I am working on an android project that requires the cryptographic libraries that are present in the application to be FIPS certified. To my knowledge there are no FIPS validated JAVA security libraries. Boucy Castle is good but its not validated. After reading some forum posts, I found out that OpenSSL's FIPS module can be used with the help of NDK.
Right now I am trying to build the fips-openssl module for Android, to do that I have created a script for the environment variables for cross compiling.
I am using openssl-fips, and ndk-r8 for this project. I followed the fips guideline I found on google. I hope this gives a clear picture of what I am trying to do.
#! /bin/sh
export ANDROID_NDK="~/Android/android-ndk-r8"
export FIPS_SIG="${ANDROID_NDK}/incore"
export GCC_C1="/usr/lib/gcc/i686-pc-linux-gnu/4.7.0/"
export PATH=$PATH:"${ANDROID_NDK}/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin";
export MACHINE=armv71
export ARCH=arm.
export CROSS_COMPILE="arm-linux-androideabi-"
export SYSTEM=android
#export RELEASE=2.6.32.GMU
export ANDROID_DEV="$ANDROID_NDK/platforms/android-14/arch-arm/usr"
export HOSTCC=/usr/bin/gcc
when doing the make this is the error that i get.
arm-linux-androideabi-gcc: error trying to exec 'cc1': execvp: No such file or directory
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/home/abhiram/fips/openssl-fips-1.2.3/crypto'
make: *** [build_crypto] Error 1
When i do a "find", the cc1 executable is present in this specific directory.
find . -name cc1
./toolchains/mipsel-linux-android-4.4.3/prebuilt/linux-x86/libexec/gcc/mipsel-linux-android/4.4.3/cc1
./toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/libexec/gcc/arm-linux-androideabi/4.4.3/cc1
./toolchains/x86-4.4.3/prebuilt/linux-x86/libexec/gcc/i686-android-linux/4.4.3/cc1
Looks like the problem is in the export statement, there is a blank space where a dash should be in the PATH line. Change this:
export PATH=$PATH:"${ANDROID_NDK}/toolchains/arm-linux-androideabi 4.4.3/prebuilt/linux-x86/bin";
to this:
export PATH=$PATH:"${ANDROID_NDK}/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin";
Also, your find shows that the cc1 executable is not in the path, so add its location to the path export as well:
export PATH=$PATH:"${ANDROID_NDK}/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin":"${ANDROID_NDK}/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/libexec/gcc/arm-linux-androideabi/4.4.3/";
Right now I am trying to build the fips-openssl module for Android, to do that I have created a script for the environment variables for cross compiling.
OpenSSL provides a script for Android, if you are interested. You can find it on the OpenSSL wiki: FIPS Library and Android.
when doing the make this is the error that i get:
arm-linux-androideabi-gcc: error trying to exec 'cc1'
It looks like your PATH does not include the cross-compile toolchain.
How are you invoking the script? You need to include a leading dot (".") to ensure the changes are applied to the current shell (and not the sub-shell that executes the script (which simply exits)).
Here' the first step of OpenSSL's build procedures for Android located at FIPS Library and Android. Notice the leading dot:
$ . .setenv-android.sh
The results of running the script set a bunch of variables used by the OpenSSL build system:
$ . ./setenv-android.sh
ANDROID_NDK_ROOT: /opt/android-ndk-r9
ANDROID_EABI: arm-linux-androideabi-4.6
ANDROID_API: android-14
ANDROID_SYSROOT: /opt/android-ndk-r9/platforms/android-14/arch-arm
ANDROID_TOOLCHAIN: /opt/android-ndk-r9/toolchains/arm-linux-androideabi-4.6/prebuilt/darwin-x86_64/bin
FIPS_SIG:
CROSS_COMPILE: arm-linux-androideabi-
ANDROID_DEV: /opt/android-ndk-r9/platforms/android-14/arch-arm/usr
"${ANDROID_NDK}/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/libexec/gcc/arm-linux-androideabi/4.4.3/"
I don't believe this is needed.
export ANDROID_NDK="~/Android/android-ndk-r8"
According to the folks on the Android NDK user list, you should set both ANDROID_NDK_ROOT and ANDROID_SDK_ROOT. The various NDK and SDK tools use those environmental variables. I suppose the SDK value would be "~/Android/android-sdk" for your installation.
See Recommended NDK Directory? for details.
I also think you should be using ANDROID_SYSROOT. Its not used by the NDK or SDK tools; rather, its used by OpenSSL and passed as sysroot during compile.
Related
Hi Guys I am using this tutorial to build ghostscript-9.19 to be able to use in my android application to convert eps document to pdf. It fails while configure. Here are the logs
checking whether to enable maintainer-specific portions of Makefiles...
no
checking for gcc... arm-linux-androideabi-gcc --
sysroot=/<path>/android-ndk-
r11c/platforms/android-17/arch-arm/
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... configure: error: in
`/<path>/ghostscript-9.19/tiff-config':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: libtiff configure script failed
This is the build file I am running
#!/bin/sh
# Compiles ghostscript for Android
# Make sure you have NDK_ROOT defined in .bashrc or .bash_profile
INSTALL_DIR="`pwd`/app/jni/gs"
SRC_DIR="`pwd`/../ghostscript-9.19"
cd $SRC_DIR
export
PATH="/<path>/android-ndk-r11c/toolchains/arm-
linux-androideabi-4.9/prebuilt/darwin-x86_64/bin:$PATH"
export SYS_ROOT="/<path>/Android/android-ndk-
r11c/platforms/android-17/arch-arm/"
export CC="arm-linux-androideabi-gcc --sysroot=$SYS_ROOT"
export LD="arm-linux-androideabi-ld"
export AR="arm-linux-androideabi-ar"
export RANLIB="arm-linux-androideabi-ranlib"
export STRIP="arm-linux-androideabi-strip"
mkdir -p $INSTALL_DIR
./configure --host=arm-linux-androideabi --build=x86_64-apple-darwin
--prefix=$INSTALL_DIR LIBS="-lc -lgcc"
make PREFIX=$INSTALL_DIR
make install DESTDIR=$INSTALL_DIR
exit 0
I am using --host=arm-linux-androideabi. What host should i use? What do I need to change in ghostScript project to make compile in successfully?
Any help is highly appreciated.
Cross compiling Ghostscript is pretty involved, partly because the Ghostscript build relies on building and running interim tools (genarch, genconf, mkromfs and echogs) which, obviously, must be built with the native compiler, rather than the cross compiler.
I think the problem you are seeing is because the call to the libtiff configure doesn't pass on the required options.
You may be better served grabbing, and tweaking the two files (a makefile and a header) from this commit:
Makefile for Android MuPDF libgs.so
and tweaking it to match your requirements.
There is a basic guide of what to do for cross compiling at the bottom of this page:
Ghostscript FAQ
I have a "project" to improve support for cross compiling, but it is slow going at the moment.
We are attempting to add first class build support for Android to a C++ library. We want to supply a stock Android.mk, and disgorge it from dependencies like a jni subfolder in an Eclipse or Android Studio project directory. That is, we want to:
cd library-src
ndk-build <options>
In the above, library-src is not NDK_PROJECT_PATH. Rather, its the root folder for the library.
We visited the NDK's help (ndk-build -?), but it did not tell us how to remove the assumptions. We tried the following, but it produced an errors:
$ ndk-build -f Android.mk
Android NDK: Could not find application project directory !
Android NDK: Please define the NDK_PROJECT_PATH variable to point to it.
/opt/android-ndk-r10e/build/core/build-local.mk:143: *** Android NDK: Aborting
Stop.
Attempting to set NDK_PROJECT_PATH results in a similar error:
$ NDK_PROJECT_PATH=. ndk-build -f Android.mk
Android NDK: Your APP_BUILD_SCRIPT points to an unknown file: ./jni/Android.mk
/opt/android-ndk-r10e/.../add-application.mk:199: *** Android NDK: Aborting...
Stop.
And attempting to set APP_BUILD_SCRIPT results in a similar error:
$ NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=Android.mk ndk-build -f Android.mk
Android NDK: Your APP_BUILD_SCRIPT points to an unknown file: ./jni/Android.mk
/opt/android-ndk-r10e/.../add-application.mk:199: *** Android NDK: Aborting...
Stop.
How do we use ndk-build without the jni directory?
Its important that we remove the limitations/assumptions. If we can't remove them, then we can't automate building and testing. If we can't automate building and testing, then we can't add the support because our governance has some QA and testing gates that we won't be able to pass through. (I'm willing to tolerate a manual adb push to test on-device).
I must admit that I don't understand your limitations. Why adding file library-src/Android.mk is OK, but library-src/jni/Android.mk breaks your QA and testing gates. Furthermore, Android.mk is usually not enough to launch a build. Whether you want to choose the STL variation, or ABI, or toolchain, it is natural to define these settings in a different file, Application.mk, which also goes to the jni directory by convention. Add library-src/jni directory, and Android developers will thank you when their tools of trade get upgrades and they can stay with the standard configuration.
But Android build is a very flexible system, and you can achieve literally what you ask for.
The experiments that you made did not work because ndk-build is simply a thin wrapper around GNU make, and treats environment variables with low priority.
ndk-build APP_BUILD_SCRIPT=Android.mk NDK_PROJECT_PATH=.
will most likely simply work for you. If you need more control, you can use something like
ndk-build APP_BUILD_SCRIPT=Android.mk NDK_PROJECT_PATH=. APP_STL=gnustl_static APP_ABI=armeabi-v7a APP_PLATFORM=android-19 NDK_TOOLCHAIN_VERSION=4.9
You can control the output directories, too. See NDK_APP_OUT, NDK_APP_LIBS_OUT.
One last hint: if your global build process is based on make, you can invoke $(MAKE) directly instead of going through ndk-build. It is also OK if you require standalone toolchain to keep platform-independent make logic.
I'm trying to cross port a big autotools project to Android, but I'm having some issues with the NDK configuration (I guess). When I run the configure script, everything goes well until I reach a point where the C++ Standard Template Library support is checked. Then configure: error: C++ Standard Template Libary unsupported shows up.
Taking a closer look into the config.log I found
/home/user/android-ndk-r10e/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-g++ -c --sysroot=/home/user/android-ndk-r10e/platforms/android-21/arch-arm -Wall -O2 -DNDEBUG conftest.cpp >&5
conftest.cpp:30:16: fatal error: list: No such file or directory
#include <list>
These are the values for the environment variables
export ANDROID_NDK_ROOT=/home/user/android-ndk-r10e
export SYS_ROOT=/home/user/android-ndk-r10e/platforms/android-21/arch-arm
export ANDROID_EABI=arm-linux-androideabi-4.9
export ANDROID_TOOLCHAIN=${ANDROID_NDK_HOME}/toolchains/${ANDROID_EABI}/prebuilt/linux-x86_64
export CC="$ANDROID_TOOLCHAIN/bin/arm-linux-androideabi-gcc"
export CXX="$ANDROID_TOOLCHAIN/bin/arm-linux-androideabi-g++"
export CFLAGS="--sysroot=${SYS_ROOT}"
export LDFLAGS="--sysroot=${SYS_ROOT}"
export CXXFLAGS="--sysroot=${SYS_ROOT}"
I guess that I'm missing some includes or some libraries on the command (Although they should be in the sysroot folder).
Thanks for your help
According to http://developer.android.com/intl/es/ndk/guides/standalone_toolchain.html
The C++ Standard Template Library is not included in the pre-built toolchain. You need to install a standalone toolchain so a stl implementation is copied into the platform. See the Advanced Method section of the link above to solve it.
I am trying to import some third party module like pygoogle in my app when i run app in computer using kivy it works fine but when i make apk using buildozer it crashes every time then i find that i have to go in python-for-android and run this command to include module ./distribute.sh -m "pil ffmpeg kivy" but i still get error that
root#kali:~# cd ~/.buildozer/android/platform/python-for-android
root#kali:~/.buildozer/android/platform/python-for-android# ls
COPYING dist docs README.rst src
cythonizer.py distribute.sh LICENSE recipes tools
root#kali:~/.buildozer/android/platform/python-for-android# ./distribute.sh -m "pil ffmpeg kivy"
Check build dependencies for Kali
Avoid check build dependencies, unknow platform Kali
Check environment
No ANDROIDSDK environment set, abort
root#kali:~/.buildozer/android/platform/python-for-android#
I am using KAli Linux and please solve this someone ...it will be very helpfull to me
Try pasting the pygoogle folder in your app's directory, at the same level as main.py. Also, from the error, it looks like you need to set the ANDROIDSDK environment variable. See the docs.
I had a similar problem, and simply setting the ANDROIDSDK environment variable didn't sort it, but the following did.
Try the following and then run the ./distribute.sh -m "pil ffmpeg kivy" command from the same terminal(as the environment vars will only have been set for that terminal and any child processes), or alternatively, add these lines to your ~/.bashrc file for them to be permanent:
export ANDROIDSDK=/path/to/android-sdk
export ANDROIDNDK=/path/to/android-ndk
export ANDROIDNDKVER=rX
export ANDROIDAPI=X
# example
export ANDROIDSDK="/home/tito/code/android/android-sdk-linux_86"
export ANDROIDNDK="/home/tito/code/android/android-ndk-r7"
export ANDROIDNDKVER=r7
export ANDROIDAPI=14
Examples taken from here. I recommend having a look.
I have to build the OpenSSL 1.0.1j libraries for Android, following the instructions at http://wiki.openssl.org/index.php/Android, on a Debian 7 system.
My configuration options are
./Configure dist -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine
The build fails due to the error
make[2]: *** No rule to make target `../../include/openssl/engine.h', needed by `rsa_lib.o'.
(Remark: Using linux-generic64 instead of dist made no difference)
Providing the option -no-rsa leads to complaints from dsa_lib.o. It
also does not make sense to disable RSA and DSA, does it?
I read the NEWS file, http://wiki.openssl.org/ and questions here on SO,
but could not find a solution.
Any suggestions?
Besides that: What is the actual meaning of -no-engine? According to my understanding,
ENGINE is the interface to the crypto algorithms of openssl. Why should it be possible to disable it at all?
Option -no-engine causes problems with OpenSSL build for Android ...
./Configure dist -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine
You can safely omit the no-engine option. The option was used to reduce the size of the binary.
What is the actual meaning of -no-engine? According to my understanding, ENGINE is...
That's a good point, and I can't answer it. But I can say I've used the procedures on the wiki page for a few years, and I know OpenSSL still works (compiles/links/runs) when the no-engine option is used.
Maybe something has changed for 1.0.1j. I did not upgrade (meaning I did not build 1.0.1j for Android and iOS) because I'm not interested in that Downgrade SCSV to accommodate the browsers and their broken-shit, insecure practices of retrying with SSLv3.
Using linux-generic64 instead of dist made no difference...
The cross-compile script (setenv-android.sh) sets the paths to the Android NDK tools AND it sets a few key environmental variables. Of them, CROSS_COMPILE are ANDROID_DEV are critical. From the tail of setenv-android.sh:
# For the Android toolchain
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_API="$_ANDROID_API"
# CROSS_COMPILE and ANDROID_DEV are DFW (Don't Fiddle With). Its used by OpenSSL build system.
# export CROSS_COMPILE="arm-linux-androideabi-"
export ANDROID_DEV="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr"
export HOSTCC=gcc
Configuration for Android is picked up through SYSTEM and ARCH. Once Android kicks in, CROSS_COMPILE and ANDROID_DEV are utilized.
Because of the environmental variables, all you need to do is configure no-ssl2 no-ssl3 ....
A symbolic link to engine.h is not created when building OpenSSL with no-engine. I just added
(cd include/openssl ; ln -s ../../crypto/engine/engine.h .)
to my build process.