diff options
author | Quentin Retornaz <gentoo@retornaz.com> | 2021-05-03 18:22:40 +0200 |
---|---|---|
committer | Quentin Retornaz <gentoo@retornaz.com> | 2021-05-03 18:22:40 +0200 |
commit | e2163d2ada041a93a694dd763ad0204854d19b25 (patch) | |
tree | 899119e4468c2b6063dc9b0be8bcfa4daf3e8c41 /app-crypt | |
parent | x11-misc/x11vnc: remove libressl USE flag (diff) | |
download | libressl-e2163d2ada041a93a694dd763ad0204854d19b25.tar.gz libressl-e2163d2ada041a93a694dd763ad0204854d19b25.tar.bz2 libressl-e2163d2ada041a93a694dd763ad0204854d19b25.zip |
app-crypt/sbsigntools: new package
Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo@retornaz.com>
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/sbsigntools/Manifest | 2 | ||||
-rw-r--r-- | app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch | 152 | ||||
-rw-r--r-- | app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch | 161 | ||||
-rw-r--r-- | app-crypt/sbsigntools/metadata.xml | 10 | ||||
-rw-r--r-- | app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild | 48 |
5 files changed, 373 insertions, 0 deletions
diff --git a/app-crypt/sbsigntools/Manifest b/app-crypt/sbsigntools/Manifest new file mode 100644 index 0000000..564b3aa --- /dev/null +++ b/app-crypt/sbsigntools/Manifest @@ -0,0 +1,2 @@ +DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09 +DIST sbsigntools-0.9.2.tar.gz 56525 BLAKE2B 0bce1f534aa960672eab6a415e287b79ff9f18eb947e2217ad4533081f8b854e160b57828afbb56423b2dcab723d3a8aacb2e6affeb2057d17ce3c1761d96b11 SHA512 060753ed9c8db794e4755cc66c1940a2ccc89f4ddf0e825da1f1e6eaa75fc67c21060ee4b5dfb0c757b69e6f5959bfa68156d9f95a945cf63c6a20f1414a2c27 diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch new file mode 100644 index 0000000..2f9364f --- /dev/null +++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch @@ -0,0 +1,152 @@ +diff --git a/src/fileio.c b/src/fileio.c +index 032eb1e..09bc3aa 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -40,6 +40,7 @@ + #include <openssl/pem.h> + #include <openssl/err.h> + #include <openssl/engine.h> ++#include <openssl/ui.h> + + #include <ccan/talloc/talloc.h> + #include <ccan/read_write_all/read_write_all.h> +diff --git a/src/idc.c b/src/idc.c +index 236cefd..6d87bd4 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) + + /* extract the idc from the signed PKCS7 'other' data */ + str = p7->d.sign->contents->d.other->value.asn1_string; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + idcbuf = buf = ASN1_STRING_data(str); ++#else ++ idcbuf = buf = ASN1_STRING_get0_data(str); ++#endif + idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); + + /* If we were passed a BIO, write the idc data, minus type and length, +@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image) + } + + /* check hash against the one we calculated from the image */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + buf = ASN1_STRING_data(str); ++#else ++ buf = ASN1_STRING_get0_data(str); ++#endif + if (memcmp(buf, sha, sizeof(sha))) { + fprintf(stderr, "Hash doesn't match image\n"); + fprintf(stderr, " got: %s\n", sha256_str(buf)); +diff --git a/src/sbattach.c b/src/sbattach.c +index a0c01b8..e89a23e 100644 +--- a/src/sbattach.c ++++ b/src/sbattach.c +@@ -231,6 +231,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OPENSSL_config(NULL); +@@ -239,6 +240,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + image = image_load(image_filename); + if (!image) { +diff --git a/src/sbkeysync.c b/src/sbkeysync.c +index 7b17f40..419b1e7 100644 +--- a/src/sbkeysync.c ++++ b/src/sbkeysync.c +@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) + goto out; + + key->id_len = ASN1_STRING_length(serial); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); ++#else ++ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); ++#endif + + key->description = talloc_array(key, char, description_len); + X509_NAME_oneline(X509_get_subject_name(x509), +@@ -927,6 +931,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -936,6 +941,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + ctx->filesystem_keys = init_keyset(ctx); + ctx->firmware_keys = init_keyset(ctx); +diff --git a/src/sbsign.c b/src/sbsign.c +index ff1fdfd..78d8d64 100644 +--- a/src/sbsign.c ++++ b/src/sbsign.c +@@ -188,6 +188,7 @@ int main(int argc, char **argv) + + talloc_steal(ctx, ctx->image); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -197,6 +198,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + if (engine) + pkey = fileio_read_engine_key(engine, keyfilename); + else +diff --git a/src/sbvarsign.c b/src/sbvarsign.c +index 7dcbe51..9319c8b 100644 +--- a/src/sbvarsign.c ++++ b/src/sbvarsign.c +@@ -509,6 +509,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* initialise openssl */ + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -519,6 +520,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + /* set up the variable signing context */ + varname = argv[optind]; +diff --git a/src/sbverify.c b/src/sbverify.c +index 3920d91..d0b203a 100644 +--- a/src/sbverify.c ++++ b/src/sbverify.c +@@ -250,6 +250,7 @@ int main(int argc, char **argv) + verbose = false; + detached_sig_filename = NULL; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_digests(); + ERR_load_crypto_strings(); + OPENSSL_config(NULL); +@@ -258,6 +259,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + for (;;) { + int idx; diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch new file mode 100644 index 0000000..226f7fd --- /dev/null +++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch @@ -0,0 +1,161 @@ +diff --git a/src/fileio.c b/src/fileio.c +index 032eb1e..09bc3aa 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -40,6 +40,7 @@ + #include <openssl/pem.h> + #include <openssl/err.h> + #include <openssl/engine.h> ++#include <openssl/ui.h> + + #include <ccan/talloc/talloc.h> + #include <ccan/read_write_all/read_write_all.h> +diff --git a/src/idc.c b/src/idc.c +index 236cefd..18c670a 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) + + /* extract the idc from the signed PKCS7 'other' data */ + str = p7->d.sign->contents->d.other->value.asn1_string; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + idcbuf = buf = ASN1_STRING_data(str); ++#else ++ idcbuf = buf = ASN1_STRING_get0_data(str); ++#endif + idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); + + /* If we were passed a BIO, write the idc data, minus type and length, +@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image) + } + + /* check hash against the one we calculated from the image */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + buf = ASN1_STRING_data(str); ++#else ++ buf = ASN1_STRING_get0_data(str); ++#endif + if (memcmp(buf, sha, sizeof(sha))) { + fprintf(stderr, "Hash doesn't match image\n"); + fprintf(stderr, " got: %s\n", sha256_str(buf)); +diff --git a/src/sbattach.c b/src/sbattach.c +index a0c01b8..fe5a18e 100644 +--- a/src/sbattach.c ++++ b/src/sbattach.c +@@ -231,6 +231,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OPENSSL_config(NULL); +@@ -239,6 +240,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + image = image_load(image_filename); + if (!image) { +diff --git a/src/sbkeysync.c b/src/sbkeysync.c +index 7b17f40..753ca52 100644 +--- a/src/sbkeysync.c ++++ b/src/sbkeysync.c +@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) + goto out; + + key->id_len = ASN1_STRING_length(serial); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); ++#else ++ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); ++#endif + + key->description = talloc_array(key, char, description_len); + X509_NAME_oneline(X509_get_subject_name(x509), +@@ -927,6 +931,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -936,6 +941,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + ctx->filesystem_keys = init_keyset(ctx); + ctx->firmware_keys = init_keyset(ctx); +diff --git a/src/sbsign.c b/src/sbsign.c +index ff1fdfd..5754113 100644 +--- a/src/sbsign.c ++++ b/src/sbsign.c +@@ -188,6 +188,7 @@ int main(int argc, char **argv) + + talloc_steal(ctx, ctx->image); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -197,6 +198,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + if (engine) + pkey = fileio_read_engine_key(engine, keyfilename); + else +diff --git a/src/sbvarsign.c b/src/sbvarsign.c +index ebf625c..43a1a61 100644 +--- a/src/sbvarsign.c ++++ b/src/sbvarsign.c +@@ -509,6 +509,7 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* initialise openssl */ + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); +@@ -519,6 +520,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + /* set up the variable signing context */ + varname = argv[optind]; +diff --git a/src/sbverify.c b/src/sbverify.c +index 3920d91..3d9c0a1 100644 +--- a/src/sbverify.c ++++ b/src/sbverify.c +@@ -56,7 +56,7 @@ + #include <openssl/pem.h> + #include <openssl/x509v3.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_OBJECT_get0_X509(obj) ((obj)->data.x509) + #define X509_OBJECT_get_type(obj) ((obj)->type) + #define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert) +@@ -250,6 +250,7 @@ int main(int argc, char **argv) + verbose = false; + detached_sig_filename = NULL; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OpenSSL_add_all_digests(); + ERR_load_crypto_strings(); + OPENSSL_config(NULL); +@@ -258,6 +259,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); ++#endif + + for (;;) { + int idx; diff --git a/app-crypt/sbsigntools/metadata.xml b/app-crypt/sbsigntools/metadata.xml new file mode 100644 index 0000000..20001d6 --- /dev/null +++ b/app-crypt/sbsigntools/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>tamiko@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="launchpad">ubuntu</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild new file mode 100644 index 0000000..92c0ab7 --- /dev/null +++ b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +MY_PN="${PN::-1}" + +inherit autotools toolchain-funcs + +DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" +HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/" +SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz" + +LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" +SLOT="0" +KEYWORDS="amd64 ~arm64 x86" +IUSE="" + +RDEPEND=" + dev-libs/openssl:0= + sys-apps/util-linux" +DEPEND="${RDEPEND} + sys-apps/help2man + sys-boot/gnu-efi + sys-libs/binutils-libs + virtual/pkgconfig" + +src_prepare() { + eapply "${FILESDIR}"/"${P}"-libressl.patch + mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed" + rmdir "${WORKDIR}"/lib || die "rmdir failed" + + local iarch + case ${ARCH} in + amd64) iarch=x86_64 ;; + arm64) iarch=aarch64 ;; + ia64) iarch=ia64 ;; + x86) iarch=ia32 ;; + *) die "unsupported architecture: ${ARCH}" ;; + esac + sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die + sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die + sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 + + default + eautoreconf +} |