gnu: u-boot: Update to 2024.10.

* gnu/packages/bootloaders.scm (u-boot): Update to 2024.10. [source]: Remove build-without-libcrypto patch. Use git-fetch. (%u-boot-build-without-libcrypto-patch): Remove variable. (u-boot-tools)[arguments]: Enable test_spl. Disable sandbox tests and kwbimage. (python-u-boot-pylib)[arguments]: Add phase to fix build file. (make-u-boot-package)[arguments]: Disable kwbimage. (u-boot-sandbox): Only keep CONFIG_FIT_CIPHER disabled. [inputs]: Add efitools. (u-boot-rockpro64-rk3399): Replace CONFIG_DM_SCSI with CONFIG_SCSI. * gnu/packages/patches/u-boot-build-without-libcrypto.patch: Delete. * gnu/local.mk (dist_patch_DATA): Remove patch. Change-Id: I07cb0df0431ed45af0beb05105ae948136dd9eb3 Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
2026-01-25 12:05:19 -06:00 · 2024-12-13 20:58:30 +01:00 · 2024-12-13 20:58:30 +01:00 · ef50749aed
commit ef50749aed
parent 8a016fa056
3 changed files with 32 additions and 158 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -2274,7 +2274,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/tuxpaint-stamps-path.patch		\
  %D%/packages/patches/twinkle-bcg729.patch			\
  %D%/packages/patches/u-boot-allow-disabling-openssl.patch	\
-  %D%/packages/patches/u-boot-build-without-libcrypto.patch	\
  %D%/packages/patches/u-boot-nintendo-nes-serial.patch		\
  %D%/packages/patches/u-boot-rockchip-inno-usb.patch		\
  %D%/packages/patches/ucx-tcp-iface-ioctl.patch		\
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@ -54,6 +54,7 @@
  #:use-module (gnu packages gcc)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages guile)
+  #:use-module (gnu packages efi)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages llvm)
  #:use-module (gnu packages man)
@ -755,26 +756,22 @@ tree binary files.  These are board description files used by Linux and BSD.")
  ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html
  (search-patch "u-boot-allow-disabling-openssl.patch"))

-(define %u-boot-build-without-libcrypto-patch
-  ;; Upstream commit to fix Amlogic builds in u-boot 2024.01.
-  (search-patch "u-boot-build-without-libcrypto.patch"))
-
 (define u-boot
  (package
    (name "u-boot")
-    (version "2024.01")
+    (version "2024.10")
    (source (origin
              (patches
               (list %u-boot-rockchip-inno-usb-patch
-                     %u-boot-build-without-libcrypto-patch
                     %u-boot-allow-disabling-openssl-patch))
-              (method url-fetch)
-              (uri (string-append
-                    "https://ftp.denx.de/pub/u-boot/"
-                    "u-boot-" version ".tar.bz2"))
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://source.denx.de/u-boot/u-boot.git")
+                     (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
              (sha256
               (base32
-                "1czmpszalc6b8cj9j7q6cxcy19lnijv3916w3dag6yr3xpqi35mr"))))
+                "0yrhb0izihv47p781dc4cp0znc5g225ayl7anz23c6jdrmfbpz2h"))))
    (build-system gnu-build-system)
    (native-inputs
     (list bison
@ -873,9 +870,11 @@ Info manual.")))
               (("\\./tools/patman/patman") (which "true"))
               ;; FIXME: test fails, needs further investiation
               (("run_test \"binman\"") "# run_test \"binman\"")
-               ;; FIXME: test_spl fails, needs further investiation
-               (("test_ofplatdata or test_handoff or test_spl")
-                "test_ofplatdata or test_handoff")
+               ;; FIXME: tests fail without kwbimage, i.e. openssl.
+               (("run_test \"sandbox_noinst\"")
+                "# run_test \"sandbox_noinst\"")
+               (("run_test \"sandbox_vpl\"")
+                "# run_test \"sandbox_vpl\"")
               ;; FIXME: code coverage not working
               (("run_test \"binman code coverage\"")
                "# run_test \"binman code coverage\"")
@ -898,14 +897,16 @@ def test_ctrl_c"))
                           (("CONFIG_FIT_SIGNATURE=y")
                            "CONFIG_FIT_SIGNATURE=n
 CONFIG_UT_LIB_ASN1=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
                           ;; Catch instances of implied CONFIG_FIG_SIGNATURE
                           ;; with VPL targets
                           (("CONFIG_SANDBOX_VPL=y")
                            "CONFIG_SANDBOX_VPL=y
 CONFIG_FIT_SIGNATURE=n
 CONFIG_VPL_FIT_SIGNATURE=n
-CONFIG_TOOLS_LIBCRYPTO=n")
+CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n")
                           ;; This test requires a sound system, which is un-used
                           ;; in u-boot-tools.
                           (("CONFIG_SOUND=y") "CONFIG_SOUND=n")))
@ -971,6 +972,13 @@ CONFIG_TOOLS_LIBCRYPTO=n")
          (add-after 'unpack 'chdir
            (lambda _
              (chdir "tools/u_boot_pylib")))
+          (add-after 'chdir 'list-package
+            (lambda _
+              (let ((port (open-file "pyproject.toml" "a")))
+                (display "[tool.setuptools.packages.find]\n" port)
+                (display "where = [\"..\"]\n" port)
+                (display "include = [\"u_boot_pylib*\"]" port)
+                (close-port port))))
          (replace 'check
            (lambda* (#:key tests? #:allow-other-keys)
              (when tests?
@ -1117,7 +1125,8 @@ U-Boot must be used."
                (lambda _
                  (substitute* ".config"
                    (("CONFIG_TOOLS_LIBCRYPTO=.*$")
-                     "CONFIG_TOOLS_LIBCRYPTO=n"))))
+                     "CONFIG_TOOLS_LIBCRYPTO=n
+CONFIG_TOOLS_KWBIMAGE=n"))))
              (replace 'install
                (lambda _
                  (let ((libexec (string-append #$output "/libexec"))
@ -1325,21 +1334,10 @@ partition."))
 (define-public u-boot-sandbox
  (let ((base (make-u-boot-package
               "sandbox" #f             ;build for the native system
-               ;; Disable CONFIG_TOOLS_LIBCRYPTO, CONFIG_FIT_SIGNATURE and
-               ;; CONFIG_FIT_CIPHER and their selectors as these features
-               ;; require OpenSSL, which is incompatible with the GPLv2-only
-               ;; parts of U-boot.  The options below replicate the changes
-               ;; that disabling the above features in 'make menuconfig' then
-               ;; refreshing the defconfig with 'make savedefconfig' would do.
-               #:configs (list "# CONFIG_FIT_RSASSA_PSS is not set"
-                               "# CONFIG_FIT_CIPHER is not set"
-                               "# CONFIG_LEGACY_IMAGE_FORMAT is not set"
-                               "# CONFIG_IMAGE_PRE_LOAD is not set"
-                               "# CONFIG_IMAGE_PRE_LOAD_SIG is not set"
-                               "# CONFIG_CMD_BOOTM_PRE_LOAD is not set"
-                               "CONFIG_RSA=y"
-                               "# CONFIG_EFI_SECURE_BOOT is not set"
-                               "# CONFIG_TOOLS_LIBCRYPTO is not set")
+               ;; These disabled features require OpenSSL, which is
+               ;; incompatible with the GPLv2-only parts of U-boot.
+               #:configs (map (cut string-append "# CONFIG_" <> " is not set")
+                              '("FIT_CIPHER"))
               #:append-description
               "The sandbox configuration of U-Boot provides a
@command{u-boot} command that runs as a normal user space application.  It can
@ -1359,8 +1357,9 @@ Documentation} for more information (for example by running @samp{info
                  (mkdir (string-append #$output "/bin"))
                  (symlink (search-input-file outputs "libexec/u-boot")
                           (string-append #$output "/bin/u-boot"))))))))
+      ;; cert-to-efi-sig-list from efitools creates the EFI capsule ESL.
      (inputs (modify-inputs (package-inputs base)
-                (append sdl2))))))
+                (append efitools sdl2))))))

 (define-public u-boot-sifive-unleashed
  (let ((base (make-u-boot-package "sifive_unleashed" "riscv64-linux-gnu")))
@ -1460,7 +1459,6 @@ Documentation} for more information (for example by running @samp{info
                                               "CONFIG_SATA_SIL=y"
                                               "CONFIG_SCSI=y"
                                               "CONFIG_SCSI_AHCI=y"
-                                               "CONFIG_DM_SCSI=y"
                                               ;; Disable SPL FIT signatures,
                                               ;; due to GPLv2 and Openssl
                                               ;; license incompatibilities
--- a/gnu/packages/patches/u-boot-build-without-libcrypto.patch
+++ b/gnu/packages/patches/u-boot-build-without-libcrypto.patch
@ -1,123 +0,0 @@
-From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001
-From: Paul-Erwan Rio <paulerwan.rio@gmail.com>
-Date: Thu, 21 Dec 2023 08:26:11 +0100
-Subject: [PATCH] tools: fix build without LIBCRYPTO support
-
-Commit cb9faa6f98ae ("tools: Use a single target-independent config to
-enable OpenSSL") introduced a target-independent configuration to build
-crypto features in host tools.
-
-But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
-host tools and SPL") the build without OpenSSL is broken, due to FIT
-signature/encryption features. Add missing conditional compilation
-tokens to fix this.
-
-Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
-Tested-by: Alexander Dahl <ada@thorsis.com>
-Cc: Simon Glass <sjg@chromium.org>
-Reviewed-by: Tom Rini <trini@konsulko.com>
-Reviewed-by: Simon Glass <sjg@chromium.org>
---
- include/image.h    | 2 +-
- tools/Kconfig      | 1 +
- tools/fit_image.c  | 2 +-
- tools/image-host.c | 4 ++++
- tools/mkimage.c    | 5 +++--
- 5 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/include/image.h b/include/image.h
-index 432ec927b1..21de70f0c9 100644
--- a/include/image.h
-+++ b/include/image.h
-@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
-  * device
-  */
- #if defined(USE_HOSTCC)
-# if defined(CONFIG_FIT_SIGNATURE)
-+# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- #  define IMAGE_ENABLE_SIGN	1
- #  define FIT_IMAGE_ENABLE_VERIFY	1
- #  include <openssl/evp.h>
-diff --git a/tools/Kconfig b/tools/Kconfig
-index f8632cd59d..f01ed783e6 100644
--- a/tools/Kconfig
-+++ b/tools/Kconfig
-@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS
- 	  Support the rsassa-pss signature scheme in the tools builds
- 
- config TOOLS_FIT_SIGNATURE
-+	depends on TOOLS_LIBCRYPTO
- 	def_bool y
- 	help
- 	  Enable signature verification of FIT uImages in the tools builds
-diff --git a/tools/fit_image.c b/tools/fit_image.c
-index 71e031c855..beef1fa86e 100644
--- a/tools/fit_image.c
-+++ b/tools/fit_image.c
-@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
- 		ret = fit_set_timestamp(ptr, 0, time);
- 	}
- 
-	if (!ret)
-+	if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
- 		ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
- 
- 	if (!ret) {
-diff --git a/tools/image-host.c b/tools/image-host.c
-index ca4950312f..90bc9f905f 100644
--- a/tools/image-host.c
-+++ b/tools/image-host.c
-@@ -14,8 +14,10 @@
- #include <image.h>
- #include <version.h>
- 
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- #include <openssl/pem.h>
- #include <openssl/evp.h>
-+#endif
- 
- /**
-  * fit_set_hash_value - set hash value in requested has node
-@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir,
- 	return 0;
- }
- 
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- /*
-  * 0) open file (open)
-  * 1) read certificate (PEM_read_X509)
-@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
-  out:
- 	return ret;
- }
-+#endif
- 
- int fit_cipher_data(const char *keydir, void *keydest, void *fit,
- 		    const char *comment, int require_keys,
-diff --git a/tools/mkimage.c b/tools/mkimage.c
-index 6dfe3e1d42..ac62ebbde9 100644
--- a/tools/mkimage.c
-+++ b/tools/mkimage.c
-@@ -115,7 +115,7 @@ static void usage(const char *msg)
- 		"          -B => align size in hex for FIT structure and header\n"
- 		"          -b => append the device tree binary to the FIT\n"
- 		"          -t => update the timestamp in the FIT\n");
-#ifdef CONFIG_FIT_SIGNATURE
-+#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
- 	fprintf(stderr,
- 		"Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
- 		"          -k => set directory containing private keys\n"
-@@ -130,8 +130,9 @@ static void usage(const char *msg)
- 		"          -o => algorithm to use for signing\n");
- #else
- 	fprintf(stderr,
-		"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
-+		"Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n");
- #endif
-+
- 	fprintf(stderr, "       %s -V ==> print version information and exit\n",
- 		params.cmdname);
- 	fprintf(stderr, "Use '-T list' to see a list of available image types\n");
-- 
-2.41.0
-