1171,9 +1167,8 @@ $(SRCDIR)/providers/fips.module.sources: \ crypto/sha/asm/*.pl; do \ echo "$$x"; \ done \ - ) | sort | uniq > $(SRCDIR)/providers/fips.module.sources + ) | sort | uniq > providers/fips.module.sources rm -rf sources-tmp -{- output_on() if $disabled{fips}; "" -} # Set to -force to force a rebuild ERROR_REBUILD= @@ -1269,19 +1264,24 @@ tags TAGS: FORCE -ctags -R . -etags `find . -name '*.[ch]' -o -name '*.pm'` -{- output_off() if $disabled{fips}; "" -} fips-checksums: generate_fips_sources - if which unifdef > /dev/null; then \ - ( cd $(SRCDIR) \ - && cat providers/fips.module.sources \ - | xargs ./util/fips-checksums.sh \ - > providers/fips-sources.checksums \ - && sha256sum providers/fips-sources.checksums \ - > providers/fips.checksum ); \ - else \ - echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \ - fi -{- output_on() if $disabled{fips}; "" -} + @which unifdef > /dev/null || \ + ( echo >&2 "ERROR: unifdef not in your \$$PATH, FIPS checksums not calculated"; \ + false ) + ( sources=`pwd`/providers/fips.module.sources; \ + cd $(SRCDIR) \ + && cat $$sources \ + | xargs ./util/fips-checksums.sh ) \ + > providers/fips-sources.checksums \ + && sha256sum providers/fips-sources.checksums \ + > providers/fips.checksum + +$(SRCDIR)/providers/fips.checksum: providers/fips.checksum + cp -p providers/fips.module.sources \ + providers/fips-sources.checksums \ + providers/fips.checksum $(SRCDIR)/providers + +update-fips-checksums: $(SRCDIR)/providers/fips.checksum # Release targets (note: only available on Unix) #####################