diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2021-08-18 12:45:39 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-08-18 12:45:39 +0900 |
commit | 3c89aad4a0d7f836fd747d4e2f0edfbf648ae318 (patch) | |
tree | 8ddd721ff5917a0777b31b53b916f12ee0892816 /src/Makefile.am | |
parent | 07c21dd7d134e6403c9ee4e09250ec577c9b2867 (diff) | |
download | libgcrypt-3c89aad4a0d7f836fd747d4e2f0edfbf648ae318.tar.gz |
build: Generate hash for integrity check with hmac256.
* configure.ac [ENABLE_HMAC_BINARY_CHECK]: Check objcopy.
(USE_HMAC_BINARY_CHECK): New Automake conditional.
* src/Makefile.am (libgcrypt.la.done): New target.
[USE_HMAC_BINARY_CHECK] (libgcrypt.so.hmac): Compute the hash.
[USE_HMAC_BINARY_CHECK] (libgcrypt.la.done): Add .hmac section.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src/Makefile.am')
-rw-r--r-- | src/Makefile.am | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 31aa6660..0ac58ac4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -135,6 +135,7 @@ dumpsexp_LDADD = $(arch_gpg_error_libs) mpicalc_SOURCES = mpicalc.c mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS) mpicalc_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) +EXTRA_mpicalc_DEPENDENCIES = libgcrypt.la.done hmac256_SOURCES = hmac256.c hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags) @@ -148,15 +149,24 @@ gcryptrnd_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) $(PTH_LIBS) getrandom_SOURCES = getrandom.c endif USE_RANDOM_DAEMON +CLEANFILES = libgcrypt.la.done +if USE_HMAC_BINARY_CHECK +CLEANFILES += libgcrypt.so.hmac + +libgcrypt.la.done: libgcrypt.so.hmac + $(OBJCOPY) --add-section .hmac=libgcrypt.so.hmac \ + --set-section-flags .hmac=noload,readonly .libs/libgcrypt.so \ + .libs/libgcrypt.so.new + mv -f .libs/libgcrypt.so.new .libs/libgcrypt.so.*.* + @touch libgcrypt.la.done + +libgcrypt.so.hmac: hmac256 libgcrypt.la + ./hmac256 --stdkey --binary < .libs/libgcrypt.so > $@ +else !USE_HMAC_BINARY_CHECK +libgcrypt.la.done: libgcrypt.la + @touch libgcrypt.la.done +endif !USE_HMAC_BINARY_CHECK install-data-local: install-def-file uninstall-local: uninstall-def-file - -# FIXME: We need to figure out how to get the actual name (parsing -# libgcrypt.la?) and how to create the hmac file already at link time -# so that it can be used without installing libgcrypt first. -#install-exec-hook: -# ./hmac256 "What am I, a doctor or a moonshuttle conductor?" \ -# < $(DESTDIR)$(libdir)/libgcrypt.so.11.5.0 \ -# > $(DESTDIR)$(libdir)/.libgcrypt.so.11.5.0.hmac |